OTL logfile created on: 2021-09-22 12:50:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ziem\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.19596) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 47,90 Gb Total Physical Memory | 39,95 Gb Available Physical Memory | 83,41% Memory free 95,79 Gb Paging File | 82,72 Gb Available in Paging File | 86,35% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 461,42 Gb Total Space | 44,92 Gb Free Space | 9,73% Space Free | Partition Type: NTFS Drive D: | 1863,01 Gb Total Space | 143,48 Gb Free Space | 7,70% Space Free | Partition Type: NTFS Drive Q: | 15,30 Gb Total Space | 3,41 Gb Free Space | 22,26% Space Free | Partition Type: NTFS Computer Name: ZIEM-K | User Name: ziem | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2021-09-22 12:50:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ziem\Downloads\OTL.exe PRC - [2021-09-22 12:18:46 | 024,743,552 | ---- | M] (Spotify Ltd) -- C:\Users\ziem\AppData\Roaming\Spotify\Spotify.exe PRC - [2021-09-09 07:16:46 | 005,397,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe PRC - [2021-08-16 11:55:04 | 000,169,728 | ---- | M] (Adobe Inc.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2021-04-06 08:50:52 | 000,037,280 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe PRC - [2021-04-06 08:49:24 | 000,287,648 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe PRC - [2021-03-15 12:10:53 | 012,849,960 | ---- | M] (TeamViewer Germany GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe PRC - [2020-11-25 00:09:54 | 004,528,344 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2020-11-25 00:04:08 | 000,325,856 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2020-10-29 17:43:36 | 002,973,336 | ---- | M] () -- C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVer PTZApp\eCam.exe PRC - [2020-10-29 14:55:10 | 000,363,608 | ---- | M] (AVer) -- C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVer PTZApp\plugin\PTZAgent\PTZAppAgent.exe PRC - [2020-09-08 21:36:44 | 000,067,896 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2020-09-08 21:36:36 | 000,110,392 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe PRC - [2020-09-08 21:36:36 | 000,067,384 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2020-09-08 21:36:28 | 000,356,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe PRC - [2020-08-29 09:27:24 | 001,249,592 | ---- | M] (Apple, Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe PRC - [2020-08-29 09:27:24 | 000,076,600 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2020-06-08 08:30:00 | 000,691,288 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2020-06-08 08:29:46 | 000,542,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2020-03-13 21:07:28 | 000,042,208 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe PRC - [2019-12-10 12:53:56 | 001,862,776 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2019-12-10 12:53:56 | 001,186,936 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2019-12-10 12:53:48 | 001,195,128 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2019-11-25 16:12:56 | 000,218,104 | ---- | M] () -- d:\Program Files (x86)\SDRplay\SDRuno\sdrplay_apiService.exe PRC - [2019-07-02 08:00:32 | 000,085,304 | ---- | M] () -- D:\Program Files\Microvirt\MEmu\MemuService.exe PRC - [2019-05-31 11:51:54 | 000,428,432 | ---- | M] (Audinate Pty. Ltd.) -- C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe PRC - [2018-05-16 07:08:00 | 001,669,416 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE PRC - [2018-05-16 07:08:00 | 000,127,784 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe PRC - [2018-02-27 13:29:34 | 000,362,920 | ---- | M] (Audinate Pty Ltd) -- C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe PRC - [2017-08-29 17:56:38 | 000,169,768 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe PRC - [2017-08-29 17:56:30 | 000,297,256 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe PRC - [2017-08-29 17:56:26 | 000,073,512 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2017-08-29 17:55:56 | 000,059,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe PRC - [2017-06-01 18:16:54 | 000,117,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe PRC - [2017-05-11 21:23:40 | 000,299,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2017-03-17 14:07:56 | 000,623,720 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2017-03-17 13:55:16 | 000,283,752 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2017-03-17 13:54:48 | 000,140,392 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2017-03-17 13:53:54 | 000,857,192 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe PRC - [2016-06-13 15:04:46 | 000,132,112 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2016-06-02 19:20:06 | 001,321,296 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe PRC - [2015-09-24 17:41:26 | 000,840,592 | ---- | M] (Adobe Systems Inc.) -- D:\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2015-08-20 08:22:56 | 000,162,136 | ---- | M] (Pulse Secure, LLC) -- C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe PRC - [2014-02-18 08:49:29 | 001,739,440 | ---- | M] () -- C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe PRC - [2013-07-22 23:12:22 | 040,536,576 | ---- | M] () -- C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Color Calibrator Tray.exe PRC - [2011-10-11 14:46:06 | 000,203,088 | ---- | M] (X-Rite Inc.) -- C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe PRC - [2011-02-18 07:39:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\prevhost.exe PRC - [2010-10-11 09:38:08 | 000,007,680 | ---- | M] (Philips) -- C:\ProgramData\Philips\Common Database\ProntoDataService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2021-09-22 12:18:47 | 131,143,816 | ---- | M] () -- C:\Users\ziem\AppData\Roaming\Spotify\libcef.dll MOD - [2021-09-22 12:18:46 | 005,862,536 | ---- | M] () -- C:\Users\ziem\AppData\Roaming\Spotify\libglesv2.dll MOD - [2021-09-22 12:18:45 | 002,441,352 | ---- | M] () -- C:\Users\ziem\AppData\Roaming\Spotify\swiftshader\libglesv2.dll MOD - [2021-09-22 12:18:45 | 000,356,488 | ---- | M] () -- C:\Users\ziem\AppData\Roaming\Spotify\swiftshader\libegl.dll MOD - [2021-09-09 07:16:46 | 000,494,304 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll MOD - [2020-10-29 17:43:36 | 002,973,336 | ---- | M] () -- C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVer PTZApp\eCam.exe MOD - [2020-10-29 14:55:12 | 001,542,158 | ---- | M] () -- C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVer PTZApp\plugin\PTZAgent\libstdc++-6.dll MOD - [2020-10-29 14:55:12 | 000,346,112 | ---- | M] () -- C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVer PTZApp\swscale-2.dll MOD - [2020-10-29 14:55:12 | 000,113,678 | ---- | M] () -- C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVer PTZApp\plugin\PTZAgent\libgcc_s_dw2-1.dll MOD - [2020-10-29 14:55:10 | 014,361,600 | ---- | M] () -- C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVer PTZApp\avcodec-54.dll MOD - [2020-10-29 14:55:10 | 002,842,624 | ---- | M] () -- C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVer PTZApp\avformat-54.dll MOD - [2020-10-29 14:55:10 | 000,200,704 | ---- | M] () -- C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVer PTZApp\avutil-51.dll MOD - [2020-08-29 09:27:34 | 001,038,648 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2020-07-23 16:01:44 | 000,878,592 | ---- | M] () -- C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVer PTZApp\platforms\qwindows.dll MOD - [2020-07-23 16:01:42 | 000,204,800 | ---- | M] () -- C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVer PTZApp\imageformats\qjpeg.dll MOD - [2020-07-23 16:01:42 | 000,021,504 | ---- | M] () -- C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVer PTZApp\imageformats\qgif.dll MOD - [2020-01-16 04:04:54 | 001,171,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\562986d7a855f1c3cfc3c045d1aae4fe\System.ServiceModel.Web.ni.dll MOD - [2020-01-16 04:04:52 | 000,457,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Serv30e99c02#\cdaa1061cd25d43e435fc60d0283dc9b\System.ServiceModel.Channels.ni.dll MOD - [2020-01-16 04:04:49 | 020,990,464 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\81ae1db50b3e070762786faf8c12c90d\System.ServiceModel.ni.dll MOD - [2020-01-16 04:04:36 | 003,160,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\e7293c499aab1c1065bbac06d21940fc\System.IdentityModel.ni.dll MOD - [2020-01-16 04:01:45 | 020,849,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\19df695201ebe57445a02a99e11e316c\PresentationFramework.ni.dll MOD - [2020-01-16 04:01:36 | 012,823,552 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\92a14cd4d19c2e257bd7809c227a947c\PresentationCore.ni.dll MOD - [2020-01-16 04:01:30 | 004,296,192 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7954722555d2691123b07c0fa2bc4bf1\WindowsBase.ni.dll MOD - [2020-01-16 04:01:28 | 001,058,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a7d793bd53b97f96fd74d63f2e2cba27\System.Configuration.ni.dll MOD - [2020-01-16 04:01:27 | 008,476,160 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\0baadf319dfd895d78e1c7119de0b2c8\System.Core.ni.dll MOD - [2020-01-16 04:01:24 | 002,098,176 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b5802ac1fa4df0bfcb59bca1b4624cf\System.Xaml.ni.dll MOD - [2020-01-16 04:01:23 | 000,561,152 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\d875141bfb802baeb1d8d0407f13be24\PresentationFramework.Aero.ni.dll MOD - [2020-01-13 17:43:40 | 000,303,432 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Root\Office16\IEAWSDC.DLL MOD - [2019-12-12 11:46:01 | 000,823,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d2848e3f9176caf53ef344a68af397bf\System.ServiceModel.Internals.ni.dll MOD - [2019-12-12 11:45:42 | 002,955,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ebbf395b6beb9e11868bcf4ec82709ff\System.Runtime.Serialization.ni.dll MOD - [2019-12-12 11:44:54 | 000,121,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\bb00f581c7c00c142f65125e19b41ca5\SMDiagnostics.ni.dll MOD - [2019-12-12 11:32:56 | 007,806,976 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2d1b046a048928368640709f21c68957\System.Xml.ni.dll MOD - [2019-12-12 11:32:52 | 001,702,400 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\e52663bb62a2da0cb135c68381864014\System.Drawing.ni.dll MOD - [2019-12-12 11:32:51 | 010,824,192 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\43c032506c31659174a678cdca773c58\System.ni.dll MOD - [2019-12-12 11:32:46 | 021,019,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\4c5309378c71d1cd39ab38681429f776\mscorlib.ni.dll MOD - [2017-12-08 02:49:26 | 000,076,088 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2017-07-07 15:02:34 | 000,898,560 | ---- | M] () -- C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\libxml2.dll MOD - [2016-07-11 09:37:32 | 003,455,456 | ---- | M] () -- C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\CxF2_VC90MD_2.1.dll MOD - [2014-02-18 08:49:29 | 001,739,440 | ---- | M] () -- C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe MOD - [2013-07-22 23:12:30 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\zlib1.dll MOD - [2013-07-22 23:12:28 | 007,390,720 | ---- | M] () -- C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\QtGui4.dll MOD - [2013-07-22 23:12:28 | 002,012,160 | ---- | M] () -- C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\QtCore4.dll MOD - [2013-07-22 23:12:22 | 040,536,576 | ---- | M] () -- C:\Program Files (x86)\X-Rite\PANTONE Color Calibrator\Color Calibrator Tray.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2021-08-19 09:41:24 | 003,079,464 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2021-03-03 13:53:15 | 000,008,704 | ---- | M] (GuinpinSoft inc) [Auto | Running] -- C:\Program Files\Common Files\cdarbsvc\cdarbsvc_v1.0.0_x64.exe -- (CdRomArbiterService) SRV:[b]64bit:[/b] - [2020-11-05 12:20:38 | 003,098,912 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2020-07-21 03:01:16 | 000,269,608 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService) SRV:[b]64bit:[/b] - [2020-06-02 01:13:30 | 000,189,464 | ---- | M] (Dolby Laboratories, Inc.) [Auto | Running] -- C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe -- (Dolby DAX2 API Service) SRV:[b]64bit:[/b] - [2020-04-09 16:43:14 | 000,799,592 | ---- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2020-04-09 16:42:20 | 000,871,784 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2020-01-12 23:18:26 | 000,254,296 | ---- | M] (Synaptics Incorporated) [Auto | Running] -- C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe -- (SynTPEnhService) SRV:[b]64bit:[/b] - [2019-12-17 15:21:12 | 004,122,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:[b]64bit:[/b] - [2019-12-17 15:20:54 | 000,311,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2019-12-17 15:20:44 | 000,693,304 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2019-12-17 02:52:57 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2019-12-11 19:42:30 | 000,949,632 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:[b]64bit:[/b] - [2019-12-11 19:42:30 | 000,892,288 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Windows\SysNative\LPlatSvc.exe -- (LPlatSvc) SRV:[b]64bit:[/b] - [2019-12-10 10:32:47 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:[b]64bit:[/b] - [2019-10-31 12:34:58 | 000,532,992 | ---- | M] () [Auto | Running] -- C:\Program Files\OpenVPN Connect\agent_ovpnconnect_1572521543794.exe -- (agent_ovpnconnect) SRV:[b]64bit:[/b] - [2019-09-26 01:28:18 | 004,744,904 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\SysNative\nvwmi64.exe -- (NVWMI) SRV:[b]64bit:[/b] - [2019-09-16 14:37:18 | 000,781,680 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem) SRV:[b]64bit:[/b] - [2019-09-12 13:27:54 | 000,340,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService2.0.0.0) SRV:[b]64bit:[/b] - [2019-04-16 13:02:04 | 000,147,344 | ---- | M] (Fortinet Inc.) [Auto | Running] -- C:\Program Files\Fortinet\FortiClient\FortiClient VPN\scheduler.exe -- (FA_Scheduler) SRV:[b]64bit:[/b] - [2018-08-13 23:49:28 | 001,391,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:[b]64bit:[/b] - [2018-07-18 23:51:00 | 000,539,136 | ---- | M] (Bosch Security Systems B.V.) [Auto | Running] -- C:\Program Files\Bosch\DNS-SD\BoschDNSSDService.exe -- (Bosch DNS-SD Service) SRV:[b]64bit:[/b] - [2018-06-13 23:55:52 | 000,360,072 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:[b]64bit:[/b] - [2017-10-15 16:19:53 | 001,595,400 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64) SRV:[b]64bit:[/b] - [2017-08-29 17:56:38 | 000,169,768 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe -- (LENOVO.TVTVCAM) SRV:[b]64bit:[/b] - [2017-08-29 17:56:26 | 000,073,512 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV:[b]64bit:[/b] - [2017-08-29 17:55:56 | 000,059,688 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV:[b]64bit:[/b] - [2017-08-24 15:50:40 | 001,678,272 | ---- | M] (OSBASE) [Auto | Running] -- C:\Windows\SysNative\ddmgr.exe -- (ddmgr) SRV:[b]64bit:[/b] - [2017-08-08 11:00:42 | 000,121,344 | ---- | M] (Dassault Systèmes) [Auto | Running] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service) SRV:[b]64bit:[/b] - [2017-06-01 18:16:54 | 000,117,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV:[b]64bit:[/b] - [2017-04-03 12:56:18 | 000,120,400 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV:[b]64bit:[/b] - [2016-12-19 14:51:58 | 000,133,712 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV:[b]64bit:[/b] - [2016-08-09 07:13:59 | 000,094,208 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe -- (postgresql-x64-9.5) SRV:[b]64bit:[/b] - [2016-06-13 15:04:46 | 000,132,112 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV:[b]64bit:[/b] - [2016-06-02 19:20:48 | 000,273,232 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe -- (LSC.Services.SystemService) SRV:[b]64bit:[/b] - [2015-01-14 20:25:38 | 000,395,744 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe -- (IntelUSBoverIP) SRV:[b]64bit:[/b] - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2021-09-18 03:59:57 | 001,481,048 | ---- | M] (Google LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.54\elevation_service.exe -- (GoogleChromeElevationService) SRV - [2021-09-16 08:48:10 | 001,651,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\Edge\Application\93.0.961.52\elevation_service.exe -- (MicrosoftEdgeElevationService) SRV - [2021-09-10 18:49:12 | 000,243,128 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2021-08-16 11:55:04 | 000,169,728 | ---- | M] (Adobe Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2021-07-13 14:17:18 | 000,024,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2021-04-06 08:50:52 | 000,037,280 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe -- (DSAService) SRV - [2021-04-06 08:48:40 | 000,165,272 | ---- | M] (Intel) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe -- (DSAUpdateService) SRV - [2021-03-15 12:10:53 | 012,849,960 | ---- | M] (TeamViewer Germany GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer) SRV - [2020-12-07 13:45:18 | 001,201,584 | -H-- | M] (Kairos) [On_Demand | Stopped] -- D:\Program Files\Kairos\Duet Display\DuetUpdater.exe -- (DuetUpdater) SRV - [2020-11-25 00:09:54 | 004,528,344 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2020-11-25 00:08:32 | 000,119,032 | ---- | M] (Check Point Software Technologies, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe -- (ZAPrivacyService) SRV - [2020-10-16 18:34:20 | 000,746,504 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- D:\Program Files\Oracle\VirtualBox\VBoxSDS.exe -- (VBoxSDS) SRV - [2020-06-30 03:50:42 | 000,224,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe -- (edgeupdatem) SRV - [2020-06-30 03:50:42 | 000,224,152 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe -- (edgeupdate) SRV - [2020-06-08 08:30:00 | 000,691,288 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2020-06-08 08:29:46 | 000,542,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2020-03-13 21:07:28 | 000,042,208 | ---- | M] (Check Point Software Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe -- (ZA NET ICM Service) SRV - [2019-12-19 15:22:22 | 000,518,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe -- (iBtSiva) SRV - [2019-12-10 12:53:56 | 001,862,776 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2019-12-10 12:53:56 | 001,186,936 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2019-12-10 12:53:48 | 001,195,128 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2019-11-25 16:12:56 | 000,218,104 | ---- | M] () [Auto | Running] -- d:\Program Files (x86)\SDRplay\SDRuno\sdrplay_apiService.exe -- (SDRplayAPIService) SRV - [2019-09-12 13:27:56 | 000,394,800 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2019-08-06 17:39:04 | 000,262,144 | ---- | M] () [Auto | Running] -- d:\Program Files\Allway Sync\Bin\SyncService.exe -- (BotkindSyncService) SRV - [2019-07-02 08:00:32 | 000,085,304 | ---- | M] () [Auto | Running] -- D:\Program Files\Microvirt\MEmu\MemuService.exe -- (MEmuSVC) SRV - [2019-05-31 11:51:54 | 000,428,432 | ---- | M] (Audinate Pty. Ltd.) [Auto | Running] -- C:\Program Files (x86)\Audinate\Shared Files\mDNSResponder.exe -- (DanteDiscovery) SRV - [2019-03-28 02:11:14 | 000,132,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2018-05-16 07:08:00 | 001,669,416 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service) SRV - [2018-02-27 13:29:34 | 000,362,920 | ---- | M] (Audinate Pty Ltd) [Auto | Running] -- C:\Program Files (x86)\Audinate\Shared Files\conmon_cmm_service.exe -- (conmon) SRV - [2017-03-17 13:55:16 | 000,283,752 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2017-03-17 13:54:48 | 000,140,392 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2017-02-08 16:22:22 | 000,100,680 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe -- (connect2hotspot) SRV - [2015-11-04 18:26:24 | 001,831,064 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe -- (ThunderboltService) SRV - [2015-08-20 08:22:56 | 000,162,136 | ---- | M] (Pulse Secure, LLC) [Auto | Running] -- C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService) SRV - [2015-06-24 09:14:42 | 000,019,088 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe -- (Intel(R) SRV - [2015-01-15 21:37:50 | 000,619,776 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe -- (Lenovo EasyPlus Hotspot) SRV - [2015-01-09 20:18:28 | 000,293,416 | ---- | M] (Aviata, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo Registration\EngageService.exe -- (LenovoProdRegManager) SRV - [2014-03-21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2013-03-01 03:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2011-10-11 14:46:06 | 000,203,088 | ---- | M] (X-Rite Inc.) [Auto | Running] -- C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe -- (xrdd.exe) SRV - [2010-10-11 09:38:08 | 000,007,680 | ---- | M] (Philips) [Auto | Running] -- C:\ProgramData\Philips\Common Database\ProntoDataService.exe -- (ProntoDataService) SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2021-08-19 09:41:23 | 000,194,776 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2021-08-19 09:41:23 | 000,169,424 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2021-08-19 09:41:23 | 000,123,472 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\edevmon.sys -- (edevmon) DRV:[b]64bit:[/b] - [2021-08-19 09:41:23 | 000,107,456 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2020-11-25 00:03:34 | 000,461,240 | ---- | M] (Check Point Software Technologies Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:[b]64bit:[/b] - [2020-10-16 11:04:40 | 000,249,344 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\VBoxNetLwf.sys -- (VBoxNetLwf) DRV:[b]64bit:[/b] - [2020-10-16 11:04:38 | 000,239,432 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp6.sys -- (VBoxNetAdp) DRV:[b]64bit:[/b] - [2020-10-05 00:55:23 | 000,315,976 | ---- | M] (Bluestack System Inc. ) [Kernel | Auto | Running] -- C:\Program Files\BlueStacks\BstkDrv_bgp.sys -- (BlueStacksDrv) DRV:[b]64bit:[/b] - [2020-08-25 05:36:10 | 000,075,024 | ---- | M] (Insecure.Com LLC.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npcap.sys -- (npcap) DRV:[b]64bit:[/b] - [2020-06-08 08:29:22 | 000,262,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2020-01-12 23:18:00 | 000,038,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:[b]64bit:[/b] - [2020-01-12 23:17:52 | 000,705,880 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2019-12-17 16:42:18 | 001,324,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibtusb.sys -- (ibtusb) DRV:[b]64bit:[/b] - [2019-12-17 14:12:20 | 000,155,616 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:[b]64bit:[/b] - [2019-12-17 14:12:18 | 001,565,152 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:[b]64bit:[/b] - [2019-12-11 19:42:30 | 000,080,144 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:[b]64bit:[/b] - [2019-12-11 19:42:30 | 000,038,160 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pmdrvs.sys -- (PMDRVS) DRV:[b]64bit:[/b] - [2019-11-19 20:09:38 | 003,466,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw04.sys -- (NETwNs64) DRV:[b]64bit:[/b] - [2019-10-31 12:18:36 | 000,030,208 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap_ovpnconnect.sys -- (tap_ovpnconnect) DRV:[b]64bit:[/b] - [2019-09-26 01:27:58 | 000,057,280 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2019-09-26 01:27:02 | 000,316,104 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt) DRV:[b]64bit:[/b] - [2019-09-21 07:35:48 | 000,309,904 | ---- | M] (Maiwei Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MEmuDrv.sys -- (MEmuDrv) DRV:[b]64bit:[/b] - [2019-09-12 13:27:48 | 011,099,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2019-08-11 20:13:54 | 000,262,160 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl) DRV:[b]64bit:[/b] - [2019-07-21 17:26:44 | 000,136,920 | ---- | M] (Mirics) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msi2500.sys -- (msi2500) DRV:[b]64bit:[/b] - [2019-04-17 16:38:58 | 000,228,608 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2019-04-16 12:22:04 | 000,148,272 | ---- | M] (Fortinet Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fortips.sys -- (Fortips) DRV:[b]64bit:[/b] - [2019-04-16 12:18:02 | 000,025,312 | ---- | M] (Fortinet Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FortiFilter.sys -- (FortiFilter) DRV:[b]64bit:[/b] - [2019-04-16 12:18:02 | 000,016,928 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftvnic.sys -- (ft_vnic) DRV:[b]64bit:[/b] - [2019-04-16 12:18:00 | 000,071,248 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftsvnic.sys -- (ftsvnic) DRV:[b]64bit:[/b] - [2019-04-16 12:18:00 | 000,054,344 | ---- | M] (Fortinet Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pppop64.sys -- (pppop) DRV:[b]64bit:[/b] - [2019-03-07 23:52:24 | 000,052,832 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0) DRV:[b]64bit:[/b] - [2018-09-23 15:56:29 | 000,828,776 | ---- | M] (IDRIX) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\veracrypt.sys -- (veracrypt) DRV:[b]64bit:[/b] - [2018-08-09 15:15:22 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:[b]64bit:[/b] - [2018-05-16 07:08:00 | 000,039,264 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:[b]64bit:[/b] - [2018-04-14 06:15:24 | 000,069,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:[b]64bit:[/b] - [2018-04-14 06:15:20 | 000,086,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:[b]64bit:[/b] - [2018-04-14 06:15:18 | 000,023,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:[b]64bit:[/b] - [2018-04-14 06:15:16 | 000,094,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:[b]64bit:[/b] - [2017-09-07 13:04:56 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2017-09-07 13:04:48 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:[b]64bit:[/b] - [2017-08-24 15:50:40 | 000,287,568 | ---- | M] (OSBASE) [Kernel | Disabled | Running] -- C:\Windows\SysNative\drivers\ddkmd.sys -- (ddkmd) DRV:[b]64bit:[/b] - [2017-08-24 15:50:40 | 000,030,544 | ---- | M] (OSBASE) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ddkmdldr.sys -- (ddkmdldr) DRV:[b]64bit:[/b] - [2017-06-09 21:00:44 | 000,894,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:[b]64bit:[/b] - [2017-06-09 21:00:44 | 000,041,448 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:[b]64bit:[/b] - [2017-05-11 21:23:40 | 000,816,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2017-05-11 21:23:40 | 000,401,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:[b]64bit:[/b] - [2017-04-18 03:02:34 | 000,054,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\XtuAcpiDriver.sys -- (XtuAcpiDriver) DRV:[b]64bit:[/b] - [2017-04-11 12:40:00 | 003,227,648 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc) DRV:[b]64bit:[/b] - [2017-03-20 21:31:12 | 000,173,024 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:[b]64bit:[/b] - [2017-03-20 21:31:12 | 000,046,040 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:[b]64bit:[/b] - [2017-03-17 01:52:12 | 000,213,088 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2017-03-17 01:52:12 | 000,120,416 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2017-02-01 02:12:56 | 000,533,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1d62x64.sys -- (e1dexpress) DRV:[b]64bit:[/b] - [2016-12-28 03:07:40 | 000,039,736 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SynaSmi.sys -- (SynaMetSMI) DRV:[b]64bit:[/b] - [2016-12-28 03:07:40 | 000,039,736 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SynaSmi.sys -- (SMIDriver) DRV:[b]64bit:[/b] - [2016-03-07 01:27:54 | 000,817,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ausb3xhc.sys -- (ausb3xhc) DRV:[b]64bit:[/b] - [2016-03-07 01:27:54 | 000,404,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ausb3hub.sys -- (ausb3hub) DRV:[b]64bit:[/b] - [2016-03-06 22:56:41 | 000,050,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:[b]64bit:[/b] - [2016-02-26 11:47:14 | 000,053,400 | ---- | M] (Generic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SzCCID.sys -- (SzCCID) DRV:[b]64bit:[/b] - [2016-02-05 21:03:08 | 000,147,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2016-01-29 16:12:24 | 000,105,384 | ---- | M] (Moxa Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mxuwdrv2.sys -- (mxuwdrv2) DRV:[b]64bit:[/b] - [2015-11-25 12:42:06 | 000,013,920 | ---- | M] (Crestron Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtrnWinUsbLowerFilter.sys -- (CtrnWinUsbLowerFilter) DRV:[b]64bit:[/b] - [2015-11-10 11:28:44 | 000,126,464 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbt70x.sys -- (nhi) DRV:[b]64bit:[/b] - [2015-08-29 00:52:58 | 000,041,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:[b]64bit:[/b] - [2015-08-29 00:52:58 | 000,030,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:[b]64bit:[/b] - [2015-08-20 09:42:44 | 000,108,344 | ---- | M] (Pulse Secure, LLC) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\jnprTdi_815_60701.sys -- (jnprTdi_815_60701) DRV:[b]64bit:[/b] - [2015-08-20 06:29:28 | 000,507,192 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jnprns.sys -- (jnprns) DRV:[b]64bit:[/b] - [2015-08-20 06:29:28 | 000,045,352 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jnprvamgr.sys -- (JnprVaMgr) DRV:[b]64bit:[/b] - [2015-08-20 06:29:28 | 000,030,072 | ---- | M] (Juniper Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jnprva.sys -- (jnprva) DRV:[b]64bit:[/b] - [2015-05-29 08:35:50 | 000,752,856 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPer.sys -- (RTSPER) DRV:[b]64bit:[/b] - [2015-04-30 01:01:06 | 000,023,200 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:[b]64bit:[/b] - [2015-01-26 00:00:00 | 000,059,904 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CH341S64.SYS -- (CH341SER_A64) DRV:[b]64bit:[/b] - [2015-01-14 20:21:48 | 000,212,056 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb3Hub.sys -- (usb3Hub) DRV:[b]64bit:[/b] - [2014-11-14 10:38:20 | 000,112,856 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtu30x64w7.sys -- (RTLU3E8023-W7-64) DRV:[b]64bit:[/b] - [2014-09-02 18:01:16 | 000,041,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vbaudio_cable64_win7.sys -- (VBAudioVACMME) DRV:[b]64bit:[/b] - [2013-10-02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2013-08-29 03:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2013-03-01 03:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:[b]64bit:[/b] - [2013-02-12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2013-02-12 06:12:05 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb80236.sys -- (usbrndis6) DRV:[b]64bit:[/b] - [2012-08-23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012-08-23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012-02-09 10:18:15 | 000,048,128 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jusb_x64.sys -- (jusb_x64) DRV:[b]64bit:[/b] - [2011-12-26 11:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-04-03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2007-10-30 18:52:46 | 000,740,096 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USA19Hx64.sys -- (USA19H) DRV:[b]64bit:[/b] - [2007-10-23 20:19:46 | 000,035,840 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USA19Hx64p.sys -- (USA19HP) DRV:[b]64bit:[/b] - [2007-05-14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {F3E3C86A-8508-4B8A-8F72-023BA814DBA1} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{F3E3C86A-8508-4B8A-8F72-023BA814DBA1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {F3E3C86A-8508-4B8A-8F72-023BA814DBA1} IE - HKLM\..\SearchScopes\{F3E3C86A-8508-4B8A-8F72-023BA814DBA1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,IE11DefaultsFRECompletionTime = [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,IE11DefaultsFREConfigUpdateTimestamp = [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,IE11DefaultsFREGPOCheckTimestamp = [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,IE11DefaultsFREModalCompletionTime = [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.lenovo.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCTE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error. IE - HKCU\..\SearchScopes,DefaultScope = {F3E3C86A-8508-4B8A-8F72-023BA814DBA1} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local; IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 89.40.114.244:50064 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.region: "PL" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.161.2: C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.161.2: C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@DVR/npmedia,version=3.1.0.4: C:\Program Files\webrec\WEB30\WebPlugin\npmedia.dll () FF - HKLM\Software\MozillaPlugins\@DVR/npplugin,version=3.1.0.4: C:\Program Files (x86)\webrec\WEB30\WebPlugin_V2\npPlugin.dll () FF - HKLM\Software\MozillaPlugins\@DVR/npTimeGrid,version=3.1.0.4: C:\Program Files\webrec\WEB30\WebPlugin\npTimeGrid.dll (Unauthorized copy) FF - HKLM\Software\MozillaPlugins\@IPC/npmedia3.0.0.3,version=3.0.0.3: C:\Program Files\webrec\Torch\3.0.0.3\npmedia3.0.0.3.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.161.2: C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.161.2: C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@qnap.com/MonitorPlayer: C:\Program Files (x86)\QNAP\SurveillanceClient\npMonHost.dll ( QNAP System, Inc) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.10: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.12: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Web Components: C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll () FF - HKCU\Software\MozillaPlugins\SkypeForBusinessPlugin-15.8: C:\Users\ziem\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\SkypeForBusinessPlugin64-15.8: C:\Users\ziem\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi-x64.dll (Microsoft Corporation) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 92.0\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 92.0\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2019-06-29 14:32:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2020-07-28 12:32:58 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 92.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 92.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2016-10-15 01:01:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ziem\AppData\Roaming\mozilla\Extensions [2017-12-24 01:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ziem\AppData\Roaming\mozilla\SystemExtensionsDev [2021-09-08 16:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ziem\AppData\Roaming\mozilla\Firefox\Profiles\dd8vs7ei.default-1631111131343\storage\default\moz-extension+++837cbdb2-66b5-4188-8cbf-5fb29748e105^userContextId=4294967295 [2021-09-16 13:08:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ziem\AppData\Roaming\mozilla\Firefox\Profiles\dd8vs7ei.default-1631111131343\storage\default\moz-extension+++837cbdb2-66b5-4188-8cbf-5fb29748e105^userContextId=4294967295\idb [2021-09-14 23:22:01 | 000,013,605 | ---- | M] () (No name found) -- C:\Users\ziem\AppData\Roaming\mozilla\firefox\profiles\dd8vs7ei.default-1631111131343\features\{742c809f-0a9f-4659-8914-736ed292134b}\addons-search-detection@mozilla.com.xpi [2021-09-14 23:22:01 | 000,015,666 | ---- | M] () (No name found) -- C:\Users\ziem\AppData\Roaming\mozilla\firefox\profiles\dd8vs7ei.default-1631111131343\features\{742c809f-0a9f-4659-8914-736ed292134b}\reset-search-defaults@mozilla.com.xpi [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.10_1\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\agpmgihmmmfkbhckmciedmhincdggomo\1.0.1_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\anjoggeimnldigfcihcggejncophmhjc\1.0.1.3_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.5_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn\1.1.4_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk\6.65.62_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.3.3_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.31.0_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmpigflbjeapnknladcfphgkemopofig\0.2.48_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.16.0_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmbhfeiddhndihdjeganjggkmjapkffm\2.4.3_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nofdpbenickbjghcdhapegiimmdinblo\990.88.208_0\ CHR - Extension: No name found = C:\Users\ziem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.3_0\ O1 HOSTS File: ([2019-05-09 22:29:19 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (IEToEdge BHO) - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\93.0.961.52\BHO\ie_to_edge_bho_64.dll (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IEToEdge BHO) - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\93.0.961.52\BHO\ie_to_edge_bho.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:[b]64bit:[/b] - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\ecmdS.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:[b]64bit:[/b] - HKLM..\Run: [LogiOptions] C:\Program Files\Logitech\LogiOptions\LogiOptions.exe (Logitech, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVerFECC] C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVerFECC\AVerSfbFecc.exe File not found O4 - HKLM..\Run: [Duet Display] D:\Program Files\Kairos\Duet Display\duet.exe (Duet, Inc.) O4 - HKLM..\Run: [Intel Driver & Support Assistant] C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (Intel) O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [PTZAgent] C:\Users\ziem\AppData\Local\AVer\AVer PTZApp\AVer PTZApp\Plugin\PTZAgent\PTZAppAgent.exe (AVer) O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [ZaAntiRansomware] "C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe" File not found O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.) O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [com.squirrel.Teams.Teams] C:\Users\ziem\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) O4 - HKCU..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [Spotify] C:\Users\ziem\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Audinate\Shared Files\mdnsNSP.dll (Audinate Pty. Ltd.) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bosch\DNS-SD\BoschDNSSDNSP.dll (Bosch Security Systems B.V.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Audinate\Shared Files\mdnsNSP.dll (Audinate Pty. Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bosch\DNS-SD\BoschDNSSDNSP.dll (Bosch Security Systems B.V.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15:[b]64bit:[/b] - ..Trusted Domains: eset.com ([help] http in Trusted sites) O15 - HKLM\..Trusted Domains: eset.com ([help] http in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1 ([http] in Zaufane witryny) O16:[b]64bit:[/b] - DPF: {583C990C-2D38-410c-9A4A-0932D66A754F} https://pulsesecure.net/dana-cached/sc/PulseSetupClient64.cab (PulseSetupClientControl64 Class) O16:[b]64bit:[/b] - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab (JuniperSetupClientControl64 Class) O16 - DPF: {8E375A63-C616-46F1-AC77-59DF78F3A826} https://pulsesecure.net/dana-cached/sc/PulseSetupClient.cab (PulseSetupClientControl Class) O16 - DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://192.168.2.40:1109/ssi.cgi/cab/OCXChecker_8570.cab (OCXDownloadChecker Control) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02FAC2DB-5C8C-4B82-B06D-51D166D8D9E2}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10FCF59E-52C0-4991-BEE0-D49E3858DE27}: DhcpNameServer = 172.20.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13BF20B5-6CA0-472C-8CE2-28B4430A5843}: Domain = uw.edu.pl O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{13BF20B5-6CA0-472C-8CE2-28B4430A5843}: NameServer = 193.0.71.130,212.87.0.72 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15C26F2D-BF3A-43CC-8605-1DFFC66B1B07}: DhcpNameServer = 172.20.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F138744-D224-48DD-9B90-7009741A238A}: DhcpNameServer = 172.20.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5441432E-70A3-4F48-8FE2-79E7F866AA40}: DhcpNameServer = 172.20.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{564ADEF2-E3D3-41EC-9F86-46F204DD0669}: DhcpNameServer = 172.20.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B83AEC2-08FB-43E3-9A45-89FD32F4FD55}: DhcpNameServer = 172.20.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78736D5B-658A-45D3-B1CB-E11C886EF0E9}: DhcpNameServer = 172.20.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A055ECA-1B93-45F0-B052-AB5FFE8FC58B}: Domain = uw.edu.pl O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A055ECA-1B93-45F0-B052-AB5FFE8FC58B}: NameServer = 193.0.71.130,212.87.0.72 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F63CCAD-D00D-4E39-A024-7945B60333CB}: DhcpNameServer = 172.20.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E47C5CA-B13B-48E8-803A-5EC71EFD12A9}: DhcpNameServer = 172.20.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB68F594-E3D6-4D37-9F44-1A4482A180EC}: DhcpNameServer = 172.20.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C287FAD3-D85D-4E1D-87B7-933135C35481}: DhcpNameServer = 192.168.0.1 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC27A7D6-68B6-483F-BAD9-51CC77BC6079}: DhcpNameServer = 172.20.10.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6CD4FC0-5434-4F50-B78A-212026DB3261}: DhcpNameServer = 172.20.10.1 O18:[b]64bit:[/b] - Protocol\Handler\mso-minsb.16 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-minsb-roaming.16 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\osf.16 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\osf-roaming.16 - No CLSID value found O20:[b]64bit:[/b] - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - ("c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2017-10-15 16:21:19 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O32 - AutoRun File - [2014-05-19 08:43:30 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{78037cbc-e9fb-11e9-afbd-9cb0d0579537}\Shell - "" = AutoRun O33 - MountPoints2\{78037cbc-e9fb-11e9-afbd-9cb0d0579537}\Shell\AutoRun\command - "" = E:\HiSuiteDownLoader.exe O33 - MountPoints2\{80b4bc1b-2564-11e9-be9b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{80b4bc1b-2564-11e9-be9b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{bb2eba79-406a-4b28-86bb-a6b8ef781a01}\Shell - "" = AutoRun O33 - MountPoints2\{bb2eba79-406a-4b28-86bb-a6b8ef781a01}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.cmd -- [2014-06-05 10:27:20 | 000,000,065 | -HS- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2021-09-22 12:52:31 | 000,000,000 | ---D | C] -- C:\FRST [2021-09-21 16:05:46 | 000,000,000 | ---D | C] -- C:\Users\ziem\Documents\Composer 6.0 [2021-09-21 15:05:51 | 000,000,000 | ---D | C] -- C:\Users\ziem\Documents\Composer 8.0 [2021-09-20 13:51:24 | 000,000,000 | ---D | C] -- C:\Users\ziem\AppData\Roaming\Symetrix [2021-09-20 13:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symetrix [2021-09-20 13:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symetrix [2021-09-16 14:44:58 | 000,000,000 | ---D | C] -- C:\swshare [2021-09-10 18:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2021-09-08 16:25:39 | 000,000,000 | ---D | C] -- C:\Users\ziem\Desktop\Stare dane programu Firefox [2021-06-24 13:44:42 | 018,344,964 | ---- | C] (Polycom) -- C:\Users\ziem\AppData\Roaming\PolycomCompanionSetup.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2021-09-22 12:25:24 | 000,035,744 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2021-09-22 12:25:24 | 000,035,744 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2021-09-22 12:23:17 | 001,853,016 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2021-09-22 12:23:17 | 000,805,878 | ---- | M] () -- C:\windows\SysNative\perfh015.dat [2021-09-22 12:23:17 | 000,719,670 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2021-09-22 12:23:17 | 000,180,350 | ---- | M] () -- C:\windows\SysNative\perfc015.dat [2021-09-22 12:23:17 | 000,146,472 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2021-09-22 12:17:09 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2021-09-22 12:16:53 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2021-09-22 12:16:47 | 4211,896,312 | -HS- | M] () -- C:\hiberfil.sys [2021-09-21 20:18:33 | 000,002,200 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2021-09-21 15:38:25 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Composer 6.0.lnk [2021-09-21 15:23:39 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\SymNet Designer 10.0.lnk [2021-09-21 15:12:24 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Composer 7.3.lnk [2021-09-21 15:10:48 | 000,051,281 | ---- | M] () -- C:\Users\ziem\Documents\netscan.xml [2021-09-20 13:49:56 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\Composer 8.0.lnk [2021-09-17 14:44:28 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Edge.lnk [2021-09-12 14:15:00 | 2963,022,462 | ---- | M] () -- C:\windows\MEMORY.DMP [color=#E56717]========== Files Created - No Company Name ==========[/color] [2021-09-21 15:38:25 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Composer 6.0.lnk [2021-09-21 15:23:39 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\SymNet Designer 10.0.lnk [2021-09-21 15:12:24 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Composer 7.3.lnk [2021-09-20 13:49:56 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\Composer 8.0.lnk [2021-03-25 16:35:51 | 000,000,037 | ---- | C] () -- C:\windows\wininit.ini [2020-08-06 14:08:08 | 017,093,894 | ---- | C] () -- C:\Users\ziem\2020-07-26 07-00-00~07-05-00.avi [2020-04-02 14:43:14 | 000,719,521 | ---- | C] () -- C:\windows\unins002.exe [2020-04-02 14:43:14 | 000,007,534 | ---- | C] () -- C:\windows\unins002.dat [2020-04-01 19:25:15 | 000,102,912 | ---- | C] () -- C:\windows\SysWow64\miricsBDA_6432.dll [2020-03-07 21:38:59 | 000,870,096 | ---- | C] () -- C:\windows\SysWow64\vulkan-1-999-0-0-0.dll [2020-03-07 21:38:59 | 000,870,096 | ---- | C] () -- C:\windows\SysWow64\vulkan-1.dll [2020-03-07 21:38:59 | 000,379,080 | ---- | C] () -- C:\windows\SysWow64\nvofapi.dll [2020-03-07 21:38:59 | 000,260,304 | ---- | C] () -- C:\windows\SysWow64\vulkaninfo-1-999-0-0-0.exe [2020-03-07 21:38:59 | 000,260,304 | ---- | C] () -- C:\windows\SysWow64\vulkaninfo.exe [2020-03-07 21:35:10 | 000,141,296 | ---- | C] () -- C:\windows\SysWow64\libEGL.dll [2020-03-07 21:35:10 | 000,112,112 | ---- | C] () -- C:\windows\SysWow64\libGLESv2.dll [2020-03-07 21:35:10 | 000,101,360 | ---- | C] () -- C:\windows\SysWow64\libGLESv1_CM.dll [2020-03-07 21:34:59 | 001,374,904 | ---- | C] () -- C:\windows\SysWow64\iga32.dll [2020-02-26 20:40:24 | 000,001,051 | ---- | C] () -- C:\windows\ODBCINST.INI [2020-02-26 20:40:24 | 000,000,413 | ---- | C] () -- C:\windows\ODBC.INI [2019-07-10 12:51:04 | 000,000,095 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2019-02-07 19:34:49 | 000,000,014 | ---- | C] () -- C:\Users\ziem\prog.tkn [2019-02-07 19:33:32 | 000,000,163 | ---- | C] () -- C:\Users\ziem\prog.zip [2019-02-07 19:26:33 | 000,000,014 | ---- | C] () -- C:\Users\ziem\irfile11 [2019-02-07 19:26:29 | 000,000,014 | ---- | C] () -- C:\Users\ziem\irfile10 [2019-02-07 19:02:06 | 000,000,014 | ---- | C] () -- C:\Users\ziem\irfile09 [2018-12-03 22:53:36 | 000,000,548 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2018-09-13 18:59:11 | 149,037,624 | ---- | C] () -- C:\Users\ziem\20180411-182642-01.avi [2018-07-15 00:49:04 | 000,006,144 | ---- | C] () -- C:\Users\ziem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2017-12-24 01:24:14 | 000,000,132 | ---- | C] () -- C:\Users\ziem\AppData\Roaming\Adobe PNG Format CS6 Prefs [2016-09-10 13:06:30 | 000,001,456 | ---- | C] () -- C:\Users\ziem\AppData\Local\Adobe Save for Web 13.0 Prefs [2016-06-10 13:05:31 | 000,000,600 | ---- | C] () -- C:\Users\ziem\AppData\Local\PUTTY.RND [2016-03-07 01:29:28 | 000,000,102 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc [2016-03-07 01:28:56 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2019-05-25 02:04:16 | 014,185,984 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2019-05-25 01:59:03 | 012,880,384 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 964 bytes -> C:\Users\ziem\AppData\Local\Temp:tSHRPuhVr8oj0u0fSi3XiP @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2388C2C5 < End of report >