OTL logfile created on: 2013-02-25 22:16:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = I:\system - działanie OS i programów\narzędzia diagnostyczne i informacyjne\FORUM _ NARZĘDZIA\OTL 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 10,00 Gb Total Physical Memory | 6,95 Gb Available Physical Memory | 69,47% Memory free 19,99 Gb Paging File | 16,78 Gb Available in Paging File | 83,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 124,89 Gb Total Space | 36,83 Gb Free Space | 29,49% Space Free | Partition Type: NTFS Drive D: | 67,03 Gb Total Space | 23,92 Gb Free Space | 35,68% Space Free | Partition Type: NTFS Drive E: | 40,53 Gb Total Space | 33,66 Gb Free Space | 83,06% Space Free | Partition Type: NTFS Drive F: | 15,25 Gb Total Space | 12,40 Gb Free Space | 81,32% Space Free | Partition Type: NTFS Drive G: | 150,07 Gb Total Space | 55,50 Gb Free Space | 36,98% Space Free | Partition Type: NTFS Drive H: | 150,27 Gb Total Space | 10,33 Gb Free Space | 6,87% Space Free | Partition Type: NTFS Drive I: | 123,60 Gb Total Space | 21,77 Gb Free Space | 17,62% Space Free | Partition Type: NTFS Drive J: | 25,06 Gb Total Space | 0,93 Gb Free Space | 3,69% Space Free | Partition Type: NTFS Drive K: | 1,94 Gb Total Space | 1,27 Gb Free Space | 65,64% Space Free | Partition Type: NTFS Drive M: | 41,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: GRACE-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-02-21 10:10:54 | 003,089,320 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe PRC - [2013-02-16 21:42:45 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe PRC - [2013-02-14 19:10:31 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe PRC - [2013-02-10 14:29:16 | 000,534,160 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe PRC - [2013-02-08 15:58:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- I:\system - działanie OS i programów\narzędzia diagnostyczne i informacyjne\FORUM _ NARZĘDZIA\OTL\OTL.exe PRC - [2013-01-28 15:46:02 | 000,246,272 | ---- | M] (Moonchild Productions) -- C:\Program Files (x86)\pale moon\palemoon.exe PRC - [2013-01-28 15:46:02 | 000,010,752 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\pale moon\plugin-container.exe PRC - [2012-12-28 20:56:28 | 006,115,432 | ---- | M] (AnVir Software) -- C:\Program Files (x86)\AnVir Task Manager\AnVir.exe PRC - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012-11-06 15:30:04 | 003,804,568 | ---- | M] (Ashampoo Media GmbH & Co. KG) -- C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe PRC - [2012-11-01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- E:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2011-12-01 17:18:08 | 002,068,112 | ---- | M] (Crystal Rich Ltd) -- E:\Program Files (x86)\Zentimo\Zentimo.exe PRC - [2011-10-14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe PRC - [2011-10-14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011-10-14 07:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2011-10-10 18:01:16 | 014,558,848 | ---- | M] (Winstep Software Technologies) -- C:\Program Files (x86)\Winstep\Nexus-Ultimate.exe PRC - [2011-05-31 05:59:04 | 005,730,304 | ---- | M] () -- C:\Program Files\MySql\MySqlServer\bin\mysqld-nt.exe PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2010-04-28 02:31:08 | 000,274,432 | ---- | M] (Rob Crombie) -- I:\system UI - tunning (wygląd i dodatki)\klawiatura\CapsLockWarningv2.5 (bez instalacji)\CapsLockWarning.exe PRC - [2009-08-29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Grace II\Local Settings\Apps\F.lux\flux.exe PRC - [2008-06-25 12:04:38 | 000,336,896 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Gateway\EzTune\dthtml.exe PRC - [2008-06-25 12:02:28 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2008-06-21 17:01:32 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe PRC - [2000-05-20 17:23:48 | 000,086,016 | ---- | M] () -- C:\Windows\StartupMonitor.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-02-14 19:10:31 | 014,717,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll MOD - [2013-01-28 15:46:03 | 001,951,744 | ---- | M] () -- C:\Program Files (x86)\pale moon\mozjs.dll MOD - [2013-01-17 17:58:56 | 006,307,952 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll MOD - [2012-10-22 16:47:52 | 000,042,904 | ---- | M] () -- C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\MouseHook.dll MOD - [2009-08-29 07:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Grace II\Local Settings\Apps\F.lux\flux.exe MOD - [2008-06-25 12:02:28 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\CC\gui.dll MOD - [2008-06-25 12:02:08 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll MOD - [2008-06-21 17:01:32 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\di2c.dll MOD - [2008-06-21 17:00:24 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\vista.dll MOD - [2000-05-20 17:23:48 | 000,086,016 | ---- | M] () -- C:\Windows\StartupMonitor.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013-01-24 22:43:06 | 003,724,472 | ---- | M] (COMODO) [Auto | Unknown] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV:[b]64bit:[/b] - [2012-09-11 18:13:02 | 001,494,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV:[b]64bit:[/b] - [2012-04-10 11:17:16 | 000,097,552 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV:[b]64bit:[/b] - [2011-09-27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:[b]64bit:[/b] - [2011-05-31 05:59:04 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\MySql\MySqlServer\bin\mysqld-nt.exe -- (MySql) SRV:[b]64bit:[/b] - [2009-08-18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-02-21 10:10:54 | 003,089,320 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2013-02-14 19:10:32 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-02-09 00:52:11 | 000,285,795 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -- (HOSTS Anti-PUPs) SRV - [2013-01-08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-01-05 04:45:32 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-12-14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-12-14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012-12-02 10:55:30 | 000,224,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe -- (Internet Manager. RunOuc) SRV - [2012-11-01 02:35:20 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2012-11-01 02:34:52 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2012-11-01 01:57:50 | 013,234,176 | ---- | M] () [Auto | Stopped] -- E:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd) SRV - [2012-11-01 00:48:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- E:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2012-10-11 17:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2012-10-11 17:15:26 | 001,853,584 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater) SRV - [2012-10-02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011-12-01 17:18:08 | 000,559,576 | ---- | M] () [Auto | Running] -- E:\Program Files (x86)\Zentimo\ZentimoService.exe -- (ZentimoService) SRV - [2011-10-14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011-10-14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011-03-14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-12-22 01:08:39 | 000,814,344 | ---- | M] (ABBYY) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.10.0) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008-06-25 12:02:28 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2008-06-21 17:01:32 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2004-06-13 23:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Disabled | Stopped] -- C:\Windows\SysWOW64\brsvc01a.exe -- (Brother XP spl Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013-02-06 22:28:46 | 000,221,720 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler) DRV:[b]64bit:[/b] - [2013-01-16 19:51:44 | 000,023,176 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd) DRV:[b]64bit:[/b] - [2012-12-14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b]64bit:[/b] - [2012-12-02 10:55:38 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm) DRV:[b]64bit:[/b] - [2012-12-02 10:55:38 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM) DRV:[b]64bit:[/b] - [2012-12-02 10:55:38 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV:[b]64bit:[/b] - [2012-12-02 10:55:37 | 000,222,464 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2012-12-02 10:55:37 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV:[b]64bit:[/b] - [2012-12-02 10:55:37 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm) DRV:[b]64bit:[/b] - [2012-12-02 10:55:37 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV:[b]64bit:[/b] - [2012-12-02 10:55:37 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl) DRV:[b]64bit:[/b] - [2012-12-02 10:55:37 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad) DRV:[b]64bit:[/b] - [2012-11-26 16:34:14 | 000,058,360 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\networx.sys -- (networx) DRV:[b]64bit:[/b] - [2012-11-22 01:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP) DRV:[b]64bit:[/b] - [2012-11-01 02:34:54 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:[b]64bit:[/b] - [2012-11-01 02:34:32 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:[b]64bit:[/b] - [2012-11-01 02:34:10 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:[b]64bit:[/b] - [2012-11-01 02:34:08 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:[b]64bit:[/b] - [2012-11-01 02:34:04 | 000,032,920 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:[b]64bit:[/b] - [2012-10-27 17:59:34 | 000,268,896 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BazisPortableCDBus.sys -- (BazisPortableCDBus) DRV:[b]64bit:[/b] - [2012-10-26 13:38:41 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2012-10-24 14:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:[b]64bit:[/b] - [2012-10-24 14:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:[b]64bit:[/b] - [2012-10-11 17:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:[b]64bit:[/b] - [2012-10-11 17:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:[b]64bit:[/b] - [2012-08-28 13:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:[b]64bit:[/b] - [2012-08-23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012-08-23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2012-07-19 22:21:19 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd) DRV:[b]64bit:[/b] - [2012-07-19 22:21:13 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP) DRV:[b]64bit:[/b] - [2012-07-19 22:21:13 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap) DRV:[b]64bit:[/b] - [2012-04-11 02:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:[b]64bit:[/b] - [2012-04-11 02:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:[b]64bit:[/b] - [2012-04-10 11:17:14 | 000,164,528 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-09-02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:[b]64bit:[/b] - [2011-09-02 07:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:[b]64bit:[/b] - [2011-09-02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:[b]64bit:[/b] - [2011-09-02 07:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:[b]64bit:[/b] - [2011-07-29 12:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:[b]64bit:[/b] - [2011-07-29 12:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:[b]64bit:[/b] - [2011-07-01 13:16:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:[b]64bit:[/b] - [2011-06-22 14:10:02 | 000,079,872 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nokia_usb_modem_cdc_acm.sys -- (nokia_usb_modem_cdc_acm) DRV:[b]64bit:[/b] - [2011-06-22 14:10:02 | 000,058,880 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nokia_usb_modem_cdc_ecm.sys -- (nokia_usb_modem_cdc_ecm) DRV:[b]64bit:[/b] - [2011-06-22 14:10:02 | 000,056,320 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nokia_usb_modem_ecm_enum_filter.sys -- (nokia_usb_modem_ecm_enum_filter) DRV:[b]64bit:[/b] - [2011-06-22 14:10:02 | 000,056,320 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nokia_usb_modem_ecm_enum.sys -- (nokia_usb_modem_ecm_enum) DRV:[b]64bit:[/b] - [2011-06-22 14:10:02 | 000,014,336 | ---- | M] (Nokia) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\nokia_usb_modem_cpo.sys -- (nokia_usb_modem_cpo) DRV:[b]64bit:[/b] - [2010-11-20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-09-19 05:57:35 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:[b]64bit:[/b] - [2010-09-03 12:26:24 | 000,050,768 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus) DRV:[b]64bit:[/b] - [2010-09-01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:[b]64bit:[/b] - [2010-07-16 23:06:54 | 000,049,176 | ---- | M] (SafePcTools Software) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FLGuard.sys -- (FLGuard) DRV:[b]64bit:[/b] - [2010-07-16 01:56:39 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42) DRV:[b]64bit:[/b] - [2010-06-17 05:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) DRV:[b]64bit:[/b] - [2010-06-05 11:38:00 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010-06-05 10:55:34 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010-06-05 10:55:34 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-01-27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:[b]64bit:[/b] - [2009-11-17 08:16:44 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT) DRV:[b]64bit:[/b] - [2009-08-18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-18 23:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM) DRV:[b]64bit:[/b] - [2008-06-21 17:01:42 | 000,020,520 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts) DRV - [2012-06-20 00:17:01 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc) DRV - [2012-06-20 00:16:58 | 000,044,688 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver) DRV - [2011-07-29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2011-07-29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011-05-19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2010-07-01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- E:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010-05-05 08:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:[b]64bit:[/b] - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = J:\INTERNET EXPLORER IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll (RayV) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010-06-05 17:01:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@vdownloader.com: C:\Program Files (x86)\VDownloader\Addons\FireFox [2012-03-04 23:35:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012-09-15 18:00:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wcapturex@deskperience.com: E:\Program Files (x86)\WordWeb\WCaptureMoz [2013-02-21 13:06:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-01-11 14:04:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-06-24 11:04:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2010-06-11 20:31:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2011-05-09 21:10:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 15.0\extensions\\Components: C:\Program Files (x86)\Pale Moon\components [2013-01-28 15:46:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 15.0\extensions\\Plugins: C:\Program Files (x86)\Pale Moon\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 15.4.1\extensions\\Components: C:\program files (x86)\pale moon\components [2013-01-28 15:46:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 15.4.1\extensions\\Plugins: C:\program files (x86)\pale moon\plugins [2013-02-17 14:56:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions [2013-01-11 14:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013-01-05 04:45:48 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013-01-05 04:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013-01-05 04:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2013-02-25 17:44:49 | 000,855,599 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) O2:[b]64bit:[/b] - BHO: (FLockObj Class) - {26C3165B-FC58-4910-802D-250B2E68A04E} - C:\Program Files (x86)\GiliSoft\Privacy Protector\FileLockPlugin64.dll () O2:[b]64bit:[/b] - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll () O2:[b]64bit:[/b] - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.) O2:[b]64bit:[/b] - BHO: (no name) - AutorunsDisabled - No CLSID value found. O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (IGMONObj Class) - {02464DDC-3187-11D8-8004-0020ED227566} - C:\Program Files (x86)\iGetter\Integration\IGMON.dll (Presenta Ltd.) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll () O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.) O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found. O2 - BHO: (no name) - Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found. O2 - BHO: (no name) - Disabled:{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - No CLSID value found. O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll () O3:[b]64bit:[/b] - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O3:[b]64bit:[/b] - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research) O3 - HKLM\..\Toolbar: (CaptureSaver) - {5148AB7D-8868-4490-B6DA-F98368488582} - E:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com) O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll () O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O4:[b]64bit:[/b] - HKLM..\Run: [CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] "C:\Users\ADMINI~1\AppData\Local\Temp\cisFBAA.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} File not found O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO) O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe (Logitech, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Zentimo xStorage Manager] E:\Program Files (x86)\Zentimo\Zentimo.exe (Crystal Rich Ltd) O4 - HKLM..\Run: [DT GWY] C:\PROGRAM FILES (X86)\COMMON FILES\PORTRAIT DISPLAYS\Shared\DT_STARTUP.EXE () O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation) O4 - HKLM..\Run: [Run StartupMonitor] C:\Windows\StartupMonitor.exe () O4 - HKLM..\Run: [WordWeb] E:\Program Files (x86)\WordWeb\wweb32.exe () O4 - HKCU..\Run: [AshSnap] C:\Program Files (x86)\Ashampoo\Ashampoo Snap 6\ashsnap.exe (Ashampoo Media GmbH & Co. KG) O4 - HKCU..\Run: [Nexus] File not found O4 - HKCU..\Run: [Nexus-Ultimate] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O8:[b]64bit:[/b] - Extra context menu item: LastPass - file://C:\Users\Grace II\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8:[b]64bit:[/b] - Extra context menu item: LastPass Fill Forms - file://C:\Users\Grace II\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O8 - Extra context menu item: LastPass - file://C:\Users\Grace II\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Grace II\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - E:\Program Files (x86)\VideoGet\Plugins\VideoGet_IE_x64.dll () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - E:\Program Files (x86)\VideoGet\Plugins\VideoGet_IE_x64.dll () O9 - Extra 'Tools' menuitem : Ustawienia wtyczki &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll () O9 - Extra Button: CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - E:\Program Files (x86)\CaptureSaver\CaptureSaverIE.dll (www.capturesaver.com) O9 - Extra 'Tools' menuitem : CaptureSaver - {3BD9DD3E-F9B6-45b9-9ED3-5E1980C2686F} - Reg Error: Value error. File not found O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll () O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - E:\Program Files (x86)\VideoGet\Plugins\VideoGet_IE.dll () O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - E:\Program Files (x86)\VideoGet\Plugins\VideoGet_IE.dll () O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {615A1925-0E5B-4767-A65E-3165AEAC32A3} http://quickscan.bitdefender.com/qsax/qsax64.cab (BitDefender QuickScan Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{238B023F-7C97-4374-8D0B-2FCC579F4953}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{407B0DE1-397D-4C57-9451-21C497BCB937}: NameServer = 8.26.56.26,156.154.70.22 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{441D1930-202C-477D-BE8E-C5768EFCDFE3}: NameServer = 193.41.112.14 193.41.112.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{595A939A-4E2D-42C9-BF1F-C6029534BFBC}: NameServer = 193.41.112.14 193.41.112.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2011898-1A6D-4443-AD3D-ACB761D3F894}: NameServer = 193.41.112.14 193.41.112.18 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB0224C0-2C8A-4EFE-898C-BEE014CFE847}: NameServer = 193.41.112.14 193.41.112.18 O18:[b]64bit:[/b] - Protocol\Handler\AutorunsDisabled - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\AutorunsDisabled\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll File not found O18:[b]64bit:[/b] - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll () O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found O18 - Protocol\Handler\AutorunsDisabled\ms-help - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll () O18:[b]64bit:[/b] - Protocol\Filter\AutorunsDisabled - No CLSID value found O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:[b]64bit:[/b] - HKLM IFEO\taskmgr.exe: Debugger - I:\system - działanie OS i programów\narzędzia diagnostyczne i informacyjne\SystemExplorer\SystemExplorerPortable x64\SystemExplorer.exe (Mister Group) O27 - HKLM IFEO\taskmgr.exe: Debugger - I:\system - działanie OS i programów\narzędzia diagnostyczne i informacyjne\SystemExplorer\SystemExplorerPortable x64\SystemExplorer.exe (Mister Group) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2013-02-21 00:24:37 | 000,003,778 | ---- | M] () - J:\AutomaticBackup (export zadania).xml -- [ NTFS ] O32 - AutoRun File - [2011-03-15 00:27:21 | 000,148,320 | R--- | M] () - M:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2009-09-25 03:46:52 | 000,000,045 | R--- | M] () - M:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{e572c9d0-3c64-11e2-a3d5-ec4409e34433}\Shell - "" = AutoRun O33 - MountPoints2\{e572c9d0-3c64-11e2-a3d5-ec4409e34433}\Shell\AutoRun\command - "" = M:\AutoRun.exe -- [2011-03-15 00:27:21 | 000,148,320 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-02-25 17:36:17 | 000,023,176 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys [2013-02-25 17:32:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013-02-24 03:01:53 | 000,000,000 | -H-D | C] -- C:\VTRoot [2013-02-24 02:22:17 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space [2013-02-24 02:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo [2013-02-24 02:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2013-02-24 02:05:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\QFX Software [2013-02-24 01:50:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Uninstaller Tool(Comodo Forums) [2013-02-20 16:36:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\MigWiz [2013-02-20 01:09:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass [2013-02-19 11:13:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Process Hacker 2 [2013-02-19 09:38:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apps [2013-02-18 13:30:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Foxit Software [2013-02-18 13:29:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics [2013-02-18 13:28:54 | 000,000,000 | ---D | C] -- C:\MATS [2013-02-17 19:45:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\VS Revo Group [2013-02-17 14:56:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Macromedia [2013-02-17 14:56:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe [2013-02-17 14:56:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla [2013-02-17 14:56:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Moonchild Productions [2013-02-17 14:56:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Moonchild Productions [2013-02-17 14:51:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Gili Privacy Protector [2013-02-17 14:45:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DisplayTune [2013-02-17 14:45:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Logitech [2013-02-17 14:45:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Zentimo [2013-02-17 14:44:24 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches [2013-02-17 14:44:24 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013-02-17 14:44:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities [2013-02-17 14:44:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts [2013-02-17 14:43:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ProcessLasso [2013-02-17 14:42:24 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files [2013-02-17 14:42:24 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Historia [2013-02-17 14:42:24 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Dane aplikacji [2013-02-17 14:42:23 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Ustawienia lokalne [2013-02-17 14:42:23 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Szablony [2013-02-17 14:42:23 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo [2013-02-17 14:42:23 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent [2013-02-17 14:42:23 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood [2013-02-17 14:42:23 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood [2013-02-17 14:42:23 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Moje wideo [2013-02-17 14:42:23 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Moje obrazy [2013-02-17 14:42:23 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Moje dokumenty [2013-02-17 14:42:23 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Moja muzyka [2013-02-17 14:42:23 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Menu Start [2013-02-17 14:42:23 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Dane aplikacji [2013-02-17 14:42:23 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies [2013-02-17 14:42:20 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft [2013-02-17 14:42:20 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013-02-17 14:42:20 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013-02-17 14:42:20 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop [2013-02-17 14:42:20 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013-02-17 14:42:20 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData [2013-02-17 14:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp [2013-02-17 14:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Spearit [2013-02-17 14:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help [2013-02-17 14:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft [2013-02-17 14:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia [2013-02-17 14:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google [2013-02-17 14:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\EurekaLog [2013-02-17 14:42:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerProducer [2013-02-17 14:42:19 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos [2013-02-17 14:42:19 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games [2013-02-17 14:42:19 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures [2013-02-17 14:42:19 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music [2013-02-17 14:42:19 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links [2013-02-17 14:42:19 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites [2013-02-17 14:42:19 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads [2013-02-17 14:42:19 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents [2013-02-17 14:42:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Anti-Malware [2013-02-15 22:23:42 | 000,000,000 | ---D | C] -- C:\AMD [2013-02-14 20:30:44 | 000,016,440 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\AtiPcie64.sys [2013-02-13 22:06:51 | 000,000,000 | ---D | C] -- C:\AAA [2013-02-13 13:44:07 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-02-13 13:44:07 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-02-13 13:44:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-02-13 13:44:04 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-02-13 13:44:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013-02-13 13:44:03 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-02-13 13:44:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-02-13 13:44:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013-02-13 13:44:02 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013-02-13 13:44:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013-02-13 13:44:01 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-02-13 13:44:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-02-13 13:43:59 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-02-13 13:43:59 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013-02-13 13:43:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-02-13 13:40:47 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-02-13 13:40:42 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-02-13 13:40:41 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-02-13 13:38:33 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013-02-13 13:38:31 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-02-13 13:38:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-02-13 13:38:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-02-13 13:38:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-02-13 13:38:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-02-13 13:37:09 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013-02-12 16:27:02 | 000,058,536 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\usbfilter.sys [2013-02-09 00:52:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs [2013-02-05 11:07:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013-02-05 11:07:12 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013-02-04 13:49:55 | 000,000,000 | ---D | C] -- C:\results [2013-02-03 11:11:44 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll [2013-02-03 11:11:44 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll [2013-02-03 11:11:43 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys [2013-02-03 11:11:39 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys [2013-02-03 11:11:38 | 000,032,920 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys [2013-02-03 11:11:13 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe [2013-02-03 11:11:09 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe [2013-02-03 11:11:08 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys [2013-02-03 11:11:03 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll [2013-02-03 11:10:59 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys [2013-02-03 11:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware [2013-02-03 11:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2013-02-03 11:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware [2013-02-03 11:10:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware [2013-02-02 09:39:48 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe [2013-02-02 09:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio [2013-02-01 00:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM [2013-01-29 13:03:10 | 000,165,112 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys [2013-01-28 15:45:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pale moon [2012-08-14 01:16:32 | 014,690,376 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-02-25 22:15:47 | 000,022,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-02-25 22:15:47 | 000,022,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-02-25 22:09:36 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013-02-25 22:09:14 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-02-25 22:08:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-02-25 22:08:41 | 3756,761,087 | -HS- | M] () -- C:\hiberfil.sys [2013-02-25 18:51:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-02-25 18:48:01 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-02-25 18:06:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-392863465-1235368472-401103835-1004UA.job [2013-02-25 17:44:49 | 000,855,599 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013-02-25 13:06:09 | 000,001,018 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-392863465-1235368472-401103835-1004Core.job [2013-02-24 19:08:52 | 000,015,385 | ---- | M] () -- C:\Windows\FileGuard.bin [2013-02-22 02:48:44 | 000,001,068 | ---- | M] () -- C:\Users\Administrator\Documents\Winstep.lnk [2013-02-22 02:48:44 | 000,000,998 | ---- | M] () -- C:\Users\Administrator\Desktop\Nexus Ultimate.lnk [2013-02-21 15:07:31 | 000,010,020 | ---- | M] () -- C:\Users\Administrator\Desktop\WindowsBackupexport.reg [2013-02-20 01:09:50 | 014,690,376 | ---- | M] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe [2013-02-20 01:09:23 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk [2013-02-17 14:46:15 | 000,000,439 | -H-- | M] () -- C:\ZentimoSettings.ini [2013-02-17 14:44:28 | 000,002,225 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk [2013-02-16 18:52:42 | 001,733,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-02-16 18:52:42 | 000,769,300 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-02-16 18:52:42 | 000,666,804 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-02-16 18:52:42 | 000,165,980 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-02-16 18:52:42 | 000,131,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-02-14 19:10:31 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-02-14 19:10:31 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-02-13 14:49:31 | 000,479,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-02-06 22:28:46 | 000,221,720 | ---- | M] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys [2013-02-06 19:00:31 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2013-02-03 11:10:42 | 001,751,044 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-02-03 11:10:42 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk [2013-02-02 09:39:08 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-02-22 02:48:44 | 000,001,068 | ---- | C] () -- C:\Users\Administrator\Documents\Winstep.lnk [2013-02-22 02:48:44 | 000,000,998 | ---- | C] () -- C:\Users\Administrator\Desktop\Nexus Ultimate.lnk [2013-02-21 15:07:31 | 000,010,020 | ---- | C] () -- C:\Users\Administrator\Desktop\WindowsBackupexport.reg [2013-02-17 14:46:15 | 000,000,439 | -H-- | C] () -- C:\ZentimoSettings.ini [2013-02-17 14:44:54 | 000,001,427 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013-02-17 14:44:54 | 000,001,421 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013-02-17 14:44:28 | 000,002,225 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk [2013-02-17 14:42:20 | 000,002,118 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk [2013-02-08 03:35:28 | 3756,761,087 | -HS- | C] () -- C:\hiberfil.sys [2013-02-03 11:10:42 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk [2012-12-22 06:20:17 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012-12-22 06:20:17 | 000,157,696 | ---- | C] () -- C:\Windows\SysWow64\OggEnc.exe [2012-12-22 06:20:17 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\Lame.exe [2012-12-22 06:20:17 | 000,076,800 | ---- | C] () -- C:\Windows\SysWow64\Faac.exe [2012-12-19 02:43:41 | 000,161,397 | ---- | C] () -- C:\Windows\Animated Wallpaper Maker Uninstaller.exe [2012-11-28 13:02:35 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\Mp3Ctrl.dll [2012-09-15 07:03:51 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2012-09-15 07:03:51 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2012-09-15 07:03:50 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2012-09-15 07:03:50 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2012-09-15 07:03:50 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2012-09-04 02:05:45 | 000,162,019 | ---- | C] () -- C:\Windows\DP Animation Maker Uninstaller.exe [2012-05-24 18:13:07 | 000,000,007 | ---- | C] () -- C:\Windows\grabber4.dat [2012-05-08 06:02:20 | 000,003,190 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012-01-21 02:30:29 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe [2012-01-12 08:53:17 | 000,000,123 | ---- | C] () -- C:\Windows\SysWow64\EPMConfig.ini [2011-09-30 10:46:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011-06-25 04:28:00 | 000,000,212 | ---- | C] () -- C:\Windows\aXmag.INI [2011-05-26 10:51:31 | 000,714,526 | ---- | C] () -- C:\Windows\unins002.exe [2011-05-26 10:51:31 | 000,120,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll [2011-05-26 10:51:31 | 000,001,989 | ---- | C] () -- C:\Windows\unins002.dat [2011-04-19 10:53:06 | 000,000,022 | -HS- | C] () -- C:\Windows\Sys3390 SettingsCollection.bin [2011-03-28 00:48:16 | 000,000,022 | ---- | C] () -- C:\Windows\cmm.dat [2011-03-22 21:02:44 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\utvideo.dll [2011-03-22 21:02:44 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\utv_vcm.dll [2010-08-20 19:40:32 | 000,001,715 | ---- | C] () -- C:\Program Files\chrome.exe — skrót.lnk [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMP:F8B88761 @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:112AEA99 @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:9341E0C6 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:010ADD2C @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34 @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B797EE03 < End of report >