OTL logfile created on: 2015-01-10 16:55:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = N:\ Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17501) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 3,48 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 59,72% Memory free 6,96 Gb Paging File | 5,26 Gb Available in Paging File | 75,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = N: | %SystemRoot% = N:\Windows | %ProgramFiles% = N:\Program Files Drive D: | 11,97 Gb Total Space | 1,72 Gb Free Space | 14,35% Space Free | Partition Type: NTFS Drive E: | 7,29 Gb Total Space | 0,17 Gb Free Space | 2,35% Space Free | Partition Type: NTFS Drive G: | 97,65 Gb Total Space | 6,90 Gb Free Space | 7,07% Space Free | Partition Type: NTFS Drive H: | 27,81 Gb Total Space | 0,88 Gb Free Space | 3,18% Space Free | Partition Type: NTFS Drive N: | 97,65 Gb Total Space | 11,45 Gb Free Space | 11,72% Space Free | Partition Type: NTFS Computer Name: XCC-PC | User Name: xcc | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2015-01-10 16:54:05 | 001,115,648 | ---- | M] (Farbar) -- N:\Users\TEMP\Desktop\FRST.exe PRC - [2015-01-10 16:53:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- N:\OTL.exe PRC - [2014-12-19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- N:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2014-12-06 02:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- N:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2014-07-25 14:51:18 | 002,403,104 | ---- | M] (NVIDIA Corporation) -- N:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2014-07-25 14:51:13 | 001,720,608 | ---- | M] (NVIDIA Corporation) -- N:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2014-07-25 14:51:12 | 017,536,800 | ---- | M] (NVIDIA Corporation) -- N:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe PRC - [2014-03-04 13:34:44 | 001,821,128 | ---- | M] (NVIDIA Corporation) -- N:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2014-03-04 13:34:44 | 000,943,048 | ---- | M] (NVIDIA Corporation) -- N:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2014-03-04 12:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- N:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013-08-02 01:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- N:\Windows\System32\conhost.exe PRC - [2013-07-26 19:21:17 | 000,459,008 | ---- | M] () -- N:\Program Files\4G Hostless Modem\PLAY ONLINE\CheckNDISPort_df.exe PRC - [2013-07-26 19:21:17 | 000,446,208 | ---- | M] () -- N:\Program Files\4G Hostless Modem\PLAY ONLINE\CancelAutoPlay_df.exe PRC - [2013-05-21 00:23:31 | 000,049,152 | ---- | M] (Microsoft Corporation) -- N:\Windows\System32\taskhost.exe PRC - [2013-05-20 23:48:13 | 002,616,320 | ---- | M] (Microsoft Corporation) -- N:\Windows\explorer.exe PRC - [2012-02-02 16:16:56 | 002,671,936 | ---- | M] (DT Soft Ltd) -- N:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-12-06 02:50:50 | 009,009,480 | ---- | M] () -- N:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll MOD - [2014-12-06 02:50:46 | 001,077,064 | ---- | M] () -- N:\Program Files\Google\Chrome\Application\39.0.2171.95\libglesv2.dll MOD - [2014-12-06 02:50:45 | 000,211,272 | ---- | M] () -- N:\Program Files\Google\Chrome\Application\39.0.2171.95\libegl.dll MOD - [2014-12-06 02:50:44 | 001,677,128 | ---- | M] () -- N:\Program Files\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll MOD - [2013-07-26 19:21:17 | 000,459,008 | ---- | M] () -- N:\Program Files\4G Hostless Modem\PLAY ONLINE\CheckNDISPort_df.exe MOD - [2013-07-26 19:21:17 | 000,446,208 | ---- | M] () -- N:\Program Files\4G Hostless Modem\PLAY ONLINE\CancelAutoPlay_df.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- N:\Users\xcc\Desktop\tor i2p\I2Psvc.exe -- (i2p) SRV - [2014-12-19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- N:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014-12-10 15:40:10 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- N:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-11-22 02:55:14 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- N:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2014-07-25 14:51:13 | 001,720,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- N:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2014-07-25 14:51:12 | 017,536,800 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- N:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV - [2014-03-04 12:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- N:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013-05-27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- N:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-05-21 00:31:33 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- N:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- N:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- N:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aumlizct) DRV - [2014-07-25 14:51:12 | 000,019,232 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- N:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms) DRV - [2014-05-10 23:49:26 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- N:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2014-05-05 16:47:47 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- N:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2014-03-31 17:42:44 | 000,034,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- N:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible) DRV - [2014-03-23 17:48:05 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- N:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2014-03-23 17:48:05 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- N:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2014-03-04 15:29:02 | 010,523,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- N:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2014-01-22 08:52:12 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\ssudserd.sys -- (ssudserd) DRV - [2014-01-22 07:52:12 | 000,184,192 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2014-01-22 07:52:12 | 000,088,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2013-11-28 14:38:19 | 000,162,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- N:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2013-05-20 23:56:40 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2013-05-20 23:56:40 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2013-05-20 23:56:39 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2013-05-20 23:56:39 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\terminpt.sys -- (terminpt) DRV - [2013-01-19 00:52:08 | 000,040,936 | ---- | M] () [Kernel | On_Demand | Running] -- N:\Windows\System32\drivers\ISCTD.sys -- (ISCT) DRV - [2012-12-21 06:44:10 | 000,792,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc) DRV - [2012-12-21 06:44:10 | 000,359,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub) DRV - [2012-11-08 12:41:32 | 000,333,128 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci) DRV - [2012-11-08 12:41:32 | 000,110,920 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\asmthub3.sys -- (asmthub3) DRV - [2012-07-24 20:58:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI) DRV - [2012-07-24 20:58:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3) DRV - [2012-07-24 20:58:00 | 000,032,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\EtronSTOR.sys -- (EtronSTOR) DRV - [2012-03-08 10:09:40 | 000,075,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\bxdiagx.sys -- (b06diag) DRV - [2012-02-22 17:33:32 | 000,435,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\bxois.sys -- (bxois) DRV - [2012-02-22 17:05:54 | 000,150,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\bxfcoe.sys -- (bxfcoe) DRV - [2012-02-22 15:27:02 | 000,130,152 | ---- | M] (Bigfoot Networks, Inc.) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\Xeno7x86.sys -- (BFN7x86) DRV - [2011-10-25 18:57:14 | 000,165,120 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2011-10-25 18:57:14 | 000,073,984 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010-11-20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010-11-20 22:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub) DRV - [2010-11-20 22:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV - [2010-11-20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010-11-20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- N:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010-11-20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-11-20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010-11-20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010-11-20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010-10-19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- N:\Windows\System32\drivers\HECI.sys -- (MEI) DRV - [2009-10-27 03:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32) DRV - [2009-10-26 14:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2003-03-06 03:52:52 | 000,155,392 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- N:\Windows\System32\drivers\TIACXLN.sys -- (TIACXLN) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: N:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: N:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: N:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: N:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: N:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: N:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: N:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: N:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [color=#E56717]========== Chrome ==========[/color] CHR - plugin: Error reading preferences file CHR - Extension: No name found = N:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\ CHR - Extension: No name found = N:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\ CHR - Extension: No name found = N:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: No name found = N:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = N:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = N:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\ CHR - Extension: No name found = N:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: No name found = N:\Users\TEMP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2014-08-14 16:50:14 | 000,000,890 | ---- | M]) - N:\Windows\System32\drivers\etc\hosts O1 - Hosts: 96.8.113.203 karachan.org O1 - Hosts: 96.8.113.203 www.karachan.org O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - N:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - N:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [CancelAutoPlay_df] N:\Program Files\4G Hostless Modem\PLAY ONLINE\CancelAutoPlay_df.exe () O4 - HKLM..\Run: [CheckNDISPortF0acD2] N:\Program Files\4G Hostless Modem\PLAY ONLINE\CheckNDISPort_df.exe () O4 - HKLM..\Run: [freeSoftToday_widget] N:\Program Files\fst_en_2\freeSoftToday_widget.exe File not found O4 - HKLM..\Run: [fst_en_2] File not found O4 - HKLM..\Run: [NvBackend] N:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4 - HKLM..\Run: [ShadowPlay] N:\Windows\System32\nvspcap.dll (NVIDIA Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.252 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BDE2CBC-67F3-433A-8A97-8479BA0A9948}: DhcpNameServer = 192.168.100.252 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2B69576F-E917-42BA-8FA7-257F15464B70}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3AF5E7EC-4B87-4FBC-9A6E-1C27B46CB3DC}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B08C414B-7C2E-48B1-A2C2-C12ACB092CB6}: DhcpNameServer = 192.168.100.252 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - N:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (N:\Windows\system32\userinit.exe) - N:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - N:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - N:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2015-01-10 16:54:20 | 000,000,000 | ---D | C] -- N:\FRST [2015-01-10 16:54:14 | 001,115,648 | ---- | C] (Farbar) -- N:\Users\TEMP\Desktop\FRST.exe [2015-01-10 16:54:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- N:\OTL.exe [2015-01-10 16:51:59 | 000,000,000 | ---D | C] -- N:\Users\TEMP\AppData\Roaming\DAEMON Tools Pro [2015-01-10 16:51:57 | 000,000,000 | ---D | C] -- N:\Users\TEMP\AppData\Local\Google [2015-01-10 16:51:55 | 000,000,000 | R--D | C] -- N:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2015-01-10 16:51:55 | 000,000,000 | R--D | C] -- N:\Users\TEMP\Searches [2015-01-10 16:51:55 | 000,000,000 | R--D | C] -- N:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2015-01-10 16:51:55 | 000,000,000 | -H-D | C] -- N:\Users\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2015-01-10 16:51:49 | 000,000,000 | ---D | C] -- N:\Users\TEMP\AppData\Roaming\Identities [2015-01-10 16:51:47 | 000,000,000 | R--D | C] -- N:\Users\TEMP\Contacts [2015-01-10 16:51:41 | 000,000,000 | ---D | C] -- N:\Users\TEMP\AppData\Roaming\Adobe [2015-01-10 16:51:39 | 000,000,000 | ---D | C] -- N:\Users\TEMP\AppData\Local\NVIDIA Corporation [2015-01-10 16:51:39 | 000,000,000 | ---D | C] -- N:\Users\TEMP\AppData\Local\NVIDIA [2015-01-10 16:51:38 | 000,000,000 | ---D | C] -- N:\Users\TEMP\AppData\Local\VirtualStore [2015-01-10 16:51:36 | 000,000,000 | --SD | C] -- N:\Users\TEMP\AppData\Roaming\Microsoft [2015-01-10 16:51:36 | 000,000,000 | RH-D | C] -- N:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2015-01-10 16:51:36 | 000,000,000 | RH-D | C] -- N:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2015-01-10 16:51:36 | 000,000,000 | R--D | C] -- N:\Users\TEMP\Videos [2015-01-10 16:51:36 | 000,000,000 | R--D | C] -- N:\Users\TEMP\Saved Games [2015-01-10 16:51:36 | 000,000,000 | R--D | C] -- N:\Users\TEMP\Pictures [2015-01-10 16:51:36 | 000,000,000 | R--D | C] -- N:\Users\TEMP\Music [2015-01-10 16:51:36 | 000,000,000 | R--D | C] -- N:\Users\TEMP\Links [2015-01-10 16:51:36 | 000,000,000 | R--D | C] -- N:\Users\TEMP\Favorites [2015-01-10 16:51:36 | 000,000,000 | R--D | C] -- N:\Users\TEMP\Downloads [2015-01-10 16:51:36 | 000,000,000 | R--D | C] -- N:\Users\TEMP\Documents [2015-01-10 16:51:36 | 000,000,000 | R--D | C] -- N:\Users\TEMP\Desktop [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\AppData\Local\Temporary Internet Files [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\Templates [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\Start Menu [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\SendTo [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\Recent [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\PrintHood [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\NetHood [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\Documents\My Videos [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\Documents\My Pictures [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\Documents\My Music [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\My Documents [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\Local Settings [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\AppData\Local\History [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\Cookies [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\Application Data [2015-01-10 16:51:36 | 000,000,000 | -HSD | C] -- N:\Users\TEMP\AppData\Local\Application Data [2015-01-10 16:51:36 | 000,000,000 | -H-D | C] -- N:\Users\TEMP\AppData\Local\Temp [2015-01-10 16:51:36 | 000,000,000 | -H-D | C] -- N:\Users\TEMP\AppData\Local\Microsoft [2015-01-10 16:51:36 | 000,000,000 | -H-D | C] -- N:\Users\TEMP\AppData\Roaming\Media Center Programs [2015-01-10 16:51:36 | 000,000,000 | -H-D | C] -- N:\Users\TEMP\AppData [2015-01-10 16:51:26 | 000,000,000 | ---D | C] -- N:\Windows\LastGood [2015-01-08 10:57:59 | 000,088,832 | ---- | C] (Etron Technology Inc) -- N:\Windows\System32\drivers\EtronXHCI.sys [2015-01-08 09:24:44 | 000,000,000 | -HSD | C] -- N:\found.000 [2015-01-08 01:15:47 | 000,000,000 | ---D | C] -- N:\ProgramData\Microsoft\Windows\Start Menu\Programs\Little Fighter 2 version 2.0a [2014-12-29 00:24:55 | 000,000,000 | ---D | C] -- N:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2 - Share the Pain [2014-12-28 13:20:40 | 000,000,000 | ---D | C] -- N:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deus Ex Human Revolution Augmented Edition [2014-12-17 21:39:03 | 000,115,712 | ---- | C] (Microsoft Corporation) -- N:\Windows\System32\ieUnatt.exe [3 N:\Windows\*.tmp files -> N:\Windows\*.tmp -> ] [1 N:\Windows\System32\drivers\*.tmp files -> N:\Windows\System32\drivers\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2015-01-10 16:57:00 | 000,032,608 | -H-- | M] () -- N:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015-01-10 16:57:00 | 000,032,608 | -H-- | M] () -- N:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015-01-10 16:54:05 | 001,115,648 | ---- | M] (Farbar) -- N:\Users\TEMP\Desktop\FRST.exe [2015-01-10 16:53:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- N:\OTL.exe [2015-01-10 16:52:38 | 000,002,229 | ---- | M] () -- N:\Users\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015-01-10 16:51:38 | 000,001,032 | ---- | M] () -- N:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015-01-10 16:51:15 | 000,067,584 | --S- | M] () -- N:\Windows\bootstat.dat [2015-01-10 16:51:12 | 2802,659,328 | -HS- | M] () -- N:\hiberfil.sys [2015-01-08 11:09:00 | 000,001,036 | ---- | M] () -- N:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015-01-08 10:40:00 | 000,000,830 | ---- | M] () -- N:\Windows\tasks\Adobe Flash Player Updater.job [2015-01-08 09:25:45 | 000,003,864 | ---- | M] () -- N:\bootsqm.dat [2015-01-08 01:15:34 | 000,000,009 | ---- | M] () -- N:\END [2015-01-07 16:37:30 | 000,000,312 | ---- | M] () -- N:\Windows\WinInit.Ini [2015-01-06 04:36:02 | 000,249,488 | ---- | M] (Microsoft Corporation) -- N:\Windows\System32\MpSigStub.exe [2015-01-05 18:24:22 | 000,739,836 | ---- | M] () -- N:\Windows\System32\perfh015.dat [2015-01-05 18:24:22 | 000,653,684 | ---- | M] () -- N:\Windows\System32\perfh009.dat [2015-01-05 18:24:22 | 000,155,410 | ---- | M] () -- N:\Windows\System32\perfc015.dat [2015-01-05 18:24:22 | 000,121,556 | ---- | M] () -- N:\Windows\System32\perfc009.dat [2014-12-13 04:33:44 | 000,115,712 | ---- | M] (Microsoft Corporation) -- N:\Windows\System32\ieUnatt.exe [3 N:\Windows\*.tmp files -> N:\Windows\*.tmp -> ] [1 N:\Windows\System32\drivers\*.tmp files -> N:\Windows\System32\drivers\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2015-01-10 16:51:57 | 000,002,229 | ---- | C] () -- N:\Users\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2015-01-10 16:51:41 | 000,001,417 | ---- | C] () -- N:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2015-01-10 16:51:36 | 000,000,290 | -H-- | C] () -- N:\Users\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2015-01-10 16:51:36 | 000,000,272 | -H-- | C] () -- N:\Users\TEMP\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2015-01-08 09:25:45 | 000,003,864 | ---- | C] () -- N:\bootsqm.dat [2015-01-08 01:15:14 | 000,000,009 | ---- | C] () -- N:\END [2014-10-14 09:19:39 | 000,000,312 | ---- | C] () -- N:\Windows\WinInit.Ini [2014-09-08 18:56:23 | 000,001,176 | ---- | C] () -- N:\Windows\kaillera.ini [2014-07-24 10:59:44 | 000,337,158 | ---- | C] () -- N:\Windows\System32\perfi015.dat [2014-07-24 10:59:43 | 000,739,836 | ---- | C] () -- N:\Windows\System32\perfh015.dat [2014-07-24 10:59:43 | 000,155,410 | ---- | C] () -- N:\Windows\System32\perfc015.dat [2014-07-24 10:59:43 | 000,038,710 | ---- | C] () -- N:\Windows\System32\perfd015.dat [2014-06-20 18:56:17 | 000,004,096 | ---- | C] () -- N:\Windows\d3dx.dat [2014-06-03 05:41:50 | 000,182,272 | ---- | C] () -- N:\Windows\patchw32.dll [2014-05-26 04:40:53 | 000,650,752 | ---- | C] () -- N:\Windows\System32\xvidcore.dll [2014-05-26 04:40:53 | 000,243,200 | ---- | C] () -- N:\Windows\System32\xvidvfw.dll [2014-05-26 04:40:53 | 000,218,200 | ---- | C] () -- N:\Windows\System32\unrar.dll [2014-05-26 04:40:53 | 000,216,064 | ---- | C] ( ) -- N:\Windows\System32\lagarith.dll [2014-05-26 04:40:52 | 000,112,640 | ---- | C] () -- N:\Windows\System32\ff_vfw.dll [2014-03-23 17:48:05 | 000,281,760 | ---- | C] () -- N:\Windows\System32\drivers\atksgt.sys [2014-03-23 17:48:05 | 000,025,888 | ---- | C] () -- N:\Windows\System32\drivers\lirsgt.sys [2014-03-09 18:12:24 | 003,649,185 | ---- | C] () -- N:\Windows\System32\nvcoproc.bin [2013-01-19 00:52:08 | 000,040,936 | ---- | C] () -- N:\Windows\System32\drivers\ISCTD.sys [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- N:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-06-25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >