OTL logfile created on: 2015-12-25 14:14:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\ Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 998,52 Mb Total Physical Memory | 310,55 Mb Available Physical Memory | 31,10% Memory free 2,21 Gb Paging File | 1,38 Gb Available in Paging File | 62,45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 55,00 Gb Total Space | 31,59 Gb Free Space | 57,44% Space Free | Partition Type: NTFS Drive E: | 14,62 Gb Total Space | 8,92 Gb Free Space | 61,02% Space Free | Partition Type: FAT32 Computer Name: PLL01047 | User Name: HP | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2015-12-25 14:02:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2015-10-24 20:18:15 | 000,442,504 | ---- | M] () -- C:\ProgramData\iWdsManProi\WdsManPro.exe PRC - [2015-10-12 03:01:16 | 000,270,568 | ---- | M] () -- C:\Program Files\RayDld\ihpmServer.exe PRC - [2015-09-30 22:37:00 | 000,301,632 | ---- | M] () -- C:\Program Files\WordFly_1.10.0.25\Service\wfsrvc.exe PRC - [2014-03-07 02:41:19 | 000,240,720 | ---- | M] () -- C:\ProgramData\MobileBrServ\mbbService.exe PRC - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011-07-21 08:24:12 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2010-04-05 08:41:14 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2010-04-05 08:40:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009-11-11 13:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe PRC - [2009-04-10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2007-02-06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2015-10-24 20:30:50 | 000,264,192 | ---- | M] () -- C:\Users\HP\AppData\Local\PriceFountain\prfo.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2015-10-17 14:40:44 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015-10-05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Disabled | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2015-10-05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) [Disabled | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2014-03-07 02:41:19 | 000,240,720 | ---- | M] () [Auto | Running] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Huawei E3372) SRV - [2012-07-27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011-07-21 08:24:12 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2010-04-05 08:40:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2008-05-25 19:43:58 | 001,464,856 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) SRV - [2008-05-25 19:43:54 | 000,182,808 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) SRV - [2008-05-25 19:43:50 | 000,121,368 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) SRV - [2008-01-18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-02-06 10:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2015-12-25 13:54:17 | 000,052,440 | ---- | M] (Malwarebytes) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\iidoabbf.sys -- (mjrviap) DRV - [2015-10-24 21:21:12 | 000,025,016 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dtlitescsibus.sys -- (dtlitescsibus) DRV - [2015-10-05 09:50:12 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl) DRV - [2015-10-05 09:50:04 | 000,023,256 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011-05-13 17:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011-05-13 17:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010-02-25 00:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey) DRV - [2009-12-07 09:32:24 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009-11-16 09:07:20 | 004,247,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) DRV - [2009-07-20 14:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32) DRV - [2009-07-20 14:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rismc32.sys -- (RICOH SmartCard Reader) DRV - [2009-06-25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009-04-29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2008-01-18 22:42:14 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2008-01-18 19:25:06 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007-08-28 14:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) DRV - [2007-07-12 09:41:52 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) DRV - [2007-04-25 12:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA) DRV - [2006-11-28 15:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-444547895-2842310206-1771819716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE - HKU\S-1-5-21-444547895-2842310206-1771819716-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-444547895-2842310206-1771819716-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-444547895-2842310206-1771819716-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\ CHR - Extension: No name found = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\ CHR - Extension: No name found = C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes) O4 - HKU\S-1-5-21-444547895-2842310206-1771819716-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_19_0_0_226_ActiveX.exe (Adobe Systems Incorporated) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-444547895-2842310206-1771819716-1000\..Trusted Domains: mks.com.pl ([]https in Zaufane witryny) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E44C98A-D593-4A06-8486-8ACD9E3E34E2}: DhcpNameServer = 192.168.3.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4790E545-7D1D-4653-8F0A-136045CFD7E2}: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DAD16AE-9D4F-4073-9359-BAAFA7BD0EC8}: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD78C58F-77AC-4A07-906C-DF073B675D79}: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBE91799-7655-47F4-B0C2-02D2F49C3B3B}: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB650A27-BDA1-48BD-AD9F-6542D0ABEF87}: DhcpNameServer = 192.168.8.1 192.168.8.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1909969-60F0-482C-8034-E28478D6C772}: DhcpNameServer = 192.168.8.1 192.168.8.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2015-09-06 22:52:56 | 000,000,208 | RHS- | M] () - E:\AUTORUN.FCB -- [ FAT32 ] O33 - MountPoints2\{19783943-7a8b-11e5-9971-001e376a743d}\Shell - "" = AutoRun O33 - MountPoints2\{19783943-7a8b-11e5-9971-001e376a743d}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{19783943-7a8b-11e5-9971-001e376a743d}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{19783943-7a8b-11e5-9971-001e376a743d}\Shell\install\command - "" = F:\SETUP.EXE O33 - MountPoints2\{a1f35e42-7fe4-11e5-aa23-001e376a743d}\Shell - "" = AutoRun O33 - MountPoints2\{a1f35e42-7fe4-11e5-aa23-001e376a743d}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{c6c658a5-8af5-11e5-a537-0c5b8f279a64}\Shell - "" = AutoRun O33 - MountPoints2\{c6c658a5-8af5-11e5-a537-0c5b8f279a64}\Shell\AutoRun\command - "" = H:\SETUP.EXE O33 - MountPoints2\{c6c658a5-8af5-11e5-a537-0c5b8f279a64}\Shell\configure\command - "" = H:\SETUP.EXE O33 - MountPoints2\{c6c658a5-8af5-11e5-a537-0c5b8f279a64}\Shell\install\command - "" = H:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2015-12-25 14:07:42 | 000,000,000 | ---D | C] -- C:\FRST [2015-12-25 13:54:17 | 000,052,440 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\iidoabbf.sys [2015-12-25 13:23:58 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2014 [2015-12-25 13:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\jv16 PowerTools 2014 [2015-12-25 13:16:08 | 000,170,200 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-12-25 13:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2015-12-25 13:13:00 | 000,094,936 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamchameleon.sys [2015-12-25 13:13:00 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys [2015-12-25 13:13:00 | 000,023,256 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbam.sys [2015-12-25 13:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware [2015-12-25 13:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2015-12-25 14:08:05 | 000,714,160 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2015-12-25 14:08:05 | 000,633,712 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2015-12-25 14:08:05 | 000,151,000 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2015-12-25 14:08:05 | 000,119,278 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2015-12-25 14:00:29 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015-12-25 13:54:54 | 000,000,893 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015-12-25 13:54:54 | 000,000,853 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2015-12-25 13:54:54 | 000,000,773 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2015-12-25 13:54:53 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2015-12-25 13:54:53 | 000,001,584 | ---- | M] () -- C:\Users\Public\Desktop\Huawei E3372.lnk [2015-12-25 13:54:20 | 000,002,657 | ---- | M] () -- C:\Users\HP\Desktop\Microsoft Office Word 2007.lnk [2015-12-25 13:54:20 | 000,001,686 | ---- | M] () -- C:\Users\HP\Desktop\jv16 PowerTools 2014.lnk [2015-12-25 13:54:20 | 000,001,657 | ---- | M] () -- C:\Users\HP\Desktop\Facebook.lnk [2015-12-25 13:54:17 | 000,052,440 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\iidoabbf.sys [2015-12-25 13:47:24 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015-12-25 13:24:27 | 000,000,024 | -HS- | M] () -- C:\Users\HP\AppData\Roaming\System5908ConfigCollection.dat [2015-12-25 13:24:27 | 000,000,024 | -HS- | M] () -- C:\Users\HP\AppData\Roaming\1D959CA221C7573.sys [2015-12-25 13:18:54 | 000,170,200 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-12-25 13:03:57 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2015-12-25 13:03:57 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2015-12-25 13:03:29 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015-12-25 13:03:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [color=#E56717]========== Files Created - No Company Name ==========[/color] [2015-12-25 13:24:27 | 000,000,024 | -HS- | C] () -- C:\Users\HP\AppData\Roaming\System5908ConfigCollection.dat [2015-12-25 13:24:27 | 000,000,024 | -HS- | C] () -- C:\Users\HP\AppData\Roaming\1D959CA221C7573.sys [2015-12-25 13:23:36 | 000,001,686 | ---- | C] () -- C:\Users\HP\Desktop\jv16 PowerTools 2014.lnk [2015-12-25 13:13:25 | 000,000,893 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2015-10-24 22:30:21 | 000,000,472 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2015-10-24 20:18:21 | 000,000,102 | ---- | C] () -- C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat [2015-05-15 11:27:26 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2013-07-12 09:41:45 | 000,000,600 | ---- | C] () -- C:\Users\HP\AppData\Local\PUTTY.RND [2013-07-11 09:00:44 | 000,001,356 | ---- | C] () -- C:\Users\HP\AppData\Local\d3d9caps.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2006-11-02 13:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015-07-29 01:46:08 | 011,588,096 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [color=#E56717]========== Purity Check ==========[/color] < End of report >