OTL logfile created on: 9/5/2013 1:38:22 PM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ingridka6\Desktop\napr 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2.30 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 59.82% Memory free 4.61 Gb Paging File | 3.37 Gb Available in Paging File | 73.18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 226.40 Gb Total Space | 2.23 Gb Free Space | 0.99% Space Free | Partition Type: NTFS Drive D: | 3.97 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS Drive H: | 58.59 Gb Total Space | 48.17 Gb Free Space | 82.21% Space Free | Partition Type: NTFS Computer Name: INGRIDKA66 | User Name: ingridka6 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2013/06/21 08:39:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ingridka6\Desktop\napr\OTL.exe PRC - [2013/06/18 21:19:30 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\blueconnect\DataCardMonitor.exe PRC - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010/03/18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/06/23 16:43:40 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\ingridka6\AppData\Roaming\blueconnect\ouc.exe PRC - [2007/12/03 14:03:36 | 000,132,416 | ---- | M] (H+H Software GmbH) -- C:\Program Files (x86)\Virtual CD v9\System\vc9secs.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/08/22 11:19:31 | 000,187,888 | ---- | M] () -- C:\Users\ingridka6\AppData\Roaming\BabSolution\Shared\enhancedNT.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:[b]64bit:[/b] - [2010/06/11 23:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:[b]64bit:[/b] - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013/06/28 14:02:04 | 002,470,736 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012/06/11 12:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2012/05/03 15:02:29 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/11/29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/07/13 13:59:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/06/25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010/03/18 06:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/03/18 06:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/12/03 14:03:36 | 000,132,416 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Virtual CD v9\System\vc9secs.exe -- (VC9SecS) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:[b]64bit:[/b] - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:[b]64bit:[/b] - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:[b]64bit:[/b] - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:[b]64bit:[/b] - [2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:[b]64bit:[/b] - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:[b]64bit:[/b] - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:[b]64bit:[/b] - [2013/01/25 22:44:20 | 000,058,360 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\networx.sys -- (networx) DRV:[b]64bit:[/b] - [2012/06/11 12:33:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:[b]64bit:[/b] - [2012/06/09 21:44:37 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:[b]64bit:[/b] - [2012/01/10 14:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2011/11/29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2011/08/23 05:12:58 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b]64bit:[/b] - [2010/07/09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:[b]64bit:[/b] - [2010/06/25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:[b]64bit:[/b] - [2010/06/17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:[b]64bit:[/b] - [2010/05/15 14:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:[b]64bit:[/b] - [2010/04/20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:[b]64bit:[/b] - [2010/04/13 12:15:04 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2010/02/27 01:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:[b]64bit:[/b] - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:[b]64bit:[/b] - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009/07/14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2009/06/22 20:01:14 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:[b]64bit:[/b] - [2009/06/22 19:38:32 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2009/06/22 19:26:38 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009/04/29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV:[b]64bit:[/b] - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2007/11/14 12:43:30 | 000,128,528 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vdrv9000.sys -- (vdrv9000) DRV:[b]64bit:[/b] - [2007/01/23 10:40:04 | 000,024,344 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HH9Help.sys -- (HH9Help.sys) DRV:[b]64bit:[/b] - [2007/01/23 09:20:34 | 000,040,216 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcd9bus.sys -- (vcd9bus) DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5742z&r=27361010x155l0494z1l5v47k21509 IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_5742z&r=27361010x155l0494z1l5v47k21509 IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=443618F46A0C91BB&affID=121284&tsp=4987 IE - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found IE - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=443618F46A0C91BB&affID=121284&tsp=4987 IE - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_plPL401PL401 IE - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\..\SearchScopes\{E97F0687-35E0-48F3-80F9-D0ABD1993AF7}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hsimp=yhs-affiliate_a&hspart=greentree&type=616163_yhs2tst&p={searchTerms} IE - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\ingridka6\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/08/27 23:30:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\ingridka6\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013/08/27 23:30:53 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis02@SpeedAnalysis.com: C:\Users\ingridka6\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/08/27 23:30:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\7go@7go.com: C:\Users\ingridka6\AppData\Roaming\Mozilla\Extensions\7go@7go.com [2013/08/27 23:30:53 | 000,000,000 | ---D | M] [2013/08/27 23:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ingridka6\AppData\Roaming\mozilla\Extensions [2013/08/27 23:30:53 | 000,000,000 | ---D | M] (7Go Games) -- C:\Users\ingridka6\AppData\Roaming\mozilla\Extensions\7go@7go.com [2013/08/27 23:30:49 | 000,000,000 | ---D | M] (Speed Analysis 2) -- C:\Users\ingridka6\AppData\Roaming\mozilla\Extensions\speedanalysis02@SpeedAnalysis.com [2013/02/12 17:54:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www2.delta-search.com/?babsrc=HP_ss&mntrId=443618F46A0C91BB&affID=121284&tsp=4987 CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll CHR - Extension: AdBlock = C:\Users\ingridka6\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.64_0\ CHR - Extension: No name found = C:\Users\ingridka6\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi\1.0.0.2\ O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (7Go Games) - {FF103732-4528-4322-AA8B-F7849AB7776B} - C:\Program Files (x86)\7Go Games\ScriptHost64.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O2 - BHO: (7Go Games) - {FF103732-4528-4322-AA8B-F7849AB7776B} - C:\Program Files (x86)\7Go Games\ScriptHost.dll (7go.com) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found. O3 - HKU\S-1-5-21-4233341717-3268410947-31571520-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe File not found O4:[b]64bit:[/b] - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\blueconnect\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-4233341717-3268410947-31571520-1000..\Run: [HW_OPENEYE_OUC_blueconnect] C:\Program Files (x86)\blueconnect\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKU\S-1-5-21-4233341717-3268410947-31571520-1000..\Run: [NTRedirect] C:\Users\ingridka6\AppData\Roaming\BabSolution\Shared\enhancedNT.dll () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.159.1 194.204.152.34 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E39C20A-D821-4328-9224-AA471149A797}: DhcpNameServer = 194.204.159.1 194.204.152.34 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1f5c7eb2-e12f-11df-9159-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{1f5c7eb2-e12f-11df-9159-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{283023a4-bde3-11e0-a1e5-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{283023a4-bde3-11e0-a1e5-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{28302447-bde3-11e0-a1e5-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{28302447-bde3-11e0-a1e5-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{28302464-bde3-11e0-a1e5-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{28302464-bde3-11e0-a1e5-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{2830246e-bde3-11e0-a1e5-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{2830246e-bde3-11e0-a1e5-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{493de9f2-ab5b-11e2-bb77-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{493de9f2-ab5b-11e2-bb77-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{52b442d9-c91b-11e0-9033-001e101fe5e1}\Shell - "" = AutoRun O33 - MountPoints2\{52b442d9-c91b-11e0-9033-001e101fe5e1}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{5a9c2f00-d84b-11e2-8828-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{5a9c2f00-d84b-11e2-8828-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{5a9c2f10-d84b-11e2-8828-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{5a9c2f10-d84b-11e2-8828-88ae1da36215}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{5a9c31d6-d84b-11e2-8828-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{5a9c31d6-d84b-11e2-8828-88ae1da36215}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{62e4f64e-856c-11e1-9178-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{62e4f64e-856c-11e1-9178-88ae1da36215}\Shell\AutoRun\command - "" = J:\DTLplus_Launcher.exe O33 - MountPoints2\{6676f1ac-b01c-11e2-beb2-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{6676f1ac-b01c-11e2-beb2-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{6676f1d4-b01c-11e2-beb2-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{6676f1d4-b01c-11e2-beb2-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{83d52aa9-b19c-11e2-a8b6-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{83d52aa9-b19c-11e2-a8b6-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{83d52ac0-b19c-11e2-a8b6-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{83d52ac0-b19c-11e2-a8b6-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{84ad198a-b8bb-11e2-8424-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{84ad198a-b8bb-11e2-8424-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{876bd63f-e69f-11df-b7fa-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{876bd63f-e69f-11df-b7fa-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{8b492689-a475-11e2-a6e4-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{8b492689-a475-11e2-a6e4-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{8b49269d-a475-11e2-a6e4-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{8b49269d-a475-11e2-a6e4-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{8b4926aa-a475-11e2-a6e4-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{8b4926aa-a475-11e2-a6e4-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{8b4926b8-a475-11e2-a6e4-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{8b4926b8-a475-11e2-a6e4-88ae1da36215}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{97326c8c-a9d0-11e2-b71c-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{97326c8c-a9d0-11e2-b71c-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{a524112c-b0df-11e2-a4c2-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{a524112c-b0df-11e2-a4c2-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{a5241138-b0df-11e2-a4c2-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{a5241138-b0df-11e2-a4c2-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{a5241146-b0df-11e2-a4c2-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{a5241146-b0df-11e2-a4c2-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{a5241159-b0df-11e2-a4c2-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{a5241159-b0df-11e2-a4c2-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{b8e69cda-d882-11e0-a16a-18f46a0c91bb}\Shell - "" = AutoRun O33 - MountPoints2\{b8e69cda-d882-11e0-a16a-18f46a0c91bb}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{b919257e-d86b-11e0-ab5c-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{b919257e-d86b-11e0-ab5c-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{be9e038b-d886-11df-b41d-18f46a0c91bb}\Shell - "" = AutoRun O33 - MountPoints2\{be9e038b-d886-11df-b41d-18f46a0c91bb}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{be9e03bc-d886-11df-b41d-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{be9e03bc-d886-11df-b41d-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{c4d7f94a-d892-11e0-bc41-18f46a0c91bb}\Shell - "" = AutoRun O33 - MountPoints2\{c4d7f94a-d892-11e0-bc41-18f46a0c91bb}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{c75b232e-b885-11e2-b9e2-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{c75b232e-b885-11e2-b9e2-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{d0e91864-e74a-11e0-bc0a-18f46a0c91bb}\Shell - "" = AutoRun O33 - MountPoints2\{d0e91864-e74a-11e0-bc0a-18f46a0c91bb}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{e61ac3c6-b0e1-11e2-bec5-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{e61ac3c6-b0e1-11e2-bec5-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{ea77eb75-a41b-11e2-bac0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ea77eb75-a41b-11e2-bac0-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{ea77ebc5-a41b-11e2-bac0-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{ea77ebc5-a41b-11e2-bac0-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{f3935570-df9f-11e0-b433-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{f3935570-df9f-11e0-b433-88ae1da36215}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{ff2142b7-db3a-11e2-9069-88ae1da36215}\Shell - "" = AutoRun O33 - MountPoints2\{ff2142b7-db3a-11e2-9069-88ae1da36215}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\S3\Autorun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/08/27 23:30:48 | 000,000,000 | ---D | C] -- C:\Users\ingridka6\AppData\Roaming\SpeedAnalysis2 [2013/08/27 23:30:48 | 000,000,000 | ---D | C] -- C:\Users\ingridka6\AppData\Roaming\BabSolution [2013/08/27 23:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter [2013/08/27 23:30:39 | 000,000,000 | ---D | C] -- C:\Users\ingridka6\AppData\Roaming\PerformerSoft [2013/08/27 23:30:35 | 000,019,456 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2013/08/27 23:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService [2013/08/27 23:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2013/08/27 23:30:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7Go Games [2013/08/27 23:30:30 | 000,000,000 | ---D | C] -- C:\Users\ingridka6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter [2013/08/27 23:30:30 | 000,000,000 | ---D | C] -- C:\Users\ingridka6\AppData\Roaming\Babylon [2013/08/27 23:30:29 | 000,000,000 | ---D | C] -- C:\Users\ingridka6\AppData\Roaming\SeeSimilar02 [2013/08/27 23:30:28 | 000,000,000 | ---D | C] -- C:\Users\ingridka6\AppData\Roaming\File Scout [2013/08/27 23:30:28 | 000,000,000 | ---D | C] -- C:\Users\ingridka6\AppData\Roaming\7go [2013/08/27 10:44:27 | 000,000,000 | ---D | C] -- C:\Users\ingridka6\Desktop\nowe [2013/08/26 19:03:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin [2013/08/26 19:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft [2013/08/25 11:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013/08/25 11:50:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013/08/18 11:32:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/08/17 09:52:10 | 000,000,000 | -HSD | C] -- C:\found.001 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/09/05 13:41:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/09/05 13:41:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/09/05 13:37:19 | 001,676,974 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/09/05 13:37:19 | 000,743,280 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013/09/05 13:37:19 | 000,656,628 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/09/05 13:37:19 | 000,156,730 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013/09/05 13:37:19 | 000,122,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/09/05 13:35:37 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/09/05 13:35:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/09/05 12:56:02 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/09/05 12:56:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job [2013/09/05 12:55:50 | 1854,963,712 | -HS- | M] () -- C:\hiberfil.sys [2013/09/04 22:52:04 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/08/30 10:11:24 | 000,032,352 | ---- | M] () -- C:\Users\ingridka6\Desktop\30 sierpień 2013.pdf [2013/08/24 11:37:54 | 000,000,132 | ---- | M] () -- C:\Users\ingridka6\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG [2013/08/14 11:48:23 | 000,000,045 | ---- | M] () -- C:\Windows\3D Text Factory.INI [2013/08/14 11:45:54 | 000,000,010 | R--- | M] () -- C:\Windows\ABC3D.SN [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/09/03 21:24:13 | 000,032,352 | ---- | C] () -- C:\Users\ingridka6\Desktop\30 sierpień 2013.pdf [2013/08/26 19:12:55 | 000,688,636 | ---- | C] () -- C:\Users\ingridka6\Desktop\Mc_SP_1.6.exe [2013/08/14 11:46:29 | 000,000,045 | ---- | C] () -- C:\Windows\3D Text Factory.INI [2013/08/14 11:45:54 | 000,000,010 | R--- | C] () -- C:\Windows\ABC3D.SN [2013/07/10 21:30:25 | 000,000,841 | ---- | C] () -- C:\Users\ingridka6\.recently-used.xbel [2013/02/01 10:50:15 | 000,000,132 | ---- | C] () -- C:\Users\ingridka6\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG [2013/01/20 16:36:37 | 000,000,017 | ---- | C] () -- C:\Users\ingridka6\AppData\Local\resmon.resmoncfg [2012/06/22 17:46:52 | 000,000,123 | ---- | C] () -- C:\Windows\disney.ini [2012/06/07 18:12:39 | 000,974,848 | R--- | C] () -- C:\Windows\SysWow64\vorbis.dll [2012/06/07 18:12:39 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\ogg.dll [2012/06/07 18:12:39 | 000,028,672 | R--- | C] () -- C:\Windows\SysWow64\vorbisfile.dll [2012/01/11 18:58:26 | 000,000,483 | ---- | C] () -- C:\Users\ingridka6\AppData\Roaming\qnapi.ini [2012/01/10 14:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2012/01/10 14:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2012/01/10 14:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2012/01/10 13:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2011/11/19 23:40:42 | 000,004,096 | -H-- | C] () -- C:\Users\ingridka6\AppData\Local\keyfile3.drm [2011/11/14 17:21:04 | 001,649,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/20 14:57:29 | 000,001,087 | ---- | C] () -- C:\Program Files (x86)\MoorHuhnKartThunder.lnk [2011/02/28 15:45:24 | 000,005,632 | ---- | C] () -- C:\Users\ingridka6\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/10/15 22:01:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/07/13 13:45:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 16:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 16:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012/11/13 02:26:15 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2012/11/13 02:26:15 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013/01/05 12:23:27 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\AVG2013 [2011/09/20 15:58:50 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\blueconnect [2011/10/12 19:24:47 | 000,000,000 | ---D | M] -- C:\Users\Gość\AppData\Roaming\Opera [2013/09/03 23:26:38 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\.minecraft [2013/08/27 23:31:00 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\7go [2013/02/18 14:29:03 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Any Video Converter [2012/01/17 13:58:15 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Artisteer [2013/03/11 23:16:57 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Audacity [2012/11/03 21:40:28 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\AVG2013 [2011/12/17 19:06:27 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\avidemux [2013/08/27 23:30:49 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\BabSolution [2013/08/27 23:30:30 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Babylon [2013/07/11 20:31:22 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\blueconnect [2011/01/06 23:11:37 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Bump Technologies, Inc [2013/01/29 20:37:36 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Dev-Cpp [2011/01/06 23:06:03 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Dexpot [2013/02/18 14:24:18 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\DVDVideoSoft [2012/04/28 17:19:38 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Easeware [2013/08/27 23:30:29 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\File Scout [2013/08/26 10:51:55 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\FileZilla [2010/10/16 14:42:00 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Gadu-Gadu [2013/01/25 14:35:15 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Gadu-Gadu 10 [2013/07/27 22:52:54 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\GHISLER [2012/01/14 00:26:56 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\gtk-2.0 [2012/11/21 23:30:07 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Liteon [2011/05/20 14:43:30 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Montezuma [2013/02/15 18:12:54 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\n-Track Drums [2013/02/15 18:12:55 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\n-Track Software Data [2013/02/15 18:13:10 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\n-Track Studio 7 [2013/01/07 19:25:35 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Nokia [2012/07/16 16:10:52 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Notepad++ [2013/07/02 22:27:16 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Nowe Gadu-Gadu [2010/10/22 16:55:03 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\OpenFM [2010/10/15 23:10:07 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Opera [2012/09/01 22:16:29 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Origin [2013/01/07 19:25:27 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\PC Suite [2013/08/28 01:55:47 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\PerformerSoft [2013/03/10 21:03:01 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\PhotoScape [2011/04/03 21:58:24 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\PlayFirst [2013/08/27 23:30:29 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\SeeSimilar02 [2012/06/24 20:56:26 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Sony [2013/08/27 23:30:54 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\SpeedAnalysis2 [2013/05/04 17:04:42 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Thinstall [2012/11/03 21:38:32 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\TuneUp Software [2012/01/11 18:35:18 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Video DVD Maker FREE [2013/02/05 18:23:12 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Windows Live Writer [2012/08/06 09:39:35 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Wireshark [2012/09/07 16:19:41 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Youtube Downloader HD [2011/06/09 15:57:55 | 000,000,000 | ---D | M] -- C:\Users\ingridka6\AppData\Roaming\Zen Puzzle Garden [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96 @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885 < End of report >