OTL logfile created on: 2012-08-01 12:44:19 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\buh\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
2,99 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 84,05% Memory free
6,18 Gb Paging File | 5,92 Gb Available in Paging File | 95,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 84,09 Gb Free Space | 36,11% Space Free | Partition Type: NTFS
Drive D: | 1,86 Gb Total Space | 1,42 Gb Free Space | 76,21% Space Free | Partition Type: FAT32
Drive E: | 231,42 Gb Total Space | 46,43 Gb Free Space | 20,06% Space Free | Partition Type: NTFS
 
Computer Name: BUH-PC | User Name: buh | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012-08-01 12:29:52 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\buh\Desktop\OTL.exe
PRC - [2009-04-10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006-10-25 10:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) -- C:\Windows\System32\EXPLORER.EXE
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2012-07-27 13:14:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-20 08:41:35 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-01-03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011-09-28 11:24:22 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\PLAY ONLINE\UpdateDog\ouc.exe -- (PLAY ONLINE. RunOuc)
SRV - [2011-04-09 11:26:01 | 000,038,912 | ---- | M] (Galumua Software) [Auto | Stopped] -- C:\Users\buh\AppData\Local\Temp\DAT6779.tmp.exe -- (xiefrcrtfa)
SRV - [2011-04-01 18:41:44 | 000,152,496 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2011-03-14 17:27:28 | 000,271,712 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2009-04-07 14:11:58 | 000,241,664 | ---- | M] () [Auto | Stopped] -- C:\Program Files\blueconnect\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008-09-05 20:21:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008-08-26 16:26:44 | 000,099,720 | ---- | M] (Toshiba Europe GmbH) [Auto | Stopped] -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe -- (TempoMonitoringService)
SRV - [2008-08-25 09:58:20 | 000,077,824 | ---- | M] (Toshiba) [On_Demand | Stopped] -- C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008-08-19 21:34:32 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008-08-19 00:22:02 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008-07-15 17:16:58 | 000,106,496 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2008-01-21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-11-21 19:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2006-10-05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006-08-23 17:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\TpChoice.sys -- (TpChoice)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [File_System | Auto | Stopped] -- system32\DRIVERS\eamonm.sys -- (eamonm)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a10ar4a6)
DRV - [2011-09-28 11:24:25 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011-09-28 11:24:25 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011-09-28 11:24:25 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011-09-28 11:24:25 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011-08-05 11:21:52 | 000,236,728 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2011-07-12 20:07:40 | 000,016,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2011-01-27 16:26:16 | 000,056,888 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2010-11-29 12:47:00 | 000,070,448 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2010-11-11 11:26:00 | 000,042,672 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2010-08-30 11:48:00 | 000,080,064 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2009-08-05 13:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2009-07-24 12:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2009-06-17 12:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2009-05-25 11:10:39 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009-04-10 21:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009-03-25 11:06:30 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009-03-25 11:06:28 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009-03-25 11:06:28 | 000,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009-03-25 11:06:28 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009-03-25 11:05:54 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009-01-12 09:12:56 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009-01-05 09:59:54 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009-01-05 09:59:54 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009-01-04 17:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009-01-04 17:29:50 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008-10-29 16:35:32 | 000,007,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008-09-17 06:01:02 | 003,930,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008-09-09 12:58:32 | 000,099,216 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008-08-19 21:01:44 | 000,279,376 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2008-08-06 16:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-07-15 19:59:06 | 000,017,960 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2008-05-07 12:30:12 | 000,025,896 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)
DRV - [2008-04-28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008-02-07 00:23:46 | 000,166,448 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007-12-14 12:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007-11-09 14:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007-05-22 11:04:54 | 000,018,088 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2007-04-24 12:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt)
DRV - [2007-04-24 12:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007-04-24 12:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007-04-24 12:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007-04-24 12:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus)
DRV - [2006-11-28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006-03-13 16:50:08 | 000,085,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w300obex.sys -- (w300obex)
DRV - [2006-03-13 16:50:06 | 000,087,824 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w300mgmt.sys -- (w300mgmt)
DRV - [2006-03-13 16:49:54 | 000,060,800 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w300bus.sys -- (w300bus)
DRV - [2004-08-09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004-08-09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004-07-19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003-12-01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=2&cf=84827e0f-2367-11e1-8e8a-00037a9fcf25
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {861C8A5B-C7CB-4097-B096-2CB5829BD0D6}
IE - HKLM\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=84827e0f-2367-11e1-8e8a-00037a9fcf25&q={searchTerms}
IE - HKLM\..\SearchScopes\{861C8A5B-C7CB-4097-B096-2CB5829BD0D6}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {861C8A5B-C7CB-4097-B096-2CB5829BD0D6}
IE - HKU\.DEFAULT\..\SearchScopes\{861C8A5B-C7CB-4097-B096-2CB5829BD0D6}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {861C8A5B-C7CB-4097-B096-2CB5829BD0D6}
IE - HKU\S-1-5-18\..\SearchScopes\{861C8A5B-C7CB-4097-B096-2CB5829BD0D6}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA;
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=2&cf=84827e0f-2367-11e1-8e8a-00037a9fcf25
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\..\SearchScopes,DefaultScope = {861C8A5B-C7CB-4097-B096-2CB5829BD0D6}
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=84827e0f-2367-11e1-8e8a-00037a9fcf25&q={searchTerms}
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\..\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3}: "URL" = http://search.burn4free-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\..\SearchScopes\{6FC0D388-EC6D-4DB4-BC6E-53C39D487746}: "URL" = http://flvdirect.iamwired.net/websearch.php?src=tops&search={SearchTerms}
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\..\SearchScopes\{861C8A5B-C7CB-4097-B096-2CB5829BD0D6}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEA_pl
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\..\SearchScopes\{E5A3C2E1-03B7-4F04-A576-890F3E727EFE}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=PV&apn_dtid=YYYYYYYYPL&apn_uid=4F5C33E4-D42E-4C25-A423-F5B1EEA11A71&apn_sauid=49FEA6BA-17A8-47E5-8A9D-7E97645FD016
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-681558959-719117596-3243824261-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://flvdirect.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.pl/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {c6cc2217-f10d-a8ac-9538-b42a49eb436f}:4.6.6.8
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.4
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..extensions.enabledItems: zigboom@ymail.com:1.2.4
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.5
FF - prefs.js..extensions.enabledItems: {421d78a0-6f2e-11de-867e-0002a5d5c51b}:1.02
FF - prefs.js..extensions.enabledItems: bloodfire@example.com:3.6
FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.2.4
FF - prefs.js..extensions.enabledItems: {20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}:3.13
FF - prefs.js..keyword.URL: "http://startsear.ch/?aff=2&src=sp&cf=84827e0f-2367-11e1-8e8a-00037a9fcf25&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\~programy\tvuplayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\~programy\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\~programy\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\buh\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\blueconnect\addon [2010-06-20 14:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\~programy\components [2012-07-20 08:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\~programy\plugins [2012-04-12 17:13:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2009-05-24 23:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\buh\AppData\Roaming\mozilla\Extensions
[2012-07-31 00:39:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\buh\AppData\Roaming\mozilla\Firefox\Profiles\cs348hsk.default\extensions
[2012-07-31 00:39:38 | 000,000,000 | ---D | M] (Alabama Crimson Tide) -- C:\Users\buh\AppData\Roaming\mozilla\Firefox\Profiles\cs348hsk.default\extensions\{421d78a0-6f2e-11de-867e-0002a5d5c51b}
[2010-12-03 17:24:44 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\buh\AppData\Roaming\mozilla\Firefox\Profiles\cs348hsk.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2012-04-01 21:17:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\buh\AppData\Roaming\mozilla\Firefox\Profiles\cs348hsk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-07-16 12:50:45 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\buh\AppData\Roaming\mozilla\Firefox\Profiles\cs348hsk.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010-12-03 17:26:55 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\buh\AppData\Roaming\mozilla\Firefox\Profiles\cs348hsk.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2010-12-03 17:31:30 | 000,000,000 | ---D | M] (BloodFire 3) -- C:\Users\buh\AppData\Roaming\mozilla\Firefox\Profiles\cs348hsk.default\extensions\bloodfire@example.com
[2010-12-03 17:27:55 | 000,000,000 | ---D | M] (Chromifox Basic) -- C:\Users\buh\AppData\Roaming\mozilla\Firefox\Profiles\cs348hsk.default\extensions\chromifox@altmusictv.com
[2012-06-21 12:49:03 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\buh\AppData\Roaming\mozilla\Firefox\Profiles\cs348hsk.default\extensions\djziggy@gmail.com
[2010-12-18 20:56:10 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\buh\AppData\Roaming\mozilla\Firefox\Profiles\cs348hsk.default\extensions\firefox@tvunetworks.com
[2012-06-21 12:49:04 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\buh\AppData\Roaming\mozilla\Firefox\Profiles\cs348hsk.default\extensions\info@djzig.com
[2012-06-21 12:49:04 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\buh\AppData\Roaming\mozilla\Firefox\Profiles\cs348hsk.default\extensions\zigboom@ymail.com
[2011-04-10 17:42:07 | 000,002,568 | ---- | M] () -- C:\Users\buh\AppData\Roaming\Mozilla\Firefox\Profiles\cs348hsk.default\searchplugins\askcom.xml
[2010-05-08 08:53:48 | 000,000,903 | ---- | M] () -- C:\Users\buh\AppData\Roaming\Mozilla\Firefox\Profiles\cs348hsk.default\searchplugins\conduit.xml
[2010-05-08 15:31:37 | 000,000,266 | ---- | M] () -- C:\Users\buh\AppData\Roaming\Mozilla\Firefox\Profiles\cs348hsk.default\searchplugins\Search.xml
[2011-07-11 20:04:02 | 000,000,633 | ---- | M] () -- C:\Users\buh\AppData\Roaming\Mozilla\Firefox\Profiles\cs348hsk.default\searchplugins\startsear.xml
[2012-07-18 21:09:45 | 000,339,888 | ---- | M] () (No name found) -- C:\USERS\BUH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CS348HSK.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011-11-02 08:21:01 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\BUH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CS348HSK.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012-02-29 09:43:15 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\BUH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\CS348HSK.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\buh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: LiveVDO plugin = C:\Users\buh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbiamblgmkgbcgbcgejjgebalncpmhnp\1.3_0\
 
O1 HOSTS File: ([2010-01-06 19:29:42 | 000,000,720 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 	localhost
O1 - Hosts: ::1 	localhost
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Burn4Free Toolbar Helper) - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-681558959-719117596-3243824261-1000\..\Toolbar\WebBrowser: (Burn4Free Toolbar) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll ()
O3 - HKU\S-1-5-21-681558959-719117596-3243824261-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-681558959-719117596-3243824261-1000\..\Toolbar\WebBrowser: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKU\S-1-5-21-681558959-719117596-3243824261-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [cfFncEnabler.exe] cfFncEnabler.exe File not found
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\~programy\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [yrdiiyygjotonfk] C:\ProgramData\yrdiiyyg.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-681558959-719117596-3243824261-1000..\Run: [DAEMON Tools Lite] C:\~programy\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-681558959-719117596-3243824261-1000..\Run: [EXPLORER.EXE] C:\Windows\System32\EXPLORER.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-681558959-719117596-3243824261-1000..\Run: [Facebook Update] C:\Users\buh\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-681558959-719117596-3243824261-1000..\Run: [wsctf.exe] wsctf.exe File not found
O4 - HKU\S-1-5-21-681558959-719117596-3243824261-1000..\Run: [yrdiiyygjotonfk] C:\ProgramData\yrdiiyyg.exe ()
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-681558959-719117596-3243824261-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4 File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (MksSkanerOnline Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C870306-90BC-493B-8E05-83C7B647089C}: DhcpNameServer = 89.108.195.21 89.108.202.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AEF078B-1480-4F03-8E9B-026168B01917}: DhcpNameServer = 89.108.195.21 89.108.202.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64A1A08A-CF4E-497E-A538-628DE8BA9F17}: DhcpNameServer = 82.160.1.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4B9E44F-5B57-4E54-9E68-8A2C414AA499}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7CC414F-DC1B-49ED-A90E-08F83F720924}: DhcpNameServer = 89.108.202.20 89.108.195.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4B968E6-135D-4022-BEFD-04C3AF74D38F}: DhcpNameServer = 89.108.195.21 89.108.202.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAD9E66E-6965-4789-B671-1FA0DB7768A0}: DhcpNameServer = 89.108.202.20 89.108.195.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\System32\EXPLORER.EXE (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\Windows\System32\EXPLORER.EXE (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\buh\Pictures\IMG000002.jpg
O24 - Desktop BackupWallPaper: C:\Users\buh\Pictures\IMG000002.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012-08-01 12:35:04 | 000,000,165 | RHS- | M] () - D:\AutoRun.inf -- [ FAT32 ]
O33 - MountPoints2\{0f1e8d24-24eb-11e1-ab0d-00037a9fcf25}\Shell - "" = AutoRun
O33 - MountPoints2\{0f1e8d24-24eb-11e1-ab0d-00037a9fcf25}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{101f6016-490c-11de-8a4f-00235a05608e}\Shell - "" = AutoRun
O33 - MountPoints2\{101f6016-490c-11de-8a4f-00235a05608e}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{1e05f735-8d62-11de-8635-00235a05608e}\Shell - "" = AutoRun
O33 - MountPoints2\{1e05f735-8d62-11de-8635-00235a05608e}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{22c52564-6677-11de-80b3-00235a05608e}\Shell - "" = AutoRun
O33 - MountPoints2\{22c52564-6677-11de-80b3-00235a05608e}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{22c5257a-6677-11de-80b3-00235a05608e}\Shell - "" = AutoRun
O33 - MountPoints2\{22c5257a-6677-11de-80b3-00235a05608e}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{4810fc52-f66c-11e0-b789-001e101f859f}\Shell - "" = AutoRun
O33 - MountPoints2\{4810fc52-f66c-11e0-b789-001e101f859f}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{5e2f90b7-0610-11e1-92f5-001e101f4e71}\Shell - "" = AutoRun
O33 - MountPoints2\{5e2f90b7-0610-11e1-92f5-001e101f4e71}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a619c04c-e999-11e0-9f4b-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{a619c04c-e999-11e0-9f4b-001e101f57d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a619c05a-e999-11e0-9f4b-001e101f82a7}\Shell - "" = AutoRun
O33 - MountPoints2\{a619c05a-e999-11e0-9f4b-001e101f82a7}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b2c08476-a8d9-11de-8f1f-00215d65349c}\Shell - "" = AutoRun
O33 - MountPoints2\{b2c08476-a8d9-11de-8f1f-00215d65349c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c6b949f6-850a-11e1-9ec8-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{c6b949f6-850a-11e1-9ec8-001e101f1f81}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c9fc75ed-7c63-11df-852a-00215d65349c}\Shell - "" = AutoRun
O33 - MountPoints2\{c9fc75ed-7c63-11df-852a-00215d65349c}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012-08-01 12:29:51 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\buh\Desktop\OTL.exe
[2012-08-01 11:48:11 | 008,854,904 | ---- | C] (SurfRight B.V.) -- C:\Users\buh\Desktop\HitmanPro36_x64.exe
[2012-08-01 11:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\texqqlgojjmnybf
[2012-07-26 11:02:13 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2012-07-12 03:05:35 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012-07-11 13:31:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012-08-01 12:43:47 | 004,456,448 | -HS- | M] () -- C:\Users\buh\NTUSER.DAT
[2012-08-01 12:36:25 | 001,524,370 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012-08-01 12:36:25 | 000,680,982 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2012-08-01 12:36:25 | 000,604,372 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-08-01 12:36:25 | 000,135,664 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2012-08-01 12:36:25 | 000,107,704 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-08-01 12:29:52 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\buh\Desktop\OTL.exe
[2012-08-01 12:21:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-08-01 12:19:13 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-08-01 12:18:18 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-08-01 12:17:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-08-01 12:17:34 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-08-01 12:17:33 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012-08-01 12:17:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012-08-01 12:16:41 | 000,524,288 | -HS- | M] () -- C:\Users\buh\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012-08-01 12:16:41 | 000,065,536 | -HS- | M] () -- C:\Users\buh\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012-08-01 12:01:53 | 000,524,288 | -HS- | M] () -- C:\Users\buh\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2012-08-01 11:48:28 | 008,854,904 | ---- | M] (SurfRight B.V.) -- C:\Users\buh\Desktop\HitmanPro36_x64.exe
[2012-08-01 11:31:40 | 000,000,051 | ---- | M] () -- C:\ProgramData\awphjqetbwrotcn
[2012-08-01 11:31:30 | 000,061,440 | ---- | M] () -- C:\ProgramData\yrdiiyyg.exe
[2012-08-01 11:31:30 | 000,061,440 | ---- | M] () -- C:\Users\buh\0.048393077655586314.exe
[2012-08-01 11:13:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-08-01 10:06:53 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-681558959-719117596-3243824261-1000UA.job
[2012-08-01 10:06:50 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-681558959-719117596-3243824261-1000Core.job
[2012-08-01 01:36:52 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012-07-31 07:07:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012-07-27 13:14:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012-07-27 13:14:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012-07-26 11:51:39 | 000,063,861 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2012-07-26 11:51:00 | 000,043,520 | ---- | M] () -- C:\Windows\System32\CmdLineExt03.dll
[2012-07-26 11:50:13 | 000,021,840 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2012-07-26 11:50:13 | 000,017,212 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2012-07-26 11:50:13 | 000,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2012-07-26 10:59:26 | 000,000,648 | ---- | M] () -- C:\Users\buh\Desktop\Diablo II - Lord of Destruction.lnk
[2012-07-26 10:56:29 | 000,000,648 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2012-07-26 10:56:27 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2012-07-26 10:56:27 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2012-07-14 22:38:39 | 000,007,052 | ---- | M] () -- C:\Users\buh\AppData\Local\d3d9caps.dat
[2012-07-12 15:44:07 | 000,538,074 | ---- | M] () -- C:\Users\buh\Desktop\12072012950.jpg
[2012-07-12 15:43:14 | 000,592,901 | ---- | M] () -- C:\Users\buh\Desktop\12072012952.jpg
[2012-07-12 03:24:08 | 000,320,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-07-06 22:29:49 | 000,165,376 | ---- | M] () -- C:\Users\buh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012-08-01 11:31:39 | 000,061,440 | ---- | C] () -- C:\ProgramData\yrdiiyyg.exe
[2012-08-01 11:31:31 | 000,000,051 | ---- | C] () -- C:\ProgramData\awphjqetbwrotcn
[2012-08-01 11:31:30 | 000,061,440 | ---- | C] () -- C:\Users\buh\0.048393077655586314.exe
[2012-07-26 10:59:26 | 000,000,648 | ---- | C] () -- C:\Users\buh\Desktop\Diablo II - Lord of Destruction.lnk
[2012-07-26 10:56:29 | 000,000,648 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II.lnk
[2012-07-12 15:43:08 | 000,592,901 | ---- | C] () -- C:\Users\buh\Desktop\12072012952.jpg
[2012-07-12 15:42:28 | 000,538,074 | ---- | C] () -- C:\Users\buh\Desktop\12072012950.jpg
[2012-02-17 17:36:43 | 000,000,709 | ---- | C] () -- C:\Windows\Thps3.INI
[2012-01-12 23:03:14 | 000,000,022 | ---- | C] () -- C:\Windows\System32\syscopy.dll
[2012-01-12 22:50:53 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011-04-27 11:41:53 | 000,723,981 | ---- | C] () -- C:\Users\buh\AppData\Local\unins000.exe
[2011-04-27 11:41:53 | 000,005,476 | ---- | C] () -- C:\Users\buh\AppData\Local\unins000.dat
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011-02-09 18:17:12 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011-01-03 23:19:33 | 000,121,344 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2011-01-03 23:14:32 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011-01-03 23:14:32 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-01-03 23:14:31 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-01-03 23:14:31 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-01-03 23:14:31 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011-01-03 23:14:31 | 000,000,590 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009-10-14 18:55:39 | 000,000,091 | ---- | C] () -- C:\Users\buh\AppData\Local\fusioncache.dat
[2009-10-10 14:50:40 | 000,022,328 | ---- | C] () -- C:\Users\buh\AppData\Roaming\PnkBstrK.sys
[2009-08-29 06:55:59 | 000,007,052 | ---- | C] () -- C:\Users\buh\AppData\Local\d3d9caps.dat
[2009-08-29 06:55:58 | 000,000,552 | ---- | C] () -- C:\Users\buh\AppData\Local\d3d8caps.dat
[2009-07-28 11:17:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-05-24 23:28:51 | 000,165,376 | ---- | C] () -- C:\Users\buh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-05-24 23:01:59 | 000,083,288 | ---- | C] () -- C:\Users\buh\AppData\Local\GDIPFONTCACHEV1.DAT
[2009-05-24 23:01:39 | 004,456,448 | -HS- | C] () -- C:\Users\buh\NTUSER.DAT
[2009-05-24 23:01:39 | 000,524,288 | -HS- | C] () -- C:\Users\buh\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009-05-24 23:01:39 | 000,524,288 | -HS- | C] () -- C:\Users\buh\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009-05-24 23:01:39 | 000,065,536 | -HS- | C] () -- C:\Users\buh\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009-05-24 23:01:39 | 000,000,020 | -HS- | C] () -- C:\Users\buh\ntuser.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011-12-28 14:47:21 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\2K Sports
[2012-04-08 09:27:22 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\Azureus
[2009-06-13 08:20:11 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2009-05-25 11:26:21 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\DAEMON Tools Lite
[2011-04-27 12:05:17 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1
[2009-05-25 10:48:04 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\GHISLER
[2011-09-09 09:03:18 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\ipla
[2009-08-20 11:34:07 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\iPlus
[2009-10-01 23:25:51 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\Leadertech
[2010-11-05 10:21:48 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\Locktime
[2012-06-20 12:45:38 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\Might & Magic Heroes VI
[2009-07-14 00:45:38 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\Nowe Gadu-Gadu
[2010-06-20 14:05:56 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\Program Files
[2011-03-25 15:52:19 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\PunkBuster
[2009-06-02 19:02:23 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\Red Alert 3
[2012-06-11 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\Rovio
[2010-10-25 16:28:45 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\runic games
[2011-12-08 20:35:42 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\Sports Interactive
[2011-03-19 15:43:36 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\Teleca
[2012-05-29 19:20:29 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\Toshiba
[2011-10-09 20:06:56 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\TuneUpMedia
[2010-05-27 15:42:31 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\Ubisoft
[2012-08-01 11:34:12 | 000,000,000 | ---D | M] -- C:\Users\buh\AppData\Roaming\uTorrent
[2012-08-01 10:06:50 | 000,001,048 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-681558959-719117596-3243824261-1000Core.job
[2012-08-01 10:06:53 | 000,001,070 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-681558959-719117596-3243824261-1000UA.job
[2012-07-31 07:07:50 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >