API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 14th, 2015
244
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 44.06 KB | None | 0 0
raw download clone embed print report
  1. OTL logfile created on: 2015-05-14 20:19:35 - Run 7
  2. OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Zakon\Downloads
  3. 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
  4. Internet Explorer (Version = 8.0.7600.16385)
  5. Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
  6.  
  7. 3,97 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 43,93% Memory free
  8. 7,93 Gb Paging File | 5,29 Gb Available in Paging File | 66,72% Paging File free
  9. Paging file location(s): ?:\pagefile.sys [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
  12. Drive C: | 107,03 Gb Total Space | 27,70 Gb Free Space | 25,88% Space Free | Partition Type: NTFS
  13. Drive F: | 931,51 Gb Total Space | 531,64 Gb Free Space | 57,07% Space Free | Partition Type: NTFS
  14.  
  15. Computer Name: PC1 | User Name: Zakon | Logged in as Administrator.
  16. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
  17. Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
  18.  
  19. [color=#E56717]========== Processes (SafeList) ==========[/color]
  20.  
  21. PRC - [2015-05-14 20:06:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Zakon\Downloads\OTL.exe
  22. PRC - [2015-05-05 06:06:54 | 000,812,872 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  23. PRC - [2014-12-19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
  24. PRC - [2014-08-09 09:08:04 | 003,890,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
  25. PRC - [2014-05-19 22:15:04 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
  26. PRC - [2013-02-15 11:50:46 | 000,202,264 | ---- | M] () -- C:\Program Files (x86)\WinArchiver\WAService.exe
  27. PRC - [2013-02-15 11:50:36 | 000,480,792 | ---- | M] (Power Software Ltd) -- C:\Program Files (x86)\WinArchiver\WAHELPER.EXE
  28. PRC - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  29. PRC - [2011-12-16 12:30:40 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
  30. PRC - [2011-12-16 12:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
  31. PRC - [2011-12-16 11:02:56 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
  32. PRC - [2011-05-20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
  33. PRC - [2011-05-20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
  34. PRC - [2009-02-10 09:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
  35.  
  36.  
  37. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  38.  
  39. MOD - [2015-05-05 06:06:54 | 014,982,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\PepperFlash\pepflashplayer.dll
  40. MOD - [2015-05-05 06:06:52 | 001,252,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libglesv2.dll
  41. MOD - [2015-05-05 06:06:52 | 000,080,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.152\libegl.dll
  42. MOD - [2014-05-19 22:15:04 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
  43. MOD - [2012-11-28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
  44. MOD - [2012-11-28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
  45. MOD - [2012-10-19 16:44:16 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\332dfd3374f4ab33008b9a00dd602dd5\IAStorUtil.ni.dll
  46. MOD - [2012-10-19 16:44:16 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\da2c2ac0abf81094c19ce27063076f28\IAStorCommon.ni.dll
  47. MOD - [2009-07-14 19:55:04 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
  48. MOD - [2009-07-14 19:55:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll
  49. MOD - [2009-07-14 06:55:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
  50. MOD - [2009-07-14 06:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
  51. MOD - [2009-07-14 06:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
  52. MOD - [2009-07-14 06:55:14 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
  53. MOD - [2009-07-14 06:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
  54. MOD - [2009-07-14 06:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
  55. MOD - [2009-07-14 06:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
  56. MOD - [2009-07-14 06:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
  57.  
  58.  
  59. [color=#E56717]========== Services (SafeList) ==========[/color]
  60.  
  61. SRV:[b]64bit:[/b] - [2014-05-19 22:15:04 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
  62. SRV:[b]64bit:[/b] - [2011-12-08 16:38:24 | 000,607,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
  63. SRV:[b]64bit:[/b] - [2010-04-06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
  64. SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
  65. SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
  66. SRV - [2015-02-18 19:11:32 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
  67. SRV - [2014-12-20 01:38:02 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
  68. SRV - [2014-12-19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
  69. SRV - [2014-10-25 12:59:46 | 000,016,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Mirillis\Action!\action_svc.exe -- (ACTION_SVC)
  70. SRV - [2013-08-13 09:44:22 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
  71. SRV - [2013-02-15 11:50:46 | 000,202,264 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\WinArchiver\WAService.exe -- (WinArchiver Service)
  72. SRV - [2013-01-19 00:24:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
  73. SRV - [2012-10-03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
  74. SRV - [2012-10-02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
  75. SRV - [2011-12-16 12:30:40 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
  76. SRV - [2011-12-16 12:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
  77. SRV - [2011-12-16 11:02:56 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
  78. SRV - [2011-08-30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
  79. SRV - [2011-05-20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
  80. SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
  81. SRV - [2009-02-10 09:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
  82.  
  83.  
  84. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  85.  
  86. DRV:[b]64bit:[/b] - [2014-09-15 10:11:42 | 000,023,968 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
  87. DRV:[b]64bit:[/b] - [2014-09-15 10:11:40 | 000,051,488 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
  88. DRV:[b]64bit:[/b] - [2014-09-15 10:11:38 | 000,179,904 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\_hid_0738_1704.sys -- (_hid_0738_1704)
  89. DRV:[b]64bit:[/b] - [2014-09-15 10:11:38 | 000,046,528 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\_usb_0738_1704.sys -- (_usb_0738_1704)
  90. DRV:[b]64bit:[/b] - [2014-08-10 16:11:08 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
  91. DRV:[b]64bit:[/b] - [2014-08-10 16:11:08 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
  92. DRV:[b]64bit:[/b] - [2014-05-19 22:17:18 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
  93. DRV:[b]64bit:[/b] - [2014-05-19 22:17:18 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
  94. DRV:[b]64bit:[/b] - [2014-05-19 22:17:18 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
  95. DRV:[b]64bit:[/b] - [2014-05-19 22:15:05 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
  96. DRV:[b]64bit:[/b] - [2014-05-19 22:15:05 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
  97. DRV:[b]64bit:[/b] - [2014-05-19 22:15:05 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
  98. DRV:[b]64bit:[/b] - [2014-05-19 22:15:05 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
  99. DRV:[b]64bit:[/b] - [2014-05-19 22:15:05 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
  100. DRV:[b]64bit:[/b] - [2014-01-02 01:39:03 | 000,386,680 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
  101. DRV:[b]64bit:[/b] - [2013-11-11 00:56:42 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
  102. DRV:[b]64bit:[/b] - [2013-02-15 11:50:50 | 000,140,184 | ---- | M] (Power Software Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\waemu.sys -- (waemu)
  103. DRV:[b]64bit:[/b] - [2012-12-13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
  104. DRV:[b]64bit:[/b] - [2012-09-13 05:10:04 | 000,879,760 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
  105. DRV:[b]64bit:[/b] - [2012-08-24 09:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
  106. DRV:[b]64bit:[/b] - [2012-08-21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
  107. DRV:[b]64bit:[/b] - [2012-07-03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
  108. DRV:[b]64bit:[/b] - [2011-11-10 01:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
  109. DRV:[b]64bit:[/b] - [2011-09-29 11:30:34 | 000,646,248 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
  110. DRV:[b]64bit:[/b] - [2011-05-20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
  111. DRV:[b]64bit:[/b] - [2011-01-10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
  112. DRV:[b]64bit:[/b] - [2009-09-16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
  113. DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
  114. DRV:[b]64bit:[/b] - [2009-07-14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
  115. DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
  116. DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
  117. DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
  118. DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
  119. DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
  120. DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
  121. DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
  122. DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
  123. DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
  124. DRV:[b]64bit:[/b] - [2008-12-26 13:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
  125. DRV - [2012-10-19 17:49:14 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
  126. DRV - [2012-10-19 17:32:15 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
  127. DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
  128.  
  129.  
  130. [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
  131.  
  132.  
  133. [color=#E56717]========== Internet Explorer ==========[/color]
  134.  
  135. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
  136. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
  137. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
  138. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
  139. IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  140. IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  141. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
  142. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
  143. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
  144. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
  145. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
  146. IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  147. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  148.  
  149.  
  150. IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  151. IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  152.  
  153. IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  154. IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  155.  
  156. IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  157.  
  158. IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  159.  
  160. IE - HKU\S-1-5-21-382618051-1815593568-393395283-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
  161. IE - HKU\S-1-5-21-382618051-1815593568-393395283-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
  162. IE - HKU\S-1-5-21-382618051-1815593568-393395283-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  163. IE - HKU\S-1-5-21-382618051-1815593568-393395283-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
  164. IE - HKU\S-1-5-21-382618051-1815593568-393395283-1000\..\SearchScopes\{474C820A-CA67-4362-8687-B7AD6813E780}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
  165. IE - HKU\S-1-5-21-382618051-1815593568-393395283-1000\..\SearchScopes\{A327DD97-29EA-426c-80D7-68516595D232}: "URL" = http://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
  166. IE - HKU\S-1-5-21-382618051-1815593568-393395283-1000\..\SearchScopes\{AD4AF221-1FC2-4312-A16C-E1D4802EEC47}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
  167. IE - HKU\S-1-5-21-382618051-1815593568-393395283-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  168.  
  169.  
  170. [color=#E56717]========== FireFox ==========[/color]
  171.  
  172. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  173. FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
  174. FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
  175. FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
  176. FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: F:\Programy\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
  177. FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
  178. FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
  179. FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
  180. FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  181. FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
  182. FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
  183. FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
  184. FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
  185. FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: F:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
  186. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
  187. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
  188. FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
  189. FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
  190. FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
  191.  
  192. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}
  193. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}
  194. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66}
  195.  
  196. [2012-10-19 18:42:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zakon\AppData\Roaming\mozilla\Firefox\extensions
  197. [2012-10-19 18:42:55 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Zakon\AppData\Roaming\mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
  198. [2013-09-14 20:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
  199.  
  200. [color=#E56717]========== Chrome ==========[/color]
  201.  
  202. CHR - default_search_provider: (Enabled)
  203. CHR - default_search_provider: search_url =
  204. CHR - default_search_provider: suggest_url =
  205. CHR - plugin: Error reading preferences file
  206. CHR - Extension: No name found = C:\Users\Zakon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbhhihkiaeeioepkklgfpdohnemkjcoi\5_0\
  207. CHR - Extension: No name found = C:\Users\Zakon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.31_0\
  208. CHR - Extension: No name found = C:\Users\Zakon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
  209. CHR - Extension: No name found = C:\Users\Zakon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
  210. CHR - Extension: No name found = C:\Users\Zakon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbhhihkiaeeioepkklgfpdohnemkjcoi\5_0\
  211. CHR - Extension: No name found = C:\Users\Zakon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.31_0\
  212. CHR - Extension: No name found = C:\Users\Zakon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\
  213. CHR - Extension: No name found = C:\Users\Zakon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
  214.  
  215. O1 HOSTS File: ([2014-01-25 20:20:15 | 000,000,921 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
  216. O1 - Hosts: 127.0.0.1 genuine.microsoft.com
  217. O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
  218. O1 - Hosts: 127.0.0.1 sls.microsoft.com
  219. O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
  220. O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
  221. O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
  222. O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
  223. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
  224. O3 - HKU\S-1-5-21-382618051-1815593568-393395283-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
  225. O4:[b]64bit:[/b] - HKLM..\Run: [R.A.T.TE] C:\Program Files\Mad Catz\R.A.T.TE\RAT_TE_Profiler.exe (Mad Catz Inc)
  226. O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
  227. O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
  228. O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
  229. O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
  230. O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
  231. O4 - HKLM..\Run: [mbot_pl_194] File not found
  232. O4 - HKLM..\Run: [WAHELPER.EXE] C:\Program Files (x86)\WinArchiver\WAHELPER.EXE (Power Software Ltd)
  233. O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
  234. O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
  235. O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  236. O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  237. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
  238. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
  239. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
  240. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  241. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
  242. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
  243. O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
  244. O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
  245. O13[b]64bit:[/b] - gopher Prefix: missing
  246. O13 - gopher Prefix: missing
  247. O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
  248. O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
  249. O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
  250. O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
  251. O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
  252. O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
  253. O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
  254. O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
  255. O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
  256. O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
  257. O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
  258. O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
  259. O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
  260. O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
  261. O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
  262. O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
  263. O15 - HKU\S-1-5-21-382618051-1815593568-393395283-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
  264. O15 - HKU\S-1-5-21-382618051-1815593568-393395283-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
  265. O15 - HKU\S-1-5-21-382618051-1815593568-393395283-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
  266. O15 - HKU\S-1-5-21-382618051-1815593568-393395283-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
  267. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
  268. O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
  269. O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
  270. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
  271. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2519E875-0314-4488-8660-FA378A549B93}: DhcpNameServer = 192.168.0.1
  272. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{420140DE-75D0-4F72-9D48-A091F8408F36}: DhcpNameServer = 7.254.254.254
  273. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E375E131-835B-42A0-ACB2-BEEC430B7481}: DhcpNameServer = 192.168.1.1
  274. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E375E131-835B-42A0-ACB2-BEEC430B7481}: NameServer = 8.8.8.8,8.8.4.4
  275. O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
  276. O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
  277. O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
  278. O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
  279. O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
  280. O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
  281. O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
  282. O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  283. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  284. O32 - HKLM CDRom: AutoRun - 1
  285. O33 - MountPoints2\{cea8de1b-266d-11e2-9828-902b340db005}\Shell - "" = AutoRun
  286. O33 - MountPoints2\{cea8de1b-266d-11e2-9828-902b340db005}\Shell\AutoRun\command - "" = Z:\autorun.exe
  287. O33 - MountPoints2\{cea8de1b-266d-11e2-9828-902b340db005}\Shell\install\command - "" = Z:\autorun.exe
  288. O33 - MountPoints2\{e5a7c7cd-19fb-11e2-8279-806e6f6e6963}\Shell - "" = AutoRun
  289. O33 - MountPoints2\{e5a7c7cd-19fb-11e2-8279-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Install.exe
  290. O33 - MountPoints2\{ed116ee3-372b-11e2-9bfc-902b340db005}\Shell - "" = AutoRun
  291. O33 - MountPoints2\{ed116ee3-372b-11e2-9bfc-902b340db005}\Shell\AutoRun\command - "" = D:\SETUP.EXE
  292. O34 - HKLM BootExecute: (autocheck autochk *)
  293. O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
  294. O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
  295. O35 - HKLM\..comfile [open] -- "%1" %*
  296. O35 - HKLM\..exefile [open] -- "%1" %*
  297. O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
  298. O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
  299. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  300. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  301. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  302. O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  303. O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  304.  
  305. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  306.  
  307. [2015-05-14 19:31:30 | 000,000,000 | ---D | C] -- C:\Users\Zakon\AppData\Roaming\MAXON
  308. [2014-07-10 08:16:28 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
  309.  
  310. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  311.  
  312. [2015-05-14 20:21:24 | 001,701,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
  313. [2015-05-14 20:21:24 | 000,750,504 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
  314. [2015-05-14 20:21:24 | 000,663,550 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
  315. [2015-05-14 20:21:24 | 000,161,956 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
  316. [2015-05-14 20:21:24 | 000,126,576 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
  317. [2015-05-14 20:18:05 | 000,001,189 | ---- | M] () -- C:\Users\Zakon\Desktop\Google Chrome.lnk
  318. [2015-05-14 20:15:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
  319. [2015-05-14 20:15:25 | 3193,085,952 | -HS- | M] () -- C:\hiberfil.sys
  320. [2015-05-14 19:46:01 | 000,001,247 | ---- | M] () -- C:\Users\Zakon\Desktop\Continue installation .lnk
  321. [2015-05-14 18:52:10 | 000,000,558 | ---- | M] () -- C:\Windows\tasks\Adobe Acrobat Update Task.job
  322. [2015-05-04 10:56:16 | 000,173,962 | ---- | M] () -- C:\Users\Zakon\Desktop\11212415_870136929722656_2051231491_n.jpg
  323. [2015-04-29 13:29:23 | 002,358,596 | ---- | M] () -- C:\Users\Zakon\Desktop\Hearthstone Screenshot 04-29-15 13.29.22.png
  324. [2015-04-28 14:27:05 | 002,539,731 | ---- | M] () -- C:\Users\Zakon\Desktop\Hearthstone Screenshot 04-28-15 14.27.04.png
  325. [2015-04-27 13:42:38 | 001,283,246 | ---- | M] () -- C:\Users\Zakon\Desktop\chujsuju.png
  326. [2015-04-20 19:26:40 | 000,016,194 | ---- | M] () -- C:\Users\Zakon\Desktop\tumblr_nlz3pyq9fb1slrk0zo3_500.jpg
  327. [2015-04-20 13:24:47 | 001,238,027 | ---- | M] () -- C:\Users\Zakon\Desktop\Hearthstone Screenshot 04-20-15 13.24.47.png
  328. [2015-04-17 13:45:41 | 000,058,235 | ---- | M] () -- C:\Users\Zakon\Desktop\11123998_851221188276943_603752601_n.jpg
  329.  
  330. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  331.  
  332. [2015-05-14 19:46:01 | 000,001,247 | ---- | C] () -- C:\Users\Zakon\Desktop\Continue installation .lnk
  333. [2015-05-14 18:52:10 | 000,000,558 | ---- | C] () -- C:\Windows\tasks\Adobe Acrobat Update Task.job
  334. [2015-05-04 10:56:16 | 000,173,962 | ---- | C] () -- C:\Users\Zakon\Desktop\11212415_870136929722656_2051231491_n.jpg
  335. [2015-04-29 13:29:23 | 002,358,596 | ---- | C] () -- C:\Users\Zakon\Desktop\Hearthstone Screenshot 04-29-15 13.29.22.png
  336. [2015-04-28 14:27:05 | 002,539,731 | ---- | C] () -- C:\Users\Zakon\Desktop\Hearthstone Screenshot 04-28-15 14.27.04.png
  337. [2015-04-27 13:42:38 | 001,283,246 | ---- | C] () -- C:\Users\Zakon\Desktop\chujsuju.png
  338. [2015-04-20 19:26:39 | 000,016,194 | ---- | C] () -- C:\Users\Zakon\Desktop\tumblr_nlz3pyq9fb1slrk0zo3_500.jpg
  339. [2015-04-20 13:24:47 | 001,238,027 | ---- | C] () -- C:\Users\Zakon\Desktop\Hearthstone Screenshot 04-20-15 13.24.47.png
  340. [2015-04-17 13:45:41 | 000,058,235 | ---- | C] () -- C:\Users\Zakon\Desktop\11123998_851221188276943_603752601_n.jpg
  341. [2015-03-06 19:03:51 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
  342. [2014-05-14 21:21:01 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
  343. [2014-05-07 17:54:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
  344. [2014-01-25 20:20:15 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
  345. [2013-11-10 18:42:10 | 000,057,344 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnp325.dll
  346. [2013-11-10 18:42:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\csnp325.dll
  347. [2013-10-28 15:25:26 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
  348. [2013-10-19 09:31:31 | 000,395,612 | ---- | C] () -- C:\Windows\SysWow64\sensmon.exe
  349. [2013-05-28 22:22:48 | 000,641,024 | ---- | C] () -- C:\Windows\SysWow64\ficvdec_x86.dll
  350. [2013-05-25 14:47:59 | 002,875,326 | ---- | C] () -- C:\Users\Zakon\S6303034.JPG
  351. [2013-05-25 14:47:59 | 002,869,454 | ---- | C] () -- C:\Users\Zakon\S6303035.JPG
  352. [2013-05-25 14:47:59 | 002,851,667 | ---- | C] () -- C:\Users\Zakon\S6303036.JPG
  353. [2013-04-04 21:12:29 | 000,007,619 | ---- | C] () -- C:\Users\Zakon\AppData\Local\Resmon.ResmonCfg
  354. [2013-03-20 20:25:37 | 000,000,600 | ---- | C] () -- C:\Users\Zakon\AppData\Roaming\winscp.rnd
  355. [2013-03-11 23:52:05 | 000,045,270 | ---- | C] () -- C:\Users\Zakon\AppData\Roaming\room_v3.dat
  356. [2013-02-24 13:40:52 | 000,000,093 | ---- | C] () -- C:\Users\Zakon\AppData\Local\fusioncache.dat
  357.  
  358. [color=#E56717]========== ZeroAccess Check ==========[/color]
  359.  
  360. [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
  361.  
  362. [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  363.  
  364. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  365.  
  366. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
  367.  
  368. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  369.  
  370. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
  371. "" = C:\Windows\SysNative\shell32.dll -- [2009-07-14 03:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
  372. "ThreadingModel" = Apartment
  373.  
  374. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  375. "" = %SystemRoot%\system32\shell32.dll -- [2009-07-14 03:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
  376. "ThreadingModel" = Apartment
  377.  
  378. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
  379. "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
  380. "ThreadingModel" = Free
  381.  
  382. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  383. "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-07-14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
  384. "ThreadingModel" = Free
  385.  
  386. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
  387. "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
  388. "ThreadingModel" = Both
  389.  
  390. [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  391.  
  392. [color=#E56717]========== LOP Check ==========[/color]
  393.  
  394. [2013-01-17 20:49:26 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\.minecraft
  395. [2015-03-01 18:50:40 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Anvsoft
  396. [2014-05-19 22:16:43 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\AVAST Software
  397. [2012-12-06 15:30:11 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Avnex
  398. [2015-04-20 13:20:36 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Battle.net
  399. [2013-06-02 17:43:59 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\BoL
  400. [2014-08-19 16:26:47 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\BumpkinBrothers
  401. [2013-04-11 21:58:29 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Canon
  402. [2012-11-04 21:23:51 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\DAEMON Tools
  403. [2014-11-15 16:58:02 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\DAEMON Tools Lite
  404. [2013-09-15 11:46:11 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Easy Macro Recorder
  405. [2014-08-22 12:40:43 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Firefly Studios
  406. [2013-03-11 23:27:03 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Garena
  407. [2013-08-23 22:40:39 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\GarenaPlus
  408. [2013-10-05 08:33:46 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\iFunbox_UserCache
  409. [2013-06-29 15:59:21 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Leadertech
  410. [2012-10-20 09:58:13 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\LolClient
  411. [2013-08-08 01:08:53 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\LoLPlus
  412. [2013-08-29 15:13:46 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\LRDon
  413. [2015-05-14 19:31:30 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\MAXON
  414. [2014-08-30 10:51:36 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Might & Magic Heroes VI
  415. [2015-02-28 17:56:52 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Mirillis
  416. [2014-12-21 22:13:11 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Mount&Blade Warband
  417. [2014-01-16 21:11:58 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\MP3 Cut
  418. [2013-10-20 09:20:18 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\MSDrvCfg
  419. [2014-11-18 15:34:19 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\OBS
  420. [2012-10-29 18:39:20 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\OpenOffice.org
  421. [2012-10-26 12:34:23 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\PunkBuster
  422. [2013-06-19 07:48:48 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Remere's Map Editor
  423. [2013-02-14 18:24:22 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\SmartDraw
  424. [2014-02-13 21:23:41 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\StunlockStudios
  425. [2014-01-26 14:53:19 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\TERA
  426. [2014-10-07 12:41:21 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\The Creative Assembly
  427. [2012-11-21 19:51:53 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Theta
  428. [2014-08-25 21:03:18 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Tibia
  429. [2013-03-24 15:36:36 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\TibiaAPI
  430. [2013-06-19 11:50:16 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Tibiacast
  431. [2015-05-09 09:52:00 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\TS3Client
  432. [2014-05-07 20:22:09 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Tunngle
  433. [2014-04-14 18:38:32 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Ubisoft
  434. [2015-05-14 19:57:22 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\uTorrent
  435. [2013-04-10 12:35:00 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\WinArchiver
  436. [2014-05-24 14:02:29 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\WizardWars
  437. [2015-03-01 16:00:47 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\Xilisoft
  438. [2013-03-13 20:20:44 | 000,000,000 | ---D | M] -- C:\Users\Zakon\AppData\Roaming\xim
  439.  
  440. [color=#E56717]========== Purity Check ==========[/color]
  441.  
  442.  
  443.  
  444. [color=#E56717]========== Alternate Data Streams ==========[/color]
  445.  
  446. @Alternate Data Stream - 269 bytes -> C:\ProgramData\TEMP:6BE50C2B
  447.  
  448. < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!