OTL.Txt

Asus X550V - Znaczące zwolnienie systemu

Witam. Od rana mam problem ponieważ mój lapek chwycił strasznego muła począwszy od startu systemu (około 1 minuty) przez mulącą przeglądarkę po zwykłe przeglądanie plików na dyskach. Wszystkie znane mi programy niczego nie wykryły.Mój system to Windows 8.1 dołączam logi z OTL. Proszę o pomoc.


OTL logfile created on: 2014-02-13 18:22:45 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Download
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,89 Gb Total Physical Memory | 2,14 Gb Available Physical Memory | 55,03% Memory free
7,89 Gb Paging File | 6,02 Gb Available in Paging File | 76,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 185,96 Gb Total Space | 135,84 Gb Free Space | 73,05% Space Free | Partition Type: NTFS
Drive D: | 258,15 Gb Total Space | 184,42 Gb Free Space | 71,44% Space Free | Partition Type: NTFS

Computer Name: BLACKHUNTER | User Name: NN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014-02-02 00:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-01-15 20:27:24 | 000,078,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
PRC - [2014-01-15 20:27:14 | 000,448,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2013-12-10 03:22:32 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013-12-10 03:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013-10-30 18:06:23 | 000,257,136 | ---- | M] (Microsoft Corporation) -- C:\Users\NN\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013-10-25 12:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013-09-12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2013-04-16 17:25:30 | 000,020,792 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-03-27 10:57:52 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2013-02-26 11:08:24 | 000,176,240 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
PRC - [2012-11-28 17:56:40 | 000,054,488 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012-10-26 14:35:44 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012-10-17 19:08:40 | 000,205,184 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012-10-05 21:57:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Download\OTL.exe
PRC - [2012-10-05 15:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012-09-18 12:51:54 | 001,124,032 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012-09-14 13:14:16 | 000,328,064 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012-08-31 19:27:20 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012-07-17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012-07-17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012-06-27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012-06-25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012-05-28 10:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012-04-24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012-04-13 10:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2011-11-21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014-02-02 00:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014-02-02 00:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014-02-02 00:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014-02-02 00:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014-02-02 00:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2014-01-30 02:24:48 | 000,659,456 | ---- | M] () -- C:\Program Files (x86)\EagleGet\util.dll
MOD - [2014-01-15 20:27:21 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
MOD - [2014-01-15 20:23:35 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013-12-19 21:33:31 | 000,013,088 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2013-11-14 19:12:25 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2013-11-14 19:07:48 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2014-02-04 20:36:17 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-12-10 03:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013-10-25 12:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013-10-01 12:02:42 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013-09-30 05:14:43 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013-08-22 13:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013-08-22 04:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013-08-22 03:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-03-27 11:39:42 | 000,227,968 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013-03-27 10:57:52 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012-10-05 15:55:50 | 000,110,976 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012-09-13 04:59:08 | 002,466,448 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012-07-17 14:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012-07-17 14:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012-06-27 12:47:02 | 000,129,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012-06-25 10:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012-04-24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012-04-13 10:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011-11-21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010-10-12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-09-07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009-07-02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: " URL " = http://www.bing.com/search?q={searchTerms} & FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4027072399-157409601-1063908186-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-4027072399-157409601-1063908186-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-4027072399-157409601-1063908186-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4027072399-157409601-1063908186-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: " ProxyEnable " = 0


[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Programy\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\eagleget.com/EagleGet: C:\Program Files (x86)\EagleGet\npEagleget.dll (www.eagleget.com)
FF - HKCU\Software\MozillaPlugins\egtcps.com/captures: C:\Program Files (x86)\EagleGet\captures.dll (www.eagleget.com)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2014-01-18 18:44:17 | 000,000,000 | ---D | M]


[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms} & {google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient} & xssi=t & q={searchTerms} & {google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\NN\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: EagleGet UCM (Enabled) = C:\Program Files (x86)\EagleGet\captures.dll
CHR - plugin: EagleGet (Enabled) = C:\Program Files (x86)\EagleGet\npEagleget.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Disabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Microsoft Office 2013 (Disabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Programy\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
CHR - Extension: Dokumenty Google = C:\Users\NN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Dysk Google = C:\Users\NN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Brushed = C:\Users\NN\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg\1.0_0\
CHR - Extension: YouTube = C:\Users\NN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Szukaj w Google = C:\Users\NN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: AdBlock = C:\Users\NN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: EagleGet Downloader = C:\Users\NN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfhffdajidfgpobcfdgilfcgbngginod\1.6_0\
CHR - Extension: Google Wallet = C:\Users\NN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\NN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013-08-22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EGet Class) - {824F251E-D74A-4d56-B998-CA05CF369A13} - C:\Program Files (x86)\EagleGet\eagleSniffer.dll (EagleGet.com)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-4027072399-157409601-1063908186-1002..\Run: [AudialsNotifier] C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe ()
O4 - HKU\S-1-5-21-4027072399-157409601-1063908186-1002..\Run: [EagleGet] C:\Program Files (x86)\EagleGet\EagleGet.exe (EagleGet.com)
O4 - HKU\S-1-5-21-4027072399-157409601-1063908186-1002..\Run: [jafdeqiphm] wscript.exe //B " C:\Users\NN\AppData\Local\Temp\jafdeqiphm..vbs " File not found
O4 - HKU\S-1-5-21-4027072399-157409601-1063908186-1002..\Run: [Power2GoExpress] C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = " C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe " (Atheros Communications)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Download all links with EagleGet - C:\Program Files (x86)\EagleGet\IEGraberBHO.dll (EagleGet.com)
O8 - Extra context menu item: Download with EagleGet - C:\Program Files (x86)\EagleGet\IEGraberBHO.dll (EagleGet.com)
O8 - Extra context menu item: E & xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se & nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Ściągaj z Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se & nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin & ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin & ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40283AF6-0566-4646-8C4F-99C40E0C9339}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014-02-11 11:42:46 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- " %1 " %*
O35 - HKLM\..exefile [open] -- " %1 " %*
O37 - HKLM\...com [@ = comfile] -- " %1 " %*
O37 - HKLM\...exe [@ = exefile] -- " %1 " %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014-02-11 18:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[2014-02-11 13:04:56 | 000,000,000 | ---D | C] -- C:\UsbFix
[2014-02-11 11:51:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014-02-11 11:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014-02-09 14:57:36 | 000,000,000 | ---D | C] -- C:\Users\NN\Documents\EagleGet Downloads
[2014-02-09 14:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EagleGet
[2014-02-09 14:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\EagleGet
[2014-02-09 14:57:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EagleGet
[2014-02-09 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Roaming\EagleGet
[2014-02-09 12:59:46 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Local\CrashRpt
[2014-02-09 12:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\RapidSolution
[2014-02-09 12:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 11
[2014-02-09 12:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audials
[2014-02-09 12:56:35 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Local\RapidSolution
[2014-02-08 16:03:59 | 000,000,000 | ---D | C] -- C:\Users\NN\Documents\OnLive App
[2014-02-08 16:03:48 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Roaming\OnLive App
[2014-02-08 16:03:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnLive
[2014-02-08 16:03:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OnLive
[2014-02-05 20:15:04 | 000,000,000 | ---D | C] -- C:\Winmend~Folder~Hidden
[2014-02-05 20:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinMend
[2014-02-05 20:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinMend
[2014-02-05 20:08:21 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Hide Folder
[2014-02-05 20:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Hide Folder
[2014-02-05 20:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Hide Folder
[2014-02-05 12:26:06 | 000,693,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-02-05 12:26:06 | 000,105,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-02-05 12:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2014-02-05 12:15:28 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Roaming\HpUpdate
[2014-02-05 12:14:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014-02-05 12:13:47 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Local\HP
[2014-02-05 11:58:27 | 000,000,000 | R--D | C] -- C:\Users\NN\Documents\HP Photo Creations
[2014-02-05 11:58:27 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Roaming\Visan
[2014-02-05 11:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014-02-05 11:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014-02-05 11:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2014-02-05 11:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2014-02-04 19:26:11 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Local\Windows Live
[2014-02-03 13:03:32 | 000,000,000 | ---D | C] -- C:\Users\NN\Desktop\106NIKON
[2014-02-02 12:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014-01-24 20:11:40 | 000,000,000 | ---D | C] -- C:\Users\NN\.oces
[2014-01-24 20:10:32 | 000,000,000 | ---D | C] -- C:\Users\NN\.oces2
[2014-01-19 18:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014-01-19 18:12:56 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Local\Deployment
[2014-01-19 16:58:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014-01-19 16:41:54 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014-01-19 16:01:29 | 000,000,000 | ---D | C] -- C:\Users\NN\AppData\Roaming\Malwarebytes
[2014-01-19 16:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014-01-19 16:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-01-19 16:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014-01-19 07:32:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-01-18 18:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2014-01-18 18:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2014-01-15 19:43:01 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014-01-15 19:42:57 | 000,695,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2014-01-15 19:42:56 | 000,174,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSClient.dll
[1 C:\Windows\*.tmp files - & gt; C:\Windows\*.tmp - & gt; ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014-02-13 18:23:42 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-02-13 18:23:00 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf153a6d5edb33.job
[2014-02-13 18:19:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-02-13 18:18:40 | 000,000,062 | ---- | M] () -- C:\Users\NN\AppData\Roaming\sp_data.sys
[2014-02-13 18:18:27 | 001,048,576 | -HS- | M] () -- C:\Users\NN\NTUSER.DAT{bbed3e3a-0b41-11e3-8249-d6927d06400b}.TxR.2.regtrans-ms
[2014-02-13 18:18:27 | 001,048,576 | -HS- | M] () -- C:\Users\NN\NTUSER.DAT{bbed3e3a-0b41-11e3-8249-d6927d06400b}.TxR.1.regtrans-ms
[2014-02-13 18:18:27 | 001,048,576 | -HS- | M] () -- C:\Users\NN\NTUSER.DAT{bbed3e3a-0b41-11e3-8249-d6927d06400b}.TxR.0.regtrans-ms
[2014-02-13 18:18:27 | 000,065,536 | -HS- | M] () -- C:\Users\NN\NTUSER.DAT{bbed3e3a-0b41-11e3-8249-d6927d06400b}.TxR.blf
[2014-02-13 18:17:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2014-02-13 18:17:52 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-02-13 18:17:51 | 3340,029,952 | -HS- | M] () -- C:\hiberfil.sys
[2014-02-13 16:36:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-02-13 15:51:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014-02-13 09:59:39 | 000,001,457 | ---- | M] () -- C:\Users\NN\Desktop\UsbFix.lnk
[2014-02-13 00:30:12 | 002,883,584 | -HS- | M] () -- C:\Users\NN\NTUSER.DAT
[2014-02-13 00:30:10 | 000,184,843 | -H-- | M] () -- C:\Users\NN\AppData\Local\IconCache.db
[2014-02-11 11:42:46 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014-02-06 07:09:51 | 000,001,972 | ---- | M] () -- C:\Users\NN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 1510 series.lnk
[2014-02-05 12:14:17 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014-01-30 21:47:26 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014-01-30 21:47:26 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014-01-24 20:26:59 | 000,000,001 | ---- | M] () -- C:\Users\NN\temp.dat
[2014-01-19 16:22:38 | 000,165,659 | ---- | M] () -- C:\MyXML.xml
[2014-01-19 08:45:02 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[1 C:\Windows\*.tmp files - & gt; C:\Windows\*.tmp - & gt; ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014-02-13 18:18:27 | 001,048,576 | -HS- | C] () -- C:\Users\NN\NTUSER.DAT{bbed3e3a-0b41-11e3-8249-d6927d06400b}.TxR.2.regtrans-ms
[2014-02-13 18:18:27 | 001,048,576 | -HS- | C] () -- C:\Users\NN\NTUSER.DAT{bbed3e3a-0b41-11e3-8249-d6927d06400b}.TxR.1.regtrans-ms
[2014-02-13 18:18:27 | 001,048,576 | -HS- | C] () -- C:\Users\NN\NTUSER.DAT{bbed3e3a-0b41-11e3-8249-d6927d06400b}.TxR.0.regtrans-ms
[2014-02-13 18:18:27 | 000,065,536 | -HS- | C] () -- C:\Users\NN\NTUSER.DAT{bbed3e3a-0b41-11e3-8249-d6927d06400b}.TxR.blf
[2014-02-13 09:59:39 | 000,001,457 | ---- | C] () -- C:\Users\NN\Desktop\UsbFix.lnk
[2014-02-11 11:42:46 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014-02-05 12:16:38 | 000,001,972 | ---- | C] () -- C:\Users\NN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Powiadomienia monitorowania tuszu - HP Deskjet 1510 series.lnk
[2014-02-05 12:14:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014-02-05 11:56:52 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014-01-24 20:11:41 | 000,000,001 | ---- | C] () -- C:\Users\NN\temp.dat
[2014-01-19 18:18:10 | 000,001,076 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf153a6d5edb33.job
[2014-01-19 18:13:13 | 000,001,064 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-01-19 08:45:18 | 000,001,337 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk
[2014-01-19 08:45:02 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014-01-19 08:38:42 | 000,165,659 | ---- | C] () -- C:\MyXML.xml
[2014-01-19 07:34:23 | 000,001,004 | ---- | C] () -- C:\Users\NN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014-01-15 21:22:22 | 000,184,843 | -H-- | C] () -- C:\Users\NN\AppData\Local\IconCache.db
[2014-01-15 19:42:47 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014-01-06 17:03:48 | 000,000,017 | ---- | C] () -- C:\Users\NN\AppData\Local\resmon.resmoncfg
[2013-10-19 21:41:49 | 000,000,020 | -HS- | C] () -- C:\Users\NN\ntuser.ini
[2013-10-19 21:23:31 | 002,883,584 | -HS- | C] () -- C:\Users\NN\NTUSER.DAT
[2013-10-19 21:23:31 | 000,524,288 | -HS- | C] () -- C:\Users\NN\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TMContainer00000000000000000002.regtrans-ms
[2013-10-19 21:23:31 | 000,524,288 | -HS- | C] () -- C:\Users\NN\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TMContainer00000000000000000001.regtrans-ms
[2013-10-19 21:23:31 | 000,065,536 | -HS- | C] () -- C:\Users\NN\NTUSER.DAT{bbed3e3b-0b41-11e3-8249-d6927d06400b}.TM.blf
[2013-10-01 12:02:30 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2013-10-01 12:02:26 | 000,180,736 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013-10-01 12:02:26 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013-09-05 12:42:10 | 000,000,005 | ---- | C] () -- C:\Users\NN\AppData\Roaming\WBPU-TTL.DAT
[2013-09-05 12:42:09 | 000,000,114 | ---- | C] () -- C:\Users\NN\AppData\Roaming\WB.CFG
[2013-08-22 16:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013-08-22 16:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013-08-22 15:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013-08-22 14:25:43 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2013-08-22 08:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013-08-22 04:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013-08-22 00:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013-08-22 00:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2013-08-19 23:12:56 | 000,000,062 | ---- | C] () -- C:\Users\NN\AppData\Roaming\sp_data.sys
[2013-05-01 12:15:31 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2013-05-01 12:15:31 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012-07-26 06:26:52 | 000,000,124 | ---- | C] () -- C:\Windows\win.ini
[2012-07-25 21:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012-07-25 21:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012-04-20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2014-01-05 17:14:50 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
" " = C:\Windows\SysNative\shell32.dll -- [2013-11-05 21:21:27 | 021,196,664 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shell32.dll -- [2013-11-05 19:51:37 | 018,642,504 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
" " = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
" ThreadingModel " = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2014-01-19 07:41:24 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2014-01-19 07:41:24 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2014-02-09 17:30:06 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\AIMP3
[2013-08-19 23:16:00 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\ASUS WebStorage
[2013-11-09 14:14:43 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\Banamalon
[2013-10-18 20:11:54 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\BitComet
[2014-02-09 14:57:18 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\EagleGet
[2013-09-17 19:56:29 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\ESET
[2014-01-31 12:26:50 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\GG
[2014-01-04 09:24:11 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\IObit
[2013-09-03 14:48:16 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\Mipony
[2014-02-08 16:03:48 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\OnLive App
[2013-09-12 11:07:34 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\PowerISO
[2013-09-03 17:20:35 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\Synaptics
[2013-11-10 12:39:09 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\Unified Remote
[2013-11-17 18:56:27 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\uTorrent
[2014-02-05 11:58:27 | 000,000,000 | ---D | M] -- C:\Users\NN\AppData\Roaming\Visan

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 237 bytes - & gt; C:\Users\NN\SkyDrive:ms-properties

& lt; End of report & gt;


Download file - link to post