OTL logfile created on: 08/10/2012 16:54:07 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ryniu\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 0000083c | Country: Éire | Language: IRE | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.62% Memory free 8.00 Gb Paging File | 6.03 Gb Available in Paging File | 75.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 172.78 Gb Total Space | 102.74 Gb Free Space | 59.46% Space Free | Partition Type: NTFS Drive D: | 76.69 Gb Total Space | 35.64 Gb Free Space | 46.48% Space Free | Partition Type: NTFS Drive E: | 292.97 Gb Total Space | 168.11 Gb Free Space | 57.38% Space Free | Partition Type: NTFS Drive F: | 263.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: RYNIU-KOMPUTER | User Name: ryniu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = ga-IE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 AF 54 73 C6 5A CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{D112D17F-A0EE-4F65-A0FA-2AB4612BA190}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://search.gboxapp.com/ CHR - default_search_provider: google.pl (Enabled) CHR - default_search_provider: search_url = http://www.google.pl/search?hl=pl&site=&source=hp&q={searchTerms}&btnG=Szukaj&oq=otwacie+don+jon&gs_l=hp.3...2193.6649.0.7447.15.15.0.0.0.0.185.1742.4j11.15.0...0.0...1c.1.4Kfg6yTc8Zo CHR - default_search_provider: suggest_url = , CHR - homepage: http://search.gboxapp.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\ryniu\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ryniu\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ryniu\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\ryniu\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\ryniu\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Java(TM) Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Google Update (Enabled) = C:\Users\ryniu\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\ryniu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Szukaj w Google = C:\Users\ryniu\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Planetarium = C:\Users\ryniu\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0\ CHR - Extension: nkGestures = C:\Users\ryniu\AppData\Local\Google\Chrome\User Data\Default\Extensions\loohmcboablbgmofaccbahhoihofpich\1.2.8_0\ CHR - Extension: Opisz i wy\u015Blij screen = C:\Users\ryniu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdddabjhelpilpnpgondfmehhcplpiin\5.33_0\ CHR - Extension: Sprawdzanie poczty Google = C:\Users\ryniu\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\ CHR - Extension: ChromeReload = C:\Users\ryniu\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo\0.5_0\ CHR - Extension: Gmail = C:\Users\ryniu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.) O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit) O4 - HKCU..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software) O4 - HKCU..\Run: [EPSON SX218 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGDE.EXE /FU "C:\Windows\TEMP\E_S8268.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [HydraVisionMDEngine] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (AMD) O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO) O4 - HKCU..\Run: [Zoiper.exe] C:\Program Files (x86)\Attractel\Zoiper\Zoiper.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BAFCDC7B-EFF6-4C2C-BF6E-9AFC9B293D05}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD723AE0-16A8-4036-84B4-E942A0CCB20D}: DhcpNameServer = 192.168.15.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0C2ECA0-A7A2-43E4-BF24-739CF976E19A}: DhcpNameServer = 192.168.42.129 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007/04/18 18:37:34 | 000,000,029 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{2163d822-fe2d-11e1-b36c-4487fc556611}\Shell - "" = AutoRun O33 - MountPoints2\{2163d822-fe2d-11e1-b36c-4487fc556611}\Shell\AutoRun\command - "" = I:\Startme.exe O33 - MountPoints2\{2163d84f-fe2d-11e1-b36c-4487fc556611}\Shell - "" = AutoRun O33 - MountPoints2\{2163d84f-fe2d-11e1-b36c-4487fc556611}\Shell\AutoRun\command - "" = I:\Startme.exe O33 - MountPoints2\{3b89b0f0-fd6c-11e1-878f-4487fc556611}\Shell - "" = AutoRun O33 - MountPoints2\{3b89b0f0-fd6c-11e1-878f-4487fc556611}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3d30946b-fdbf-11e1-bfe4-ad30c7eb21ef}\Shell - "" = AutoRun O33 - MountPoints2\{3d30946b-fdbf-11e1-bfe4-ad30c7eb21ef}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4523f36c-fc5c-11e1-bbd4-4487fc556611}\Shell - "" = AutoRun O33 - MountPoints2\{4523f36c-fc5c-11e1-bbd4-4487fc556611}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{4523f373-fc5c-11e1-bbd4-4487fc556611}\Shell - "" = AutoRun O33 - MountPoints2\{4523f373-fc5c-11e1-bbd4-4487fc556611}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{6a316851-fd27-11e1-a8f6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6a316851-fd27-11e1-a8f6-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{6a31687b-fd27-11e1-a8f6-b4bb895f18d8}\Shell - "" = AutoRun O33 - MountPoints2\{6a31687b-fd27-11e1-a8f6-b4bb895f18d8}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\{cd76578a-baec-11e0-8b65-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{cd76578a-baec-11e0-8b65-806e6f6e6963}\Shell\AutoRun\command - "" = F:\EPSetup.exe -- [2009/12/11 06:02:00 | 000,129,000 | R--- | M] (Seiko Epson Corporation) O33 - MountPoints2\{d151b37b-30ed-11e1-bb29-4487fc556611}\Shell - "" = AutoRun O33 - MountPoints2\{d151b37b-30ed-11e1-bb29-4487fc556611}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) < End of report >