OTL logfile created on: 2014-08-10 12:27:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17207) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,97 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 66,93% Memory free 5,93 Gb Paging File | 4,76 Gb Available in Paging File | 80,22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 78,03 Gb Total Space | 8,99 Gb Free Space | 11,52% Space Free | Partition Type: NTFS Drive D: | 154,76 Gb Total Space | 129,02 Gb Free Space | 83,37% Space Free | Partition Type: NTFS Computer Name: ASUSEK | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-08-10 12:26:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe PRC - [2014-08-10 12:03:00 | 003,473,920 | ---- | M] (Gemius) -- C:\Program Files\NetPanel\NetPanel.exe PRC - [2014-07-17 13:43:28 | 000,851,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe PRC - [2014-06-29 12:41:10 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014-02-13 16:44:22 | 001,214,240 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe PRC - [2014-01-14 14:50:06 | 000,881,952 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe PRC - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-03-19 21:49:53 | 000,485,632 | ---- | M] () -- C:\Program Files\ZTE MF823\ShowTip.exe PRC - [2013-03-19 21:49:53 | 000,417,536 | ---- | M] () -- C:\Program Files\ZTE MF823\CheckNDISPort_df.exe PRC - [2013-02-25 15:41:10 | 000,446,720 | ---- | M] () -- C:\Program Files\ZTE MF823\CancelAutoPlay_df.exe PRC - [2012-11-23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-11-20 14:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe PRC - [2010-10-27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010-03-18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2007-11-30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-06-29 12:41:11 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll MOD - [2014-02-13 16:44:22 | 001,214,240 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe MOD - [2013-03-19 21:49:53 | 000,485,632 | ---- | M] () -- C:\Program Files\ZTE MF823\ShowTip.exe MOD - [2013-03-19 21:49:53 | 000,417,536 | ---- | M] () -- C:\Program Files\ZTE MF823\CheckNDISPort_df.exe MOD - [2013-02-25 15:41:10 | 000,446,720 | ---- | M] () -- C:\Program Files\ZTE MF823\CancelAutoPlay_df.exe MOD - [2013-01-15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\madexcept_.bpl MOD - [2013-01-15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\maddisAsm_.bpl MOD - [2013-01-15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\madbasic_.bpl MOD - [2007-11-30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2014-07-17 22:47:27 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-07-17 13:43:29 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-06-29 12:41:10 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2014-06-19 01:23:24 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2014-04-03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014-01-14 14:50:06 | 000,881,952 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7) SRV - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-12-03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc) SRV - [2013-05-27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-03-01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2013-02-04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010-06-23 06:20:08 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-03-18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 03:15:33 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (TSP) DRV - File not found [Kernel | System | Stopped] -- -- (SuperMounter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\splitcam.sys -- (SPLITCAM) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbsmodem.sys -- (lgusbsmodem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (esgiguard) DRV - [2014-07-04 12:41:32 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP) DRV - [2014-06-29 12:41:14 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsnx.sys -- (aswSnx) DRV - [2014-06-29 12:41:14 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm) DRV - [2014-06-29 12:41:14 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr) DRV - [2014-06-29 12:41:14 | 000,071,944 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswstm.sys -- (aswStm) DRV - [2014-06-29 12:41:14 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2014-06-29 12:41:14 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt) DRV - [2014-06-29 12:41:14 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid) DRV - [2014-04-11 10:39:22 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2014-04-11 10:39:22 | 000,089,856 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2014-04-08 17:11:42 | 001,143,920 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2014-03-30 11:23:22 | 000,055,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E) DRV - [2013-12-24 10:40:32 | 000,018,624 | ---- | M] (IObit) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver) DRV - [2013-10-02 02:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2013-03-11 13:22:34 | 000,028,288 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\optovcm.sys -- (optovcm) DRV - [2013-03-11 13:22:34 | 000,022,016 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\optousb.sys -- (optousb) DRV - [2013-03-01 03:48:42 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2013-01-25 06:48:10 | 000,014,936 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBDrv.sys -- (usbUDisc) DRV - [2013-01-18 22:51:16 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2013-01-18 22:51:16 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012-08-23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2011-06-27 02:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011-01-19 18:47:12 | 000,022,504 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2010-11-20 12:06:36 | 000,117,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2009-08-04 11:28:18 | 000,011,296 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2009-07-17 17:51:38 | 001,759,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) DRV - [2009-07-14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009-07-06 11:48:02 | 000,011,448 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO) DRV - [2008-05-16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008-05-16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008-05-16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008-05-16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008-05-16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008-05-16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008-05-16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) DRV - [2008-01-09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri) DRV - [2007-07-31 03:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor) DRV - [2003-06-23 02:00:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {8251B09E-659E-471D-81B9-E127EADE787B} IE - HKCU\..\SearchScopes\{8251B09E-659E-471D-81B9-E127EADE787B}: "URL" = https://www.google.com/search?q={searchTerms} IE - HKCU\..\SearchScopes\{925BB9EE-43D3-4D9F-A0B4-4B2F7A1B1052}: "URL" = https://www.google.com/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.order.1: "Google" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0 FF - prefs.js..extensions.enabledAddons: gemgecko%40gemius.com:30.0.0.0 FF - prefs.js..extensions.enabledAddons: f80af4ec-42b9-429d-99b0-4078ec7cf864%4044882d20-8865-4b13-b79e-ae8470d9a955.com:0.95.60 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0 FF - prefs.js..keyword.URL: "https://www.google.com/search" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-31 10:15:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014-07-17 22:47:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014-07-17 22:47:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 10\components [2014-07-17 22:43:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b11\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 10\plugins [2014-05-20 11:28:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\gemgecko@gemius.com: C:\Program Files\NetPanel\gemgecko_ext\ [2014-08-07 18:49:01 | 000,000,000 | ---D | M] [2012-09-10 22:28:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2014-07-30 09:46:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\3cr9em20.default\extensions [2014-03-30 10:09:02 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\3cr9em20.default\extensions\ascsurfingprotection@iobit.com [2014-02-28 23:22:18 | 000,008,021 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\3cr9em20.default\extensions\firefox@myfindright.com.xpi [2014-03-24 15:58:04 | 000,619,291 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\3cr9em20.default\extensions\testpilot@labs.mozilla.com.xpi [2013-11-19 09:49:28 | 000,001,138 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\3cr9em20.default\searchplugins\freeonlineradioplayerrecorder-v1-customized-web-search.xml [2014-07-17 22:47:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014-07-17 22:47:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF [2014-08-07 18:49:01 | 000,000,000 | ---D | M] (Badanie Megapanel PBI/Gemius) -- C:\PROGRAM FILES\NETPANEL\GEMGECKO_EXT File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3CR9EM20.DEFAULT\EXTENSIONS\F80AF4EC-42B9-429D-99B0-4078EC7CF864@44882D20-8865-4B13-B79E-AE8470D9A955.COM [2012-03-13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: webssearches (Enabled) CHR - default_search_provider: search_url = http://istart.webssearches.com/web/?type=ds&ts=1405629808&from=amt&uid=ST9250315AS_5VC7B8D7XXXX5VC7B8D7&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Pierwszy u\u017cytkownik (Disabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll CHR - plugin: Error reading preferences file CHR - Extension: Dokumenty Google = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Dysk Google = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\1.0.0_0\ CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Szukaj w Google = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: avast! Online Security = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0\ CHR - Extension: Google Wallet = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.) O3 - HKLM\..\Toolbar: (no name) - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [CancelAutoPlay_df] C:\Program Files\ZTE MF823\CancelAutoPlay_df.exe () O4 - HKLM..\Run: [CheckNDISPortF0ac70] C:\Program Files\ZTE MF823\CheckNDISPort_df.exe () O4 - HKLM..\Run: [NetPanel] C:\Program Files\NetPanel\Starter.exe (Gemius) O4 - HKCU..\Run: [Advanced SystemCare 7] C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe (IObit) O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - HKCU..\Run: [SkyDrive] C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O9 - Extra Button: FreshDownload - {CB034BBE-6856-4A1D-9919-4C3939BBED91} - Reg Error: Value error. File not found O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\COMODO\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10048F30-B65B-42C8-A146-9388F908EF1A}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F22A4AEF-0142-4837-B58F-D708A372375A}: DhcpNameServer = 212.2.96.52 212.2.96.51 O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012-10-23 23:22:17 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{02bd345f-f54b-11de-81b4-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{02bd345f-f54b-11de-81b4-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{0c7af2ed-046d-11e1-a982-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{0c7af2ed-046d-11e1-a982-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{174b4873-17ea-11df-9245-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{174b4873-17ea-11df-9245-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{18b9c75f-946d-11e1-869e-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{18b9c75f-946d-11e1-869e-90e6baed5611}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{1f03e1ea-1743-11df-b844-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{1f03e1ea-1743-11df-b844-90e6baed5611}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{236dc46f-f024-11e0-9f92-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{236dc46f-f024-11e0-9f92-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{256c0944-1955-11df-95e9-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{256c0944-1955-11df-95e9-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{256c0949-1955-11df-95e9-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{256c0949-1955-11df-95e9-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{2b8bc564-ec1a-11e0-9211-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{2b8bc564-ec1a-11e0-9211-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{2b8bc578-ec1a-11e0-9211-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{2b8bc578-ec1a-11e0-9211-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{2f3c0355-95bb-11e0-9ff3-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{2f3c0355-95bb-11e0-9ff3-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{2f3c0364-95bb-11e0-9ff3-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{2f3c0364-95bb-11e0-9ff3-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{3ae674de-f628-11de-9499-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{3ae674de-f628-11de-9499-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{3b686492-a48d-11e0-8599-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{3b686492-a48d-11e0-8599-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{3b6864c7-a48d-11e0-8599-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{3b6864c7-a48d-11e0-8599-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{3cdb05e7-f54c-11de-a901-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{3cdb05e7-f54c-11de-a901-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{3cdb060e-f54c-11de-a901-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{3cdb060e-f54c-11de-a901-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{3cdb0611-f54c-11de-a901-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{3cdb0611-f54c-11de-a901-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{48a129df-0d81-11e2-aa84-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{48a129df-0d81-11e2-aa84-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{490aa2a0-6d15-11e1-906b-001e101f8aaa}\Shell - "" = AutoRun O33 - MountPoints2\{490aa2a0-6d15-11e1-906b-001e101f8aaa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{490aa2b3-6d15-11e1-906b-001e101f8aaa}\Shell - "" = AutoRun O33 - MountPoints2\{490aa2b3-6d15-11e1-906b-001e101f8aaa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{4bf4f679-4d7d-11df-b8b5-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{4bf4f679-4d7d-11df-b8b5-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{5960e5fd-95fa-11e0-9d13-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{5960e5fd-95fa-11e0-9d13-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{651eec76-1894-11df-8f7a-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{651eec76-1894-11df-8f7a-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{651eec7a-1894-11df-8f7a-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{651eec7a-1894-11df-8f7a-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{652eaa5c-1650-11df-a216-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{652eaa5c-1650-11df-a216-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{66ca02a3-af0f-11e0-b581-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{66ca02a3-af0f-11e0-b581-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{6fce52ec-138b-11e1-90d2-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{6fce52ec-138b-11e1-90d2-90e6baed5611}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{71e5a3de-17ec-11df-b82d-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{71e5a3de-17ec-11df-b82d-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{73c100eb-f4d7-11e1-85ea-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{73c100eb-f4d7-11e1-85ea-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{73c100f0-f4d7-11e1-85ea-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{73c100f0-f4d7-11e1-85ea-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7999ca10-da8a-11e2-8de9-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{7999ca10-da8a-11e2-8de9-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ab48c3f4-2403-11e1-aae7-001e101f7f74}\Shell - "" = AutoRun O33 - MountPoints2\{ab48c3f4-2403-11e1-aae7-001e101f7f74}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ab48c3f8-2403-11e1-aae7-001e101f7f74}\Shell - "" = AutoRun O33 - MountPoints2\{ab48c3f8-2403-11e1-aae7-001e101f7f74}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{abf6bdea-fb2d-11e1-be4b-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{abf6bdea-fb2d-11e1-be4b-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{aec85365-f60f-11de-99e7-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{aec85365-f60f-11de-99e7-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{aec85367-f60f-11de-99e7-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{aec85367-f60f-11de-99e7-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{afae86aa-451f-11e3-8a85-001e101faa49}\Shell - "" = AutoRun O33 - MountPoints2\{afae86aa-451f-11e3-8a85-001e101faa49}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b3a89b65-1c7f-11df-9ad8-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{b3a89b65-1c7f-11df-9ad8-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b3a89b69-1c7f-11df-9ad8-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{b3a89b69-1c7f-11df-9ad8-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b6ff8bcf-f538-11e1-95f3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{b6ff8bcf-f538-11e1-95f3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{cadb6867-f75f-11e1-94eb-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{cadb6867-f75f-11e1-94eb-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{cadb6879-f75f-11e1-94eb-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{cadb6879-f75f-11e1-94eb-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{cc6af8fc-36d6-11e2-a687-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{cc6af8fc-36d6-11e2-a687-90e6baed5611}\Shell\AutoRun\command - "" = F:\Startme.exe O33 - MountPoints2\{d9b59718-03a1-11e1-8f0f-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{d9b59718-03a1-11e1-8f0f-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{d9b5972e-03a1-11e1-8f0f-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{d9b5972e-03a1-11e1-8f0f-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{fcf948de-f647-11de-9d8b-90e6baed5611}\Shell - "" = AutoRun O33 - MountPoints2\{fcf948de-f647-11de-9d8b-90e6baed5611}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-08-09 13:15:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive [2014-08-07 18:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NetPanel [2014-08-07 18:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetPanel [2014-08-07 11:23:13 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\My Games [2014-08-07 11:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 2011 Demo [2014-08-07 11:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\Farming Simulator 2011 Demo [2014-08-07 11:06:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\BitCometLite [2014-08-02 10:37:16 | 000,045,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2014-08-02 10:37:15 | 002,425,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2014-08-02 10:36:51 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2014-08-02 10:36:51 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2014-08-02 10:36:50 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2014-08-02 10:36:17 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2014-08-02 10:36:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2014-07-30 09:42:18 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll [2014-07-30 09:40:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014-07-29 15:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3 [2014-07-18 15:28:35 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2014-07-18 15:28:27 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2014-07-18 15:28:27 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2014-07-18 15:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014-07-18 11:23:28 | 000,000,000 | ---D | C] -- C:\Program Files\RCP [2014-07-18 11:04:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe [2014-07-17 22:47:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014-07-17 22:42:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\21063 [2014-07-11 16:53:05 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\GT-S5830_SER_S5830XXKPP_S5830XXKPP_S5830SERKPP [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-08-10 12:31:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-08-10 12:15:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-08-10 12:10:32 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-08-10 12:10:32 | 000,020,304 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-08-10 12:02:52 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cb72265d355596.job [2014-08-10 12:02:44 | 000,000,244 | ---- | M] () -- C:\Windows\tasks\SpeedOptimizer Startup.job [2014-08-10 12:02:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-08-10 12:02:19 | 2388,459,520 | -HS- | M] () -- C:\hiberfil.sys [2014-08-10 12:01:34 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2014-08-07 11:21:42 | 000,001,242 | ---- | M] () -- C:\Users\user\Desktop\Farming Simulator 2011 Demo.lnk [2014-08-07 10:04:32 | 000,002,161 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk [2014-08-07 09:23:43 | 000,657,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014-08-07 09:23:43 | 000,157,486 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2014-08-07 09:23:43 | 000,123,196 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014-08-07 09:23:43 | 000,059,740 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2014-07-29 15:13:44 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2014-07-29 15:13:44 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 3.lnk [2014-07-27 11:10:47 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2014-07-18 16:22:21 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Driver Booster.lnk [2014-07-17 22:42:37 | 001,225,588 | ---- | M] ( ) -- C:\Windows\System32\lnsecsl.exe [2014-07-17 13:43:29 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014-07-17 13:43:28 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014-07-11 16:59:01 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-08-10 12:01:34 | 000,000,000 | ---- | C] () -- C:\asc_rdflag [2014-08-07 11:21:42 | 000,001,242 | ---- | C] () -- C:\Users\user\Desktop\Farming Simulator 2011 Demo.lnk [2014-07-29 15:13:44 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk [2014-07-29 15:13:44 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 3.lnk [2014-07-17 22:42:37 | 001,225,588 | ---- | C] ( ) -- C:\Windows\System32\lnsecsl.exe [2014-07-11 16:59:01 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_WinUsb_01007.Wdf [2014-04-30 19:47:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll [2014-04-30 19:47:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll [2014-04-30 19:47:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll [2014-04-30 19:47:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll [2014-04-30 16:35:38 | 000,030,862 | ---- | C] () -- C:\Users\user\.recently-used.xbel [2014-04-24 22:31:07 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys [2014-03-30 11:18:46 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2014-03-30 11:18:44 | 000,000,259 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2013-12-04 12:12:58 | 000,001,656 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin [2013-03-01 22:39:32 | 000,192,352 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys [2013-03-01 22:39:31 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys [2013-03-01 03:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2012-10-23 22:42:44 | 083,023,306 | ---- | C] () -- C:\ProgramData\arepo.pad [2012-02-13 14:32:35 | 018,846,454 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png [2011-05-23 19:02:17 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{94C5664F-5714-43C1-9074-5E695279B86E} [2011-05-23 19:02:16 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{8F1FF545-35D5-45E3-985B-4A2A96F8F061} [2011-05-01 15:30:00 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{F55B6DBD-C5CF-435E-A31B-151F9D792176} [2011-02-23 18:25:49 | 000,044,393 | ---- | C] () -- C:\Users\user\AppData\Local\Perfmon.PerfmonCfg [2011-02-04 16:25:07 | 000,001,334 | ---- | C] () -- C:\Users\user\pcmscan.cfg [2010-01-25 23:00:56 | 000,000,017 | ---- | C] () -- C:\ProgramData\task1.tsk [2010-01-25 23:00:56 | 000,000,017 | ---- | C] () -- C:\ProgramData\task0.tsk [2010-01-25 23:00:44 | 000,000,350 | ---- | C] () -- C:\ProgramData\Setting.dat [2010-01-25 23:00:44 | 000,000,022 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserFlag.ini [2010-01-07 17:35:23 | 000,007,668 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg [2009-12-30 11:08:24 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-03-25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 169 bytes -> C:\ProgramData\Temp:0295CBF7 @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CD060F93 @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:302A9871 @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:D74B6CF5 < End of report >