Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01 Ran by HYPER (administrator) on HYPER-KOMPUTER on 01-07-2015 02:22:17 Running from C:\Users\HYPER\Desktop Loaded Profiles: HYPER & (Available Profiles: HYPER & UpdatusUser & sunset & Administrator & Gość) Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Polski (Polska) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe () C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe () C:\Windows\System32\PnkBstrA.exe (StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (DT Soft Ltd) C:\Programy\DAEMON Tools Lite\DTLite.exe (GG Network S.A.) C:\Users\HYPER\AppData\Local\GG\Application\gghub.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (GG Network S.A.) C:\Users\HYPER\AppData\Local\GG\Application\ggapp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (GG Network S.A.) C:\Users\HYPER\AppData\Local\GG\Application\ggdrive\ggdrive.exe (GG Network S.A.) C:\Users\HYPER\AppData\Local\GG\Application\xulrunner\gghub.exe (Valve Corporation) C:\Steam\Steam.exe (Valve Corporation) C:\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Steam\bin\steamwebhelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [274608 2011-01-03] (RealNetworks, Inc.) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [vProt] => "C:\Program Files\AVG SafeGuard toolbar\vprot.exe" HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor) HKLM\...\Run: [Ocs_SM] => C:\Users\HYPER\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2015-05-21] (OCS) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2015-01-28] (ESET) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-3231952852-421943317-2037577364-1000\...\Run: [RGSC] => D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-1000\...\Run: [Google Update] => C:\Users\HYPER\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-1000\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-3231952852-421943317-2037577364-1000\...\Run: [cbadedaacecdebfagfdgfdgdfg] => C:\ProgramData\cbadedaacecdebfagfdgfdgdfg.exe [50365 2013-06-27] () HKU\S-1-5-21-3231952852-421943317-2037577364-1000\...\Run: [DAEMON Tools Lite] => C:\Programy\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd) HKU\S-1-5-21-3231952852-421943317-2037577364-1000\...\Run: [GG] => C:\Users\HYPER\AppData\Local\GG\Application\gghub.exe [4078144 2015-04-21] (GG Network S.A.) HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RGSC] => D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\HYPER\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [cbadedaacecdebfagfdgfdgdfg] => C:\ProgramData\cbadedaacecdebfagfdgfdgdfg.exe [50365 2013-06-27] () HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Programy\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd) HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GG] => C:\Users\HYPER\AppData\Local\GG\Application\gghub.exe [4078144 2015-04-21] (GG Network S.A.) HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RGSC] => D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\HYPER\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [cbadedaacecdebfagfdgfdgdfg] => C:\ProgramData\cbadedaacecdebfagfdgfdgdfg.exe [50365 2013-06-27] () HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GG] => C:\Users\HYPER\AppData\Local\GG\Application\gghub.exe [4078144 2015-04-21] (GG Network S.A.) HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\UpdatusUser\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=22fe57513d654551af4a297c33122e76-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=0214c HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_206_Plugin.exe -update plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RGSC] => D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\HYPER\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [cbadedaacecdebfagfdgfdgdfg] => C:\ProgramData\cbadedaacecdebfagfdgfdgdfg.exe [50365 2013-06-27] () HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GG] => C:\Users\HYPER\AppData\Local\GG\Application\gghub.exe [4078144 2015-04-21] (GG Network S.A.) HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\UpdatusUser\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=22fe57513d654551af4a297c33122e76-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=0214c HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_206_Plugin.exe -update plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RGSC] => D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\HYPER\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [cbadedaacecdebfagfdgfdgdfg] => C:\ProgramData\cbadedaacecdebfagfdgfdgdfg.exe [50365 2013-06-27] () HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GG] => C:\Users\HYPER\AppData\Local\GG\Application\gghub.exe [4078144 2015-04-21] (GG Network S.A.) HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\sunset\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=22fe57513d654551af4a297c33122e76-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=0214c HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Programy\DAEMON Tools Lite\DTLite.exe [3671904 2012-08-28] (DT Soft Ltd) HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [PC Suite Tray] => "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\HYPER\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [IPLA!] => C:\Program Files\ipla\ipla.exe [20857328 2012-11-23] (Redefine Sp z o.o.) HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Octoshape Streaming Services] => "C:\Users\HYPER\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EADM] => C:\Program Files\Origin\Origin.exe [3632472 2015-06-19] (Electronic Arts) HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [y6bqzvrlas] => C:\Users\Administrator\y6bqzvrlas.exe HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RGSC] => D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [cbadedaacecdebfagfdgfdgdfg] => C:\ProgramData\cbadedaacecdebfagfdgfdgdfg.exe [50365 2013-06-27] () HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GG] => C:\Users\HYPER\AppData\Local\GG\Application\gghub.exe [4078144 2015-04-21] (GG Network S.A.) HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Administrator\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=22fe57513d654551af4a297c33122e76-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=0214c HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_206_Plugin.exe -update plugin HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {af489814-db6c-11df-9037-00012900a3de} - H:\OriginInstaller.exe HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {af489815-db6c-11df-9037-00012900a3de} - I:\Autorun.exe HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RGSC] => D:\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [305064 2008-11-14] (Take-Two Interactive Software, Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\HYPER\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-30] (Google Inc.) HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [cbadedaacecdebfagfdgfdgdfg] => C:\ProgramData\cbadedaacecdebfagfdgfdgdfg.exe [50365 2013-06-27] () HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GG] => C:\Users\HYPER\AppData\Local\GG\Application\gghub.exe [4078144 2015-04-21] (GG Network S.A.) HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Gość\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=22fe57513d654551af4a297c33122e76-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=0214c HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_206_Plugin.exe -update plugin Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-02-15] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\HYPER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2014-04-15] ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll [2013-01-17] (GG Network S.A.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3231952852-421943317-2037577364-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyEnable: [S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled ProxyEnable: [S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled ProxyEnable: [S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled ProxyEnable: [S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled ProxyEnable: [S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => Internet Explorer proxy is enabled HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wyborcza.pl/0,0.html?p=139 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3231952852-421943317-2037577364-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.firetab.org/?type=ds3hp HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.firetab.org/?type=ds3hp HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.gazeta.pl/msn/0,0.html?pc=UP21&ocid=UP21DHP&dt=050313 HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.gazeta.pl/msn/0,0.html?pc=UP21&ocid=UP21DHP&dt=050313 HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{CEF91EB1-F5A1-4C26-AB47-13F7E3A8E0F5} URLSearchHook: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File URLSearchHook: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File URLSearchHook: HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File URLSearchHook: HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File URLSearchHook: HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File URLSearchHook: HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File URLSearchHook: HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File SearchScopes: HKLM -> DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://www.firetab.org/?type=ds3se&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=668a7211-cdb8-11e0-bd9d-f951dcc67a94&q={searchTerms} SearchScopes: HKLM -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://www.firetab.org/?type=ds3se&p={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://www.firetab.org.anonymize-me.de/?anonymto=687474703A2F2F7777772E666972657461622E6F72672F3F747970653D647333736526703D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D5550323144462650433D555032312664743D30353033313326713D7B7365617263685465726D737D267372633D49452D536561726368426F78&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {245CA9BB-823C-485C-925A-3B7C473E29E5} URL = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E76392E636F6D2F7765622F3F713D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://www.firetab.org.anonymize-me.de/?anonymto=687474703A2F2F7777772E666972657461622E6F72672F3F747970653D647333736526703D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {85F6098C-7D55-458F-A69D-DBF5B3484918} URL = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {94090A54-8EB7-4E27-AA63-C6E25A1F364E} URL = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com.anonymize-me.de/?anonymto=687474703A2F2F6D797365617263682E6176672E636F6D2F7365617263683F6369643D7B37433932314443352D343743432D344534372D394444342D3039374135454333383534457D266D69643D32326665353735313364363534353531616634613239376333333132326537362D61643134393162653263653663313232663662363666616139306537306332646563663764333463266C616E673D706C2664733D41564726636F69643D617667746261766726636D7069643D2670723D667226643D323031342D30332D31352031363A34313A303926763D31372E332E312E3931267069643D7361666567756172642673673D267361703D64737026713D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6269677365656B70726F2E636F6D2F7365617263682F62726F777365722F687970657263616D2F7B32343143334146382D373230362D343334422D423430452D3646344534374541413841437D3F713D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {9951086D-C335-4B6E-AC76-F4047B2E77AA} URL = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {C816C84D-7D04-4813-A886-C2251653F1EF} URL = http://search.v9.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E76392E636F6D2F7765622F3F713D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com.anonymize-me.de/?anonymto=687474703A2F2F6D7973746172742E696E63726564696261722E636F6D2F6D623133392F3F7365617263683D7B7365617263685465726D737D266C6F633D49425F445326613D36505143577075706F6F26693D3236&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {D9CAB505-6FD4-4E49-8D28-A3DB95B12171} URL = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {DBC16986-0808-4A9F-9FC0-728A735A94F9} URL = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {ECBA0070-A9C2-4785-A9B3-AB79FA2F4BCD} URL = SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000 -> {FEC7B355-62EF-4557-841E-5D6DDF9F7F95} URL = http://startsear.ch.anonymize-me.de/?anonymto=687474703A2F2F7374617274736561722E63682F3F6166663D3126713D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://www.firetab.org.anonymize-me.de/?anonymto=687474703A2F2F7777772E666972657461622E6F72672F3F747970653D647333736526703D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D5550323144462650433D555032312664743D30353033313326713D7B7365617263685465726D737D267372633D49452D536561726368426F78&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {245CA9BB-823C-485C-925A-3B7C473E29E5} URL = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E76392E636F6D2F7765622F3F713D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = http://www.firetab.org.anonymize-me.de/?anonymto=687474703A2F2F7777772E666972657461622E6F72672F3F747970653D647333736526703D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {85F6098C-7D55-458F-A69D-DBF5B3484918} URL = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {94090A54-8EB7-4E27-AA63-C6E25A1F364E} URL = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com.anonymize-me.de/?anonymto=687474703A2F2F6D797365617263682E6176672E636F6D2F7365617263683F6369643D7B37433932314443352D343743432D344534372D394444342D3039374135454333383534457D266D69643D32326665353735313364363534353531616634613239376333333132326537362D61643134393162653263653663313232663662363666616139306537306332646563663764333463266C616E673D706C2664733D41564726636F69643D617667746261766726636D7069643D2670723D667226643D323031342D30332D31352031363A34313A303926763D31372E332E312E3931267069643D7361666567756172642673673D267361703D64737026713D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E6269677365656B70726F2E636F6D2F7365617263682F62726F777365722F687970657263616D2F7B32343143334146382D373230362D343334422D423430452D3646344534374541413841437D3F713D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9951086D-C335-4B6E-AC76-F4047B2E77AA} URL = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C816C84D-7D04-4813-A886-C2251653F1EF} URL = http://search.v9.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E76392E636F6D2F7765622F3F713D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com.anonymize-me.de/?anonymto=687474703A2F2F6D7973746172742E696E63726564696261722E636F6D2F6D623133392F3F7365617263683D7B7365617263685465726D737D266C6F633D49425F445326613D36505143577075706F6F26693D3236&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {D9CAB505-6FD4-4E49-8D28-A3DB95B12171} URL = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DBC16986-0808-4A9F-9FC0-728A735A94F9} URL = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&mode=bounce&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ECBA0070-A9C2-4785-A9B3-AB79FA2F4BCD} URL = SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {FEC7B355-62EF-4557-841E-5D6DDF9F7F95} URL = http://startsear.ch.anonymize-me.de/?anonymto=687474703A2F2F7374617274736561722E63682F3F6166663D3126713D7B7365617263685465726D737D&st={searchTerms}&clid=efdb8190-e1f5-4b8f-a4b8-a3931b8f964e&pid=dcu&k=0 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=050313&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=050313&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={7C921DC5-47CC-4E47-9DD4-097A5EC3854E}&mid=22fe57513d654551af4a297c33122e76-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-15 16:41:09&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browser/hypercam/{241C3AF8-7206-434B-B40E-6F4E47EAA8AC}?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C816C84D-7D04-4813-A886-C2251653F1EF} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQCWpupoo&i=26 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ECBA0070-A9C2-4785-A9B3-AB79FA2F4BCD} URL = SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {FEC7B355-62EF-4557-841E-5D6DDF9F7F95} URL = http://startsear.ch/?aff=1&q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=050313&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=050313&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={7C921DC5-47CC-4E47-9DD4-097A5EC3854E}&mid=22fe57513d654551af4a297c33122e76-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-15 16:41:09&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browser/hypercam/{241C3AF8-7206-434B-B40E-6F4E47EAA8AC}?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C816C84D-7D04-4813-A886-C2251653F1EF} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQCWpupoo&i=26 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ECBA0070-A9C2-4785-A9B3-AB79FA2F4BCD} URL = SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1008-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {FEC7B355-62EF-4557-841E-5D6DDF9F7F95} URL = http://startsear.ch/?aff=1&q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=050313&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=050313&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={7C921DC5-47CC-4E47-9DD4-097A5EC3854E}&mid=22fe57513d654551af4a297c33122e76-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-15 16:41:09&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browser/hypercam/{241C3AF8-7206-434B-B40E-6F4E47EAA8AC}?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browser/hypercam/{CEF91EB1-F5A1-4C26-AB47-13F7E3A8E0F5}?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={7C921DC5-47CC-4E47-9DD4-097A5EC3854E}&mid=22fe57513d654551af4a297c33122e76-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-15 16:41:09&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browser/hypercam/{CEF91EB1-F5A1-4C26-AB47-13F7E3A8E0F5}?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C816C84D-7D04-4813-A886-C2251653F1EF} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQCWpupoo&i=26 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {FEC7B355-62EF-4557-841E-5D6DDF9F7F95} URL = http://startsear.ch/?aff=1&q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=050313&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=050313&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={7C921DC5-47CC-4E47-9DD4-097A5EC3854E}&mid=22fe57513d654551af4a297c33122e76-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-03-15 16:41:09&v=17.3.1.91&pid=safeguard&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = http://www.bigseekpro.com/search/browser/hypercam/{241C3AF8-7206-434B-B40E-6F4E47EAA8AC}?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {C816C84D-7D04-4813-A886-C2251653F1EF} URL = http://search.v9.com/web/?q={searchTerms} SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQCWpupoo&i=26 SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {ECBA0070-A9C2-4785-A9B3-AB79FA2F4BCD} URL = SearchScopes: HKU\S-1-5-21-3231952852-421943317-2037577364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {FEC7B355-62EF-4557-841E-5D6DDF9F7F95} URL = http://startsear.ch/?aff=1&q={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.) BHO: PriceSparrow -> {3F2DC1E7-A56F-49D8-B0CF-DB2300594497} -> C:\Program Files\PriceSparrow\Internet Explorer\pricesparrow.dll No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-02-21] (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation) BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG SafeGuard toolbar\18.5.0.909\AVG SafeGuard toolbar_toolbar.dll No File BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-02-21] (Oracle Corporation) BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-03-27] (DVDVideoSoft Ltd.) Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.5.0.909\AVG SafeGuard toolbar_toolbar.dll No File Toolbar: HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File Toolbar: HKU\S-1-5-21-3231952852-421943317-2037577364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.) Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll No File Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - No File Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [232448 2009-07-14] (Microsoft Corporation) ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{269D4EBB-3481-46C5-A504-9E0ECAA6E248}: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\wdw9r6i3.default-1394971919367 FF SelectedSearchEngine: Search FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-28] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1206147.dll [2013-11-25] (Adobe Systems, Inc.) FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll No File FF Plugin: @esn/npbattlelog,version=2.3.1 -> C:\Program Files\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File FF Plugin: @esn/npbattlelog,version=2.4.0 -> C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-02-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-02-21] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation) FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-12-01] (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-12-01] (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-01-10] (Pando Networks) FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.609 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-01-03] (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files\OnLive\Plugin\npolgdet.dll No File FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000: @tools.google.com/Google Update;version=3 -> C:\Users\HYPER\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000: @tools.google.com/Google Update;version=9 -> C:\Users\HYPER\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HYPER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-30] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000: electronicarts.com/GameFacePlugin -> C:\Users\HYPER\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-01-10] (Pando Networks) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000: pokki.com/PokkiDownloadHelper -> C:\Users\HYPER\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [2013-07-12] (Pokki) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000: ubisoft.com/uplaypc -> D:\231312\datapack\orbit\npuplaypc.dll [2013-03-18] (Ubisoft) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @onlive.com/OnLiveGameClientDetector,version=1.0.0 -> C:\Program Files\OnLive\Plugin\npolgdet.dll No File FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\HYPER\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\HYPER\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HYPER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-30] (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: electronicarts.com/GameFacePlugin -> C:\Users\HYPER\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-01-10] (Pando Networks) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: pokki.com/PokkiDownloadHelper -> C:\Users\HYPER\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.2.0.78.dll [2013-07-12] (Pokki) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> D:\231312\datapack\orbit\npuplaypc.dll [2013-03-18] (Ubisoft) FF Plugin HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: pandonetworks.com/PandoWebPlugin -> C:\Users\sunset\AppData\Roaming\Riot Games\League of Legends\prerequisites\null\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-12-06] (Pando Networks) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2011-01-03] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-01-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-01-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-01-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-01-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-01-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-01-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-01-03] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2011-01-03] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll [2011-01-03] (RealNetworks, Inc.) FF SearchPlugin: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\c579hl8n.default-1373223264373\searchplugins\{0EEA1052-753F-46BC-8F75-1DFE0A6FAC2B}.xml [2015-05-21] FF SearchPlugin: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\c579hl8n.default-1373223264373\searchplugins\{22806E58-E40C-43AD-9520-68BDA23C56E6}.xml [2015-05-21] FF SearchPlugin: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\c579hl8n.default-1373223264373\searchplugins\{4021F13F-2C44-45D5-AD06-9A6985FB9025}.xml [2015-05-21] FF SearchPlugin: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\c579hl8n.default-1373223264373\searchplugins\{9E88E881-332B-416B-A30E-3F7E78F5F659}.xml [2015-05-21] FF SearchPlugin: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\c579hl8n.default-1373223264373\searchplugins\{E2156F43-90A7-4145-A799-3C4A03833657}.xml [2015-05-21] FF SearchPlugin: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\c579hl8n.default-1373223264373\searchplugins\{E93B834A-DC67-4ED4-B759-0B69F3725526}.xml [2015-05-21] FF SearchPlugin: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\wdw9r6i3.default-1394971919367\searchplugins\db1839da-d2e5-4470-96e1-7e3c1c774e5c.xml [2015-05-21] FF SearchPlugin: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\wdw9r6i3.default-1394971919367\searchplugins\{0B6D56FC-536C-48F8-A1B0-FBA21D7E7B43}.xml [2015-05-21] FF SearchPlugin: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\wdw9r6i3.default-1394971919367\searchplugins\{0BC8D7F5-F237-479F-9747-6165F29FD07B}.xml [2015-05-21] FF SearchPlugin: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\wdw9r6i3.default-1394971919367\searchplugins\{29ABD131-5155-491B-9FB7-DB82D1CE9BE7}.xml [2015-05-21] FF SearchPlugin: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\wdw9r6i3.default-1394971919367\searchplugins\{63473B51-4250-4E30-8F56-53207C3A5369}.xml [2015-05-21] FF SearchPlugin: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\wdw9r6i3.default-1394971919367\searchplugins\{85D6C071-53CF-4B58-9F9F-147A50FA86B3}.xml [2015-05-21] FF SearchPlugin: C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\wdw9r6i3.default-1394971919367\searchplugins\{F2DA026B-1011-4254-BB48-CE430AB1D189}.xml [2015-05-21] FF Extension: PriceSparrow - C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\c579hl8n.default-1373223264373\Extensions\extension@pricesparrow.com [2015-05-21] FF Extension: PriceSparrow - C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\wdw9r6i3.default-1394971919367\Extensions\extension@pricesparrow.com.xpi [2015-05-21] FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-05-23] FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2013-05-11] FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.5.0.909 FF HKLM\...\Firefox\Extensions: [dnshelp@dnshelp.com] - C:\Users\HYPER\AppData\Roaming\Helper FF Extension: Helper - C:\Users\HYPER\AppData\Roaming\Helper [2015-05-21] FF HKU\S-1-5-21-3231952852-421943317-2037577364-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF HKU\S-1-5-21-3231952852-421943317-2037577364-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] FF HKU\S-1-5-21-3231952852-421943317-2037577364-1000\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\wdw9r6i3.default-1394971919367\extensions\firejump@firejump.net FF HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff FF HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF HKU\S-1-5-21-3231952852-421943317-2037577364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\HYPER\AppData\Roaming\Mozilla\Firefox\Profiles\wdw9r6i3.default-1394971919367\extensions\firejump@firejump.net FF HKU\S-1-5-21-3231952852-421943317-2037577364-1010-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi Chrome: ======= CHR Profile: C:\Users\HYPER\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (YouTube) - C:\Users\HYPER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-18] CHR Extension: (Google Search) - C:\Users\HYPER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-18] CHR Extension: (DNSHelper) - C:\Users\HYPER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaffpnfojcdkcdimoobneboagdnnenbo [2015-05-21] CHR Extension: (Skype Click to Call) - C:\Users\HYPER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-08-17] CHR Extension: (Tiësto) - C:\Users\HYPER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnmeobddjkkgkglnogihcaejaleikhdh [2013-01-28] CHR Extension: (Minibar) - C:\Users\HYPER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo [2011-08-07] CHR Extension: (Google Wallet) - C:\Users\HYPER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\HYPER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-18] CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gaffpnfojcdkcdimoobneboagdnnenbo] - C:\Users\HYPER\AppData\Roaming\DNSHelper Chrome\DNSHelper.crx [2015-05-21] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value CHR HKLM\...\Chrome\Extension: [kljkanaekoongefljnjbghkgjjocmikm] - C:\Program Files\PriceSparrow\Chrome\pricesparrow-1.4.9.crx [Not Found] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10] StartMenuInternet: Google Chrome - C:\Users\HYPER\AppData\Local\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2015-01-28] (ESET) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MSR Service; C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe [114688 2010-03-13] () [File not signed] S3 npggsvc; C:\Windows\system32\GameMon.des [4135800 2011-05-15] (INCA Internet Co., Ltd.) [File not signed] S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1997168 2015-06-19] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-11-17] () R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [326488 2010-07-14] (Enigma Software Group USA, LLC.) R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed] S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1523712 2009-08-18] (Microsoft Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2008-12-15] (Avanquest Software) [File not signed] S3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [22656 2012-01-28] (Dev47Apps) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-11-29] (DT Soft Ltd) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-02-23] (ESET) S0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [190880 2015-02-23] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-02-23] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2015-02-23] (ESET) S3 EverestDriver; C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [7168 2005-08-18] () [File not signed] R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed] S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) S3 Loader; C:\Windows\system32\Loader.sys [8704 2011-08-12] () [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-01] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) R1 mdf15; C:\Program Files\Clarus\Samsung SecretZone\mdf15.sys [12800 2009-04-21] () [File not signed] S3 MSI_MSIBIOS_010507; C:\Program Files\MSI\Live Update 5\msibios32_100507.sys [25912 2010-05-10] (Your Corporation) R1 mvd20; C:\Program Files\Clarus\Samsung SecretZone\mvd20.sys [64000 2009-10-30] () [File not signed] S3 NTIOLib_1_0_4; C:\Program Files\MSI\Live Update 5\NTIOLib.sys [7680 2010-10-20] (MSI) [File not signed] R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2009-07-14] () [File not signed] R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-02-24] (Duplex Secure Ltd.) S3 ST330; C:\Windows\System32\drivers\st330.sys [30464 2010-10-22] (THOMSON Telecom Belgium) S3 STBUS; C:\Windows\System32\drivers\stbus.sys [12672 2010-10-22] (THOMSON Telecom Belgium) S3 stppp; C:\Windows\System32\DRIVERS\stppp.sys [32000 2010-10-22] (THOMSON Telecom Belgium) S3 V0260VID; C:\Windows\System32\DRIVERS\V0260Vid.sys [154784 2007-07-18] (Creative Technology Ltd.) U3 aorhjuqw; C:\Windows\system32\Drivers\aorhjuqw.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) U3 au3pm7pv; C:\Windows\system32\Drivers\au3pm7pv.sys [0 ] (Advanced Micro Devices) <==== ATTENTION (zero byte File/Folder) R4 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X] R4 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X] R4 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X] R4 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X] R4 Avgtdix; system32\DRIVERS\avgtdix.sys [X] S3 catchme; \??\C:\Users\HYPER\AppData\Local\Temp\catchme.sys [X] S3 FLASHSYS; \??\C:\Program Files\MSI\Live Update 4\LU4\FLASHSYS.sys [X] S3 GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS [X] U3 awddikog; \??\C:\Users\HYPER\AppData\Local\Temp\awddikog.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: {F1E897F5-AEE2-43EB-8127A6926AE02A5D} -> No Registry Path. NETSVC: {1E9BEE46-4790-42FB-818AB7FE3A7EE9DD} -> No Registry Path. ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-01 02:18 - 2015-07-01 02:22 - 00122911 _____ C:\Users\HYPER\Desktop\Shortcut.txt 2015-07-01 02:10 - 2015-07-01 02:22 - 00126714 _____ C:\Users\HYPER\Desktop\Addition.txt 2015-07-01 02:07 - 2015-07-01 02:22 - 00068778 _____ C:\Users\HYPER\Desktop\FRST.txt 2015-07-01 02:05 - 2015-07-01 02:22 - 00000000 ____D C:\FRST 2015-07-01 01:58 - 2015-07-01 01:58 - 00380416 _____ C:\Users\HYPER\Desktop\rwqgrp95.exe 2015-07-01 01:57 - 2015-07-01 01:58 - 01636352 _____ (Farbar) C:\Users\HYPER\Desktop\FRST.exe 2015-07-01 01:42 - 2015-07-01 01:42 - 00005410 _____ C:\Users\HYPER\Desktop\ESETSirefefCleaner.exe_20150701.014243.5144.log 2015-07-01 01:21 - 2015-07-01 01:21 - 00002242 _____ C:\Users\HYPER\Desktop\SpyHunter.lnk 2015-07-01 01:21 - 2015-07-01 01:21 - 00000000 ____D C:\Users\HYPER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter 2015-07-01 01:21 - 2015-07-01 01:21 - 00000000 ____D C:\sh4ldr 2015-07-01 01:21 - 2015-07-01 01:21 - 00000000 ____D C:\Program Files\Enigma Software Group 2015-07-01 01:19 - 2015-07-01 01:21 - 00000000 ____D C:\Windows\95431C66CF9A4913BFFF6050785AFB65.TMP 2015-07-01 01:18 - 2015-07-01 01:18 - 18026328 _____ C:\Users\HYPER\Downloads\spyhunters.exe 2015-06-30 23:49 - 2015-06-30 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2015-06-30 23:49 - 2015-06-30 23:49 - 00000000 ____D C:\ProgramData\ESET 2015-06-30 23:49 - 2015-06-30 23:49 - 00000000 ____D C:\Program Files\ESET 2015-06-30 23:43 - 2015-06-30 23:43 - 01761992 _____ (ESET) C:\Users\HYPER\Downloads\eset_nod32_antivirus_live_installer_.exe 2015-06-29 14:52 - 2015-06-29 14:52 - 00000000 ____D C:\Users\sunset\AppData\Roaming\vlc 2015-06-29 10:50 - 2015-06-29 10:50 - 00000000 ____D C:\ProgramData\AVAST Software 2015-06-29 10:49 - 2015-06-29 10:50 - 05481344 _____ (Avast Software s.r.o.) C:\Users\sunset\Downloads\avast_free_antivirus_setup_online_dobreprogramy.exe 2015-06-28 21:45 - 2015-06-28 21:45 - 00931408 _____ (Google Inc.) C:\Users\HYPER\Downloads\GoogleEarthPluginSetup (4).exe 2015-06-28 19:13 - 2015-06-28 19:13 - 00931408 _____ (Google Inc.) C:\Users\HYPER\Downloads\GoogleEarthPluginSetup (3).exe 2015-06-28 19:12 - 2015-06-28 19:12 - 00931408 _____ (Google Inc.) C:\Users\HYPER\Downloads\GoogleEarthPluginSetup (2).exe 2015-06-28 18:59 - 2015-06-28 18:59 - 00931408 _____ (Google Inc.) C:\Users\HYPER\Downloads\GoogleEarthPluginSetup (1).exe 2015-06-28 18:57 - 2015-06-28 18:57 - 00931408 _____ (Google Inc.) C:\Users\HYPER\Downloads\GoogleEarthPluginSetup.exe 2015-06-28 17:01 - 2011-04-23 14:04 - 01627401 _____ C:\Users\HYPER\Desktop\20110423.mp4 2015-06-19 21:21 - 2015-06-19 21:21 - 09525289 _____ C:\Users\HYPER\Desktop\cstrike.rar 2015-06-18 10:51 - 2015-06-18 10:51 - 00000000 ____D C:\Users\sunset\AppData\Local\Mozilla Firefox 2015-06-12 11:23 - 2015-06-30 23:47 - 00000000 ____D C:\Program Files\Common Files\AV 2015-06-12 11:21 - 2015-06-12 11:21 - 00000000 ____D C:\Users\sunset\AppData\Local\Avg 2015-06-12 11:21 - 2015-06-12 11:21 - 00000000 ____D C:\Users\HYPER\AppData\Local\Avg 2015-06-10 16:04 - 2015-04-20 00:09 - 27880333 ____N C:\Users\HYPER\Desktop\klasowe.rar 2015-06-08 16:08 - 2015-06-08 16:08 - 10750103 _____ C:\Users\HYPER\Desktop\ss.rar 2015-06-06 15:35 - 2015-06-06 15:52 - 608005740 _____ C:\Users\HYPER\Downloads\Photos.zip 2015-06-05 13:34 - 2015-06-05 17:11 - 00000000 ____D C:\Program Files\Mozilla Firefox 4.0 Beta 10 2015-06-01 15:46 - 2015-06-05 17:10 - 00000000 ____D C:\Users\HYPER\Desktop\ss ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-01 02:21 - 2012-11-02 13:15 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-01 02:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing 2015-07-01 01:28 - 2011-02-09 21:05 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3231952852-421943317-2037577364-1000UA.job 2015-07-01 01:27 - 2011-09-02 17:38 - 00001036 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-01 01:18 - 2010-10-23 23:41 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2015-07-01 00:44 - 2010-10-12 18:18 - 00000000 ____D C:\Steam 2015-07-01 00:08 - 2015-05-23 00:49 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-30 23:52 - 2014-09-25 20:13 - 00008756 _____ C:\Windows\WindowsUpdate.log 2015-06-30 23:47 - 2013-11-13 00:30 - 00000000 ____D C:\ProgramData\MFAData 2015-06-30 23:46 - 2015-05-22 20:42 - 00000000 ____D C:\ProgramData\AVG2015 2015-06-30 23:36 - 2014-06-30 17:31 - 00000224 _____ C:\Users\HYPER\BullseyeCoverageError.txt 2015-06-30 23:21 - 2009-07-14 06:34 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-30 23:21 - 2009-07-14 06:34 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-30 23:14 - 2014-09-18 12:05 - 00019446 _____ C:\Windows\setupact.log 2015-06-30 23:14 - 2014-04-21 12:05 - 00000362 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job 2015-06-30 23:14 - 2014-04-21 12:05 - 00000362 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job 2015-06-30 23:14 - 2014-02-05 19:53 - 00000000 ____D C:\Users\HYPER\AppData\Roaming\GG 2015-06-30 23:14 - 2011-09-02 17:38 - 00001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-30 23:14 - 2010-10-22 15:00 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2015-06-30 23:14 - 2010-10-12 15:40 - 00000000 ____D C:\ProgramData\NVIDIA 2015-06-30 23:14 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-30 20:16 - 2015-05-23 00:43 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-30 20:16 - 2015-05-23 00:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-30 20:16 - 2015-05-23 00:43 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-30 16:31 - 2015-05-21 14:24 - 00000000 ____D C:\Program Files\SpeedFan 2015-06-28 19:35 - 2010-11-01 22:08 - 00000000 ____D C:\Program Files\JDownloader 2015-06-28 19:02 - 2010-11-26 10:17 - 00000000 ____D C:\Users\HYPER\AppData\Local\Adobe 2015-06-28 19:01 - 2012-11-02 13:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-06-28 19:01 - 2011-07-23 02:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-06-28 18:58 - 2011-09-02 17:38 - 00000000 ____D C:\Program Files\Google 2015-06-27 14:27 - 2011-02-09 21:05 - 00001006 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3231952852-421943317-2037577364-1000Core.job 2015-06-24 15:44 - 2014-11-05 21:14 - 00000000 ____D C:\Users\HYPER\Desktop\121 2015-06-22 23:05 - 2011-02-09 21:08 - 00002378 _____ C:\Users\HYPER\Desktop\Google Chrome.lnk 2015-06-22 19:54 - 2013-10-08 15:34 - 00000000 ____D C:\Users\sunset\Documents\Euro Truck Simulator 2 2015-06-19 18:45 - 2012-09-28 19:24 - 00000000 ____D C:\Users\HYPER\AppData\Roaming\Origin 2015-06-19 18:45 - 2012-09-28 19:23 - 00000000 ____D C:\ProgramData\Origin 2015-06-19 18:44 - 2012-10-02 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2015-06-19 18:44 - 2012-10-02 17:38 - 00000000 ____D C:\Program Files\Origin 2015-06-19 14:18 - 2009-07-14 06:53 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-06-18 08:41 - 2015-05-23 00:43 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-06-18 08:41 - 2015-05-23 00:43 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-06-18 08:41 - 2015-05-23 00:43 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-06-12 11:24 - 2013-11-13 00:34 - 00000000 ___HD C:\$AVG 2015-06-08 16:13 - 2010-10-12 18:18 - 00000000 ____D C:\Program Files\Common Files\Steam 2015-06-06 14:39 - 2014-09-18 12:05 - 00183646 _____ C:\Windows\PFRO.log 2015-06-06 14:39 - 2012-05-31 17:25 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-06-01 13:37 - 2010-10-12 14:38 - 00006276 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-01 13:37 - 2009-07-14 10:07 - 13047490 _____ C:\Windows\system32\perfh015.dat 2015-06-01 13:37 - 2009-07-14 10:07 - 04373570 _____ C:\Windows\system32\perfc015.dat ==================== Files in the root of some directories ======= 2014-03-15 17:40 - 2014-06-13 18:00 - 0003743 _____ () C:\Program Files\Mozilla Firefox 4.0 Beta 10safeguard-secure-search.xml 2010-10-12 19:37 - 2013-11-16 19:26 - 0138056 _____ () C:\Users\HYPER\AppData\Roaming\PnkBstrK.sys 2011-10-24 15:39 - 2012-08-20 00:24 - 0000132 _____ () C:\Users\HYPER\AppData\Roaming\Preferencje Adobe CS5 dla formatu GIF 2010-11-28 11:35 - 2013-12-05 20:43 - 0000132 _____ () C:\Users\HYPER\AppData\Roaming\Preferencje Adobe CS5 dla formatu PNG 2013-01-22 02:40 - 2013-01-22 15:05 - 0000004 _____ () C:\Users\HYPER\AppData\Roaming\skype.ini 2011-06-08 23:34 - 2014-04-21 13:45 - 0005120 _____ () C:\Users\HYPER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-07-18 23:24 - 2011-07-18 23:24 - 0000600 _____ () C:\Users\HYPER\AppData\Local\PUTTY.RND 2012-12-15 13:18 - 2012-12-15 13:18 - 0007666 _____ () C:\Users\HYPER\AppData\Local\Resmon.ResmonCfg 2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\HYPER\AppData\Local\setup.txt 2012-01-28 14:26 - 2012-01-28 14:26 - 0017408 _____ () C:\Users\HYPER\AppData\Local\WebpageIcons.db 2011-11-22 17:52 - 2011-11-22 17:52 - 0000000 _____ () C:\Users\HYPER\AppData\Local\{145DDD62-D4B0-4443-B461-F2483531BEFB} 2011-11-22 15:11 - 2011-11-22 15:11 - 0000000 _____ () C:\Users\HYPER\AppData\Local\{48110CBC-F1C0-4C7F-A63E-E524F04CE96B} 2011-11-22 17:42 - 2011-11-22 17:42 - 0000000 _____ () C:\Users\HYPER\AppData\Local\{D6B2AC6A-B5C2-4600-9FD3-35ACC3E82196} 2013-06-18 14:22 - 2013-06-27 10:48 - 0000355 _____ () C:\ProgramData\cbadedaacecdebfagfdgfdgdfg.cfg 2013-06-18 14:02 - 2013-06-27 22:14 - 0050365 _____ () C:\ProgramData\cbadedaacecdebfagfdgfdgdfg.exe 2012-01-28 12:35 - 2013-05-23 22:26 - 0000031 _____ () C:\ProgramData\droidcam-settings 2013-06-18 14:25 - 2013-06-26 12:07 - 0000000 _____ () C:\ProgramData\qbxbvpsagvwynrx 2013-06-26 12:04 - 2013-06-26 12:04 - 0178176 _____ () C:\ProgramData\upikdrphwbptejd 2013-06-21 06:22 - 2013-06-21 06:22 - 0028160 _____ () C:\ProgramData\wiupymvtxevnrhq ZeroAccess: C:\Users\HYPER\AppData\Local\f46bf428 C:\Users\HYPER\AppData\Local\f46bf428\@ C:\Users\HYPER\AppData\Local\f46bf428\loader.tlb Files to move or delete: ==================== C:\ProgramData\cbadedaacecdebfagfdgfdgdfg.exe C:\Users\HYPER\AppData\Roaming\skype.ini Some files in TEMP: ==================== C:\Users\Administrator\AppData\Local\temp\installerdll16330031.dll C:\Users\Administrator\AppData\Local\temp\installerdll16338343.dll C:\Users\Administrator\AppData\Local\temp\installerdll16359453.dll C:\Users\Administrator\AppData\Local\temp\installerdll16366296.dll C:\Users\Administrator\AppData\Local\temp\rootsupd.exe C:\Users\Administrator\AppData\Local\temp\Setup.exe C:\Users\Administrator\AppData\Local\temp\vcredist_x64.exe C:\Users\Administrator\AppData\Local\temp\vcredist_x86.exe C:\Users\Administrator\AppData\Local\temp\WindowsInstaller-KB893803-v2-x86.exe C:\Users\HYPER\AppData\Local\temp\BullseyeCoverage-2-x86.dll C:\Users\HYPER\AppData\Local\temp\GURE7EF.exe C:\Users\HYPER\AppData\Local\temp\InstHelper.exe C:\Users\HYPER\AppData\Local\temp\Quarantine.exe C:\Users\HYPER\AppData\Local\temp\sfamcc00001.dll C:\Users\HYPER\AppData\Local\temp\sfamcc00002.dll C:\Users\HYPER\AppData\Local\temp\sfamcc00003.dll C:\Users\HYPER\AppData\Local\temp\sfamcc00004.dll C:\Users\HYPER\AppData\Local\temp\sfextra.dll C:\Users\HYPER\AppData\Local\temp\sqlite3.dll C:\Users\sunset\AppData\Local\temp\jre-8u45-windows-au.exe C:\Users\sunset\AppData\Local\temp\SkypeSetup.exe C:\Users\sunset\AppData\Local\temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-23 10:52 ==================== End of log ============================