DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_26 Run by Ilex at 17:23:59 on 2013-02-07 Microsoft Windows 7 Home Premium 6.1.7600.0.1250.48.1045.18.8169.6851 [GMT 1:00] . AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Ashampoo Anti-Malware *Disabled/Outdated* {1586225C-B0F7-7A3E-FBB7-F15B3A4D2579} SP: Ashampoo Anti-Malware *Disabled/Outdated* {AEE7C3B8-96CD-75B0-C107-CA2941CA6FC4} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Opera\opera.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Page_URL = pl.v9.com/idg/idg_1330128150_405264 uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.google.com uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll mURLSearchHooks: SFT_Polska Toolbar: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files (x86)\SFT_Polska\prxtbSFT_.dll mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll uWinlogon: Shell = explorer.exe, "C:\Users\Ilex\AppData\Roaming\Microsoft\Windows\msshell.exe" mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove Folder Synchronization: {26DF16CE-4A8A-4A49-0CDA-7A3B44E52187} - BHO: SFT_Polska Toolbar: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files (x86)\SFT_Polska\prxtbSFT_.dll BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: SFT_Polska Toolbar: {5C5B9468-D672-4EB7-B52F-B5AFABF28C5B} - C:\Program Files (x86)\SFT_Polska\prxtbSFT_.dll TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll TB: SFT_Polska Toolbar: {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - C:\Program Files (x86)\SFT_Polska\prxtbSFT_.dll TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [espaces] C:\premiumsoft\PhotoFun\photofun.exe uRun: [Windows Database Service] C:\Users\Ilex\Network\wmpdb32.exe uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [AdobeBridge] uRunOnce: [Report] C:\AdwCleaner[S2].txt mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start StartupFolder: C:\Users\Ilex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\2YOURF~1.LNK - C:\Users\Ilex\AppData\Roaming\2YourFace\Updater.exe StartupFolder: C:\Users\Ilex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Program Files (x86)\Facebook Desktop\Facebook Desktop.exe StartupFolder: C:\Users\Ilex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe StartupFolder: C:\Users\Ilex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe StartupFolder: C:\Users\Ilex\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\runctf.lnk - C:\Windows\System32\rundll32.exe StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ESET-phase2.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:149 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 217.113.224.36 217.113.224.134 TCP: Interfaces\{C24681CD-A127-4D69-80D1-7D156983CC75} : DHCPNameServer = 217.113.224.36 217.113.224.134 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll SSODL: WebCheck - SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-Run: [Ashampoo Anti-Malware Guard] "C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_Guard.exe" x64-RunOnce: [GrpConv] grpconv -o x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - x64-SSODL: WebCheck - . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Ilex\AppData\Roaming\Mozilla\Firefox\Profiles\d8j7b02f.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npVividasPlayer.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll FF - plugin: C:\Users\Ilex\AppData\Roaming\Mozilla\Firefox\Profiles\d8j7b02f.default\extensions\player@vividas.com\plugins\npVividasPlayer.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-8-4 55856] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1207010.003\symds64.sys [2012-4-4 450680] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1207010.003\symefa64.sys [2012-4-4 912504] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-29 37720] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-10-8 83080] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-10-8 184968] S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-7-22 1151096] S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110803.030\IDSviA64.sys [2011-8-3 488056] S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1207010.003\ironx64.sys [2012-4-4 171128] S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1207010.003\symnets.sys [2012-4-4 386168] S2 AAMW_WSC_Service_Vista;Ashampoo Anti-Malware WSC Service;C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_WSC_Service_Vista.exe [2012-5-13 52616] S2 AAMWService;Ashampoo Anti-Malware Service;C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_Service.exe [2012-5-13 1313184] S2 Adobe Licensing Console;Adobe Licensing Console;C:\Windows\System32\msvfd32.exe --> C:\Windows\System32\msvfd32.exe [?] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-8-3 133800] S2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe [2012-4-4 130008] S2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-16 14112] S2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2013-1-14 1024384] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984] S2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-10-8 7329648] S2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-10-8 719216] S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [?] S3 AAMWRegFilter;AAMWRegFilter;C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_Regfilter64.sys [2012-5-13 18456] S3 ASW3Scan;ASW3Scan;C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Malware\AAMW_IFS64.sys [2012-5-13 21528] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-4 136824] S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2013-2-7 22704] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2010-3-19 1120752] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2011-10-8 18288] S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-4 1255736] . =============== Created Last 30 ================ . 2013-02-07 15:22:27 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys 2013-02-07 15:22:25 110080 ----a-r- C:\Users\Ilex\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\IconF7A21AF7.exe 2013-02-07 15:22:25 110080 ----a-r- C:\Users\Ilex\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\IconD7F16134.exe 2013-02-07 15:22:25 110080 ----a-r- C:\Users\Ilex\AppData\Roaming\Microsoft\Installer\{22B3AE66-7A37-4118-BADB-3680C15CA366}\Icon1226A4C5.exe 2013-02-07 15:22:25 -------- d-----w- C:\sh4ldr 2013-02-07 15:22:25 -------- d-----w- C:\Program Files\Enigma Software Group 2013-02-07 15:22:14 -------- d-----w- C:\Windows\22B3AE667A374118BADB3680C15CA366.TMP 2013-02-07 15:22:12 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2013-02-07 15:15:30 -------- d-----w- C:\Users\Ilex\AppData\Local\ElevatedDiagnostics 2013-02-07 15:01:56 78 ----a-w- C:\ProgramData\hgwDXZs.bat 2013-02-07 15:01:56 153 ----a-w- C:\ProgramData\hgwDXZs.reg 2013-01-31 21:53:32 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2 2013-01-31 21:48:08 -------- d-----w- C:\Users\Ilex\AppData\Roaming\TuneUp Software 2013-01-31 21:48:04 -------- d-----w- C:\ProgramData\TuneUp Software 2013-01-31 21:48:02 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-01-31 21:47:41 225280 ----a-w- C:\Windows\SysWow64\rewire.dll 2013-01-31 21:47:32 1554944 ----a-w- C:\Windows\SysWow64\vorbis.acm 2013-01-31 21:47:30 -------- d-----w- C:\Program Files (x86)\Outsim 2013-01-31 21:46:30 -------- d-----w- C:\Program Files (x86)\Image-Line 2013-01-31 21:45:59 818115 ----a-w- C:\Windows\SysWow64\msvfd32.exe 2013-01-25 02:31:09 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11378AA6-E07C-4575-9CFA-A6919745E731}\mpengine.dll 2013-01-24 23:41:31 -------- d-----w- C:\Users\Ilex\.thumbnails 2013-01-20 21:12:01 -------- d-----w- C:\Users\Ilex\AppData\Local\gegl-0.2 2013-01-20 21:12:01 -------- d-----w- C:\Users\Ilex\AppData\Local\fontconfig 2013-01-20 21:12:01 -------- d-----w- C:\Users\Ilex\.gimp-2.8 2013-01-20 21:11:24 -------- d-----w- C:\Program Files\GIMP 2 2013-01-11 22:09:51 -------- d-----w- C:\ProgramData\ALM . ==================== Find3M ==================== . 2013-01-21 18:12:40 37720 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-01-09 18:40:09 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 18:40:09 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe . ============= FINISH: 17:24:36,10 ===============