OTL logfile created on: 2013-04-12 16:20:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jbr\dwhelper\Favorites\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 7,88 Gb Total Physical Memory | 5,08 Gb Available Physical Memory | 64,47% Memory free 20,58 Gb Paging File | 17,49 Gb Available in Paging File | 85,01% Paging File free Paging file location(s): c:\pagefile.sys 13000 15000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 131,96 Gb Total Space | 37,47 Gb Free Space | 28,39% Space Free | Partition Type: NTFS Drive D: | 15,62 Gb Total Space | 5,64 Gb Free Space | 36,10% Space Free | Partition Type: NTFS Drive M: | 100,00 Gb Total Space | 37,47 Gb Free Space | 37,47% Space Free | Partition Type: MFilesFS Drive N: | 272,24 Gb Total Space | 10,73 Gb Free Space | 3,94% Space Free | Partition Type: NTFS Drive O: | 272,24 Gb Total Space | 10,73 Gb Free Space | 3,94% Space Free | Partition Type: NTFS Drive Q: | 272,24 Gb Total Space | 10,73 Gb Free Space | 3,94% Space Free | Partition Type: NTFS Computer Name: PNC3-IT | User Name: jbr | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-04-12 16:19:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jbr\dwhelper\Favorites\Downloads\OTL.exe PRC - [2013-04-12 16:13:52 | 000,506,368 | -H-- | M] () -- C:\Users\jbr\AppData\Local\Temp\trjritnskgkpdjk.exe PRC - [2013-04-12 13:05:16 | 000,101,376 | RH-- | M] () -- C:\Users\jbr\AppData\Roaming\Pgvvpwwaqgocctdh.exe PRC - [2013-04-12 08:36:44 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013-04-05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2013-03-12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\jbr\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013-03-06 17:30:43 | 010,220,896 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe PRC - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013-03-06 17:22:26 | 000,185,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe PRC - [2013-02-27 10:22:45 | 001,019,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe PRC - [2013-02-27 10:22:45 | 000,622,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32.exe PRC - [2013-02-26 15:59:07 | 000,494,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe PRC - [2013-02-15 18:23:34 | 014,731,776 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe PRC - [2013-01-23 11:30:38 | 000,155,864 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe PRC - [2013-01-23 11:30:34 | 000,029,920 | ---- | M] (Macheen) -- C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe PRC - [2013-01-16 13:05:24 | 000,278,800 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe PRC - [2012-12-18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-12-07 18:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012-09-07 09:10:38 | 000,604,048 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe PRC - [2012-09-07 09:09:02 | 000,366,480 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe PRC - [2012-09-07 09:08:50 | 000,272,272 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe PRC - [2012-09-07 09:08:48 | 000,133,008 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe PRC - [2012-08-23 18:30:18 | 000,616,448 | ---- | M] (Robert Łajka & Pawel Porwisz) -- C:\Program Files (x86)\TC UP\TC UP.exe PRC - [2012-08-03 08:01:00 | 003,801,736 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files (x86)\TC UP\TOTALCMD.EXE PRC - [2012-05-16 06:32:00 | 000,128,608 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE PRC - [2012-03-26 19:05:04 | 004,656,632 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\SpeedFan\speedfan.exe PRC - [2012-03-07 15:01:08 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012-03-05 10:20:28 | 000,446,800 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe PRC - [2012-02-29 17:35:46 | 000,230,240 | ---- | M] () -- C:\ProgramData\MobileBrServ\mbbService.exe PRC - [2012-02-06 17:47:00 | 000,189,120 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FNRB32.exe PRC - [2012-02-06 17:47:00 | 000,131,776 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FIH32.exe PRC - [2012-02-06 17:46:52 | 000,303,808 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FSM32.EXE PRC - [2012-02-06 17:46:52 | 000,189,120 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FSMA32.EXE PRC - [2012-02-06 17:46:52 | 000,090,816 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FSHDLL32.EXE PRC - [2012-02-06 17:46:06 | 000,221,888 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe PRC - [2012-01-16 12:47:42 | 000,062,016 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe PRC - [2012-01-16 12:47:40 | 000,044,096 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe PRC - [2012-01-16 12:47:22 | 000,043,584 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe PRC - [2011-11-04 16:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe PRC - [2011-09-27 14:17:40 | 000,386,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe PRC - [2011-09-16 14:39:24 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2011-08-12 14:42:50 | 000,648,744 | R--- | M] (Ericsson AB) -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe PRC - [2011-08-03 15:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe PRC - [2011-07-12 18:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe PRC - [2011-07-12 17:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exe PRC - [2011-07-12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe PRC - [2011-05-12 15:17:17 | 001,858,048 | ---- | M] (Gadwin Systems, Inc) -- C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe PRC - [2011-02-07 17:15:38 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2011-01-17 11:42:04 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011-01-17 11:42:02 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010-11-18 13:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\SysWOW64\SASrv.exe PRC - [2005-05-24 23:41:09 | 000,503,808 | ---- | M] (Stamina) -- C:\Program Files (x86)\Konnekt\konnekt.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-04-12 16:19:01 | 000,192,512 | ---- | M] () -- C:\Users\jbr\AppData\Local\Temp\sfamcc00001.dll MOD - [2013-04-12 16:19:01 | 000,158,720 | ---- | M] () -- C:\Users\jbr\AppData\Local\Temp\sfareca00001.dll MOD - [2013-04-12 16:13:52 | 000,506,368 | -H-- | M] () -- C:\Users\jbr\AppData\Local\Temp\trjritnskgkpdjk.exe MOD - [2013-04-12 13:05:16 | 000,101,376 | RH-- | M] () -- C:\Users\jbr\AppData\Roaming\Pgvvpwwaqgocctdh.exe MOD - [2013-04-12 08:36:43 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013-02-13 18:04:39 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll MOD - [2013-02-13 18:04:35 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll MOD - [2013-02-13 18:04:28 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013-01-10 09:42:58 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\5baea82888a13fa558004b24e3b107cf\CustomMarshalers.ni.dll MOD - [2013-01-10 09:36:41 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll MOD - [2013-01-10 09:29:13 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll MOD - [2013-01-10 09:19:48 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll MOD - [2013-01-10 09:19:34 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013-01-10 09:19:32 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll MOD - [2013-01-10 09:19:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013-01-10 09:19:20 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013-01-10 09:19:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013-01-10 09:19:17 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013-01-10 09:19:13 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012-07-17 22:02:20 | 000,970,240 | ---- | M] () -- C:\Users\jbr\AppData\Roaming\Mozilla\Firefox\Profiles\aza9s3t3.default-1355738652599\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll MOD - [2012-03-07 15:00:54 | 000,362,304 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll MOD - [2012-02-20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012-02-20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012-02-06 17:46:18 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\strres.eng MOD - [2012-02-06 17:46:16 | 000,553,664 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\gres.dll MOD - [2012-02-06 17:46:14 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\flyerres.eng MOD - [2012-02-06 17:46:14 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\fsavures.eng MOD - [2012-02-06 17:46:12 | 000,443,072 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\about.dll MOD - [2012-02-06 17:46:12 | 000,090,816 | ---- | M] () -- C:\Program Files (x86)\F-Secure\FSGUI\aboutres.dll MOD - [2011-09-26 15:22:42 | 002,085,888 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cv210.dll MOD - [2011-09-26 15:22:40 | 002,201,088 | ---- | M] () -- C:\Program Files\Lenovo\AutoLock\cxcore210.dll MOD - [2010-11-21 05:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2006-07-25 17:50:22 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Konnekt\plugins\tabletka.dll MOD - [2005-09-18 16:06:15 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Konnekt\data\dll\SMemory.dll MOD - [2003-12-23 13:28:05 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\Konnekt\data\dll\LuaPlus.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2012-10-02 20:31:08 | 007,720,360 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.6\Bin\x64\mfclient.exe -- (MFClient 9.0.3372.6) SRV:[b]64bit:[/b] - [2012-10-02 20:30:00 | 002,914,216 | ---- | M] (M-Files Corporation) [Auto | Running] -- C:\Program Files\M-Files\9.0.3372.6\Bin\x64\mfsetup.exe -- (MFSetup 9.0.3372.6) SRV:[b]64bit:[/b] - [2012-06-25 16:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:[b]64bit:[/b] - [2012-06-25 16:05:54 | 000,628,016 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2012-06-25 16:05:28 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2012-02-29 15:15:08 | 000,048,704 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC) SRV:[b]64bit:[/b] - [2012-01-16 12:47:42 | 000,062,016 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC) SRV:[b]64bit:[/b] - [2012-01-16 12:47:22 | 000,043,584 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE) SRV:[b]64bit:[/b] - [2011-11-18 13:10:40 | 000,144,448 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe -- (HyperW7Svc) SRV:[b]64bit:[/b] - [2011-10-17 16:48:24 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins) SRV:[b]64bit:[/b] - [2011-07-12 17:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC) SRV:[b]64bit:[/b] - [2011-07-12 17:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD) SRV:[b]64bit:[/b] - [2011-07-12 17:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE) SRV:[b]64bit:[/b] - [2011-07-12 17:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC) SRV:[b]64bit:[/b] - [2011-03-29 20:15:36 | 000,047,728 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC) SRV:[b]64bit:[/b] - [2010-12-17 05:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2009-03-06 00:51:34 | 000,284,696 | ---- | M] (SonicWALL, Inc.) [Auto | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe -- (SWGVCSvc) SRV - [2013-04-12 08:36:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-04-12 08:21:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-03-06 17:30:43 | 003,560,288 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013-02-04 11:26:30 | 000,022,376 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2013-01-23 11:30:34 | 000,029,920 | ---- | M] (Macheen) [Auto | Running] -- C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe -- (MacheenService) SRV - [2013-01-16 13:05:24 | 000,278,800 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\Program Files (x86)\Lenovo\MobileAccess\WebUpdateSvc4.exe -- (WebUpdate4) SRV - [2013-01-08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-12-18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-12-07 18:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012-09-07 09:08:50 | 000,272,272 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc) SRV - [2012-09-07 09:08:48 | 000,133,008 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc) SRV - [2012-05-16 06:32:00 | 001,665,120 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe -- (PwmEWSvc) SRV - [2012-05-16 06:32:00 | 001,662,560 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service) SRV - [2012-05-16 06:32:00 | 000,320,576 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc) SRV - [2012-05-13 20:51:50 | 000,024,576 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe -- (wampapache) SRV - [2012-04-19 16:45:02 | 009,693,696 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe -- (wampmysqld) SRV - [2012-03-19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012-03-07 15:01:08 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012-03-05 10:20:28 | 000,446,800 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe -- (SROSVC) SRV - [2012-02-29 17:35:46 | 000,230,240 | ---- | M] () [Auto | Running] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service) SRV - [2012-02-06 17:47:00 | 000,189,120 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\common\FNRB32.exe -- (F-Secure Network Request Broker) SRV - [2012-02-06 17:46:52 | 000,189,120 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\common\FSMA32.EXE -- (FSMA) SRV - [2012-02-06 17:46:32 | 000,855,232 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\FWES\program\fsdfwd.exe -- (FSDFWD) SRV - [2012-02-06 17:46:06 | 000,221,888 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2012-01-04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011-08-12 23:18:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-08-12 14:42:50 | 000,648,744 | R--- | M] (Ericsson AB) [Auto | Running] -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe -- (WMCoreService) SRV - [2011-08-03 15:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver) SRV - [2011-02-07 17:15:38 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2011-01-17 11:42:04 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011-01-17 11:42:02 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010-11-18 13:47:52 | 000,446,592 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\SASrv.exe -- (SAService) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007-05-31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013-03-22 15:33:43 | 000,017,280 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBDrv_AMD64.sys -- (usbUDisc) DRV:[b]64bit:[/b] - [2013-03-15 20:14:04 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:[b]64bit:[/b] - [2013-02-12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2012-12-13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2012-12-07 19:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:[b]64bit:[/b] - [2012-10-02 19:50:14 | 000,096,648 | ---- | M] (M-Files Corporation) [File_System | On_Demand | Running] -- C:\Program Files\M-Files\9.0.3372.6\Bin\x64\MFFSD.sys -- (MFFSD34865ABB-E347-49BA-BB1E-BD3BD2168C18) DRV:[b]64bit:[/b] - [2012-10-02 19:49:52 | 000,021,896 | ---- | M] (M-Files Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\M-Files\9.0.3372.6\Bin\x64\MFVDD.sys -- (MFVDD0170155C-D8A3-471C-952A-123DE6653FA4) DRV:[b]64bit:[/b] - [2012-08-16 10:59:26 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts) DRV:[b]64bit:[/b] - [2012-07-05 21:43:24 | 000,443,192 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2012-07-05 21:43:24 | 000,027,960 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:[b]64bit:[/b] - [2012-06-05 18:40:42 | 001,580,704 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:[b]64bit:[/b] - [2012-06-03 08:33:44 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:[b]64bit:[/b] - [2012-05-30 13:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2012-05-16 06:32:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64) DRV:[b]64bit:[/b] - [2012-05-16 06:32:00 | 000,019,784 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF) DRV:[b]64bit:[/b] - [2012-05-10 16:33:56 | 000,217,600 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:[b]64bit:[/b] - [2012-05-10 16:33:54 | 000,097,792 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:[b]64bit:[/b] - [2012-04-19 17:36:26 | 000,035,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:[b]64bit:[/b] - [2012-04-19 17:36:26 | 000,025,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:[b]64bit:[/b] - [2012-03-19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2012-03-07 18:42:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nvkflt.sys -- (nvkflt) DRV:[b]64bit:[/b] - [2012-03-07 18:42:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012-02-29 15:14:48 | 000,042,312 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV) DRV:[b]64bit:[/b] - [2012-02-29 14:47:54 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:[b]64bit:[/b] - [2012-02-06 17:46:32 | 000,095,136 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW) DRV:[b]64bit:[/b] - [2012-02-06 17:46:28 | 000,046,848 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES) DRV:[b]64bit:[/b] - [2012-01-17 05:45:58 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2012-01-11 13:30:58 | 000,360,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) DRV:[b]64bit:[/b] - [2011-12-27 03:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd) DRV:[b]64bit:[/b] - [2011-10-19 15:19:08 | 000,195,072 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:[b]64bit:[/b] - [2011-10-17 17:24:50 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:[b]64bit:[/b] - [2011-10-17 17:24:44 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:[b]64bit:[/b] - [2011-10-17 17:24:44 | 000,146,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:[b]64bit:[/b] - [2011-10-17 17:24:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:[b]64bit:[/b] - [2011-10-17 17:24:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:[b]64bit:[/b] - [2011-09-02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:[b]64bit:[/b] - [2011-09-02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:[b]64bit:[/b] - [2011-09-02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:[b]64bit:[/b] - [2011-08-12 15:55:08 | 000,268,840 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ) DRV:[b]64bit:[/b] - [2011-07-08 18:53:24 | 000,032,104 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys -- (PHCORE) DRV:[b]64bit:[/b] - [2011-07-01 12:48:20 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l36wgps64.sys -- (l36wgps) DRV:[b]64bit:[/b] - [2011-06-13 22:58:06 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr) DRV:[b]64bit:[/b] - [2011-06-13 22:58:04 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis) DRV:[b]64bit:[/b] - [2011-05-30 19:21:40 | 000,013,128 | ---- | M] (Authentec Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) DRV:[b]64bit:[/b] - [2011-05-25 18:23:00 | 000,101,888 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc) DRV:[b]64bit:[/b] - [2011-04-29 11:43:04 | 000,483,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm) DRV:[b]64bit:[/b] - [2011-04-29 11:43:00 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl) DRV:[b]64bit:[/b] - [2011-04-29 11:42:58 | 000,430,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) DRV:[b]64bit:[/b] - [2011-04-29 11:42:54 | 000,419,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) DRV:[b]64bit:[/b] - [2011-03-29 20:13:40 | 000,139,888 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf) DRV:[b]64bit:[/b] - [2011-03-29 20:11:48 | 000,023,664 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-03-04 19:18:42 | 000,166,016 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\5U877.sys -- (5U877) DRV:[b]64bit:[/b] - [2011-01-26 19:27:48 | 000,030,312 | ---- | M] (CaptainFlint Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vd_filedisk.sys -- (VD_FileDisk) DRV:[b]64bit:[/b] - [2011-01-15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:[b]64bit:[/b] - [2010-11-25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2010-11-21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010-10-20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010-09-07 15:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi) DRV:[b]64bit:[/b] - [2009-11-02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-06-09 05:18:20 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp) DRV:[b]64bit:[/b] - [2009-03-06 00:51:50 | 000,099,352 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SWIPsec.sys -- (SWIPsec) DRV:[b]64bit:[/b] - [2009-03-04 19:03:32 | 000,024,600 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWVNIC.sys -- (SWVNIC) DRV:[b]64bit:[/b] - [2008-11-16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:[b]64bit:[/b] - [2008-08-28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:[b]64bit:[/b] - [2008-01-10 20:34:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT) DRV:[b]64bit:[/b] - [2007-09-06 21:53:00 | 000,016,384 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DSI_SiUSBXp_3_1.sys -- (DSI_SiUSBXp_3_1) DRV:[b]64bit:[/b] - [2006-09-19 20:44:04 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2013-02-27 10:23:37 | 000,200,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2013-02-26 15:52:14 | 000,033,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\fsbts.sys -- (fsbts) DRV - [2012-10-22 08:35:13 | 000,000,220 | ---- | M] () [Kernel | System | Running] -- C:\Windows\null -- (Null) DRV - [2012-02-06 17:46:06 | 000,042,048 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter) DRV - [2012-02-06 17:46:06 | 000,027,328 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer) DRV - [2012-02-06 17:46:06 | 000,015,040 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error. IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\ilona IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-649295582-2107987914-6498272-10032\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-649295582-2107987914-6498272-10032\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\ilona IE - HKU\S-1-5-21-649295582-2107987914-6498272-10032\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-649295582-2107987914-6498272-10032\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-649295582-2107987914-6498272-10032\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local; [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.0 FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: %7B4BBDD651-70CF-4821-84F8-2B918CF89CA3%7D:7.1.0 FF - prefs.js..extensions.enabledAddons: %7Bcc85cd4e-5a5b-4eda-a25c-bdaffa93b406%7D:2.1.2 FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7B338e0b96-2285-4424-b4c8-e25560750fa3%7D:3 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2 FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3 FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1 FF - prefs.js..extensions.enabledAddons: info%40virustotal.com:1.5 FF - prefs.js..extensions.enabledAddons: flvto%40hotger.com:1.6.6 FF - prefs.js..extensions.enabledAddons: eliteproxyswitcher%40my-proxy.com:1.2.0.2 FF - prefs.js..extensions.enabledAddons: allegrosearch%40matylla.pl:1.2 FF - prefs.js..extensions.enabledAddons: %7B582195F5-92E7-40a0-A127-DB71295901D7%7D:0.6.4.1 FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.14 FF - prefs.js..extensions.enabledAddons: Firefox%40365scores.com:1.1.2 FF - prefs.js..extensions.enabledAddons: %7B1d453442-b4e9-41c3-aa17-ca9fc8ce4b87%7D:1 FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.5 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7 FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 8085 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@EDVR/WebClient: C:\windows\system32\WebClient\npwebclient.dll (Google) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-12 08:36:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012-11-27 12:28:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\Extensions [2012-11-27 12:28:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2013-04-12 08:18:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\Firefox\Profiles\aza9s3t3.default-1355738652599\extensions [2013-01-29 12:18:15 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\jbr\AppData\Roaming\mozilla\Firefox\Profiles\aza9s3t3.default-1355738652599\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-03-14 23:34:47 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\jbr\AppData\Roaming\mozilla\Firefox\Profiles\aza9s3t3.default-1355738652599\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2013-01-17 14:47:16 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\jbr\AppData\Roaming\mozilla\Firefox\Profiles\aza9s3t3.default-1355738652599\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-01-29 12:07:00 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\jbr\AppData\Roaming\mozilla\Firefox\Profiles\aza9s3t3.default-1355738652599\extensions\{241aae70-0022-11de-87af-0800200c9a66} [2013-01-29 11:59:32 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\jbr\AppData\Roaming\mozilla\Firefox\Profiles\aza9s3t3.default-1355738652599\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2013-02-25 12:56:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\jbr\AppData\Roaming\mozilla\Firefox\Profiles\aza9s3t3.default-1355738652599\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-01-29 12:18:12 | 000,000,000 | ---D | M] (Google Redesigned) -- C:\Users\jbr\AppData\Roaming\mozilla\Firefox\Profiles\aza9s3t3.default-1355738652599\extensions\{cc85cd4e-5a5b-4eda-a25c-bdaffa93b406} [2013-04-12 08:18:05 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\jbr\AppData\Roaming\mozilla\Firefox\Profiles\aza9s3t3.default-1355738652599\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-02-14 14:26:09 | 000,000,000 | ---D | M] (365Scores Notifier) -- C:\Users\jbr\AppData\Roaming\mozilla\Firefox\Profiles\aza9s3t3.default-1355738652599\extensions\Firefox@365scores.com [2012-12-19 11:47:48 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\jbr\AppData\Roaming\mozilla\Firefox\Profiles\aza9s3t3.default-1355738652599\extensions\support@lastpass.com [2013-01-29 12:18:15 | 000,003,212 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\allegrosearch@matylla.pl.xpi [2013-01-29 12:18:15 | 000,016,275 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\eliteproxyswitcher@my-proxy.com.xpi [2013-02-25 09:18:28 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\firebug@software.joehewitt.com.xpi [2013-01-29 12:18:15 | 000,005,886 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\flvto@hotger.com.xpi [2013-01-29 12:18:15 | 000,017,212 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\info@virustotal.com.xpi [2013-03-06 09:22:04 | 000,565,466 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2013-04-08 09:20:10 | 000,334,383 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\personas@christopher.beard.xpi [2013-01-29 12:18:15 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\tineye@ideeinc.com.xpi [2013-01-29 12:18:15 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\translator@zoli.bod.xpi [2013-04-11 10:02:28 | 000,350,097 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-02-18 09:30:13 | 000,007,464 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\{1d453442-b4e9-41c3-aa17-ca9fc8ce4b87}.xpi [2013-01-29 12:18:15 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-01-29 12:18:15 | 000,003,145 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi [2013-01-31 14:55:01 | 000,242,709 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi [2013-02-13 18:03:44 | 000,281,921 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2013-01-29 12:06:51 | 001,928,801 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}.xpi [2013-02-14 11:12:49 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-29 12:18:15 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-02-25 12:56:19 | 000,754,446 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-01-29 12:07:03 | 000,873,857 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}.xpi [2008-11-17 18:14:06 | 000,001,362 | ---- | M] () (No name found) -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}\chrome\skin\xpinstallItemGeneric.png [2013-04-10 08:16:39 | 000,002,157 | ---- | M] () -- C:\Users\jbr\AppData\Roaming\mozilla\firefox\profiles\aza9s3t3.default-1355738652599\searchplugins\zippyshare-mp3-search.xml [2013-04-12 08:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013-04-12 08:36:44 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013-02-27 09:50:21 | 000,002,980 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml [2013-02-27 09:50:21 | 000,001,619 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml [2013-02-27 09:50:21 | 000,001,130 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml [2013-02-27 09:50:21 | 000,001,071 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml [2013-02-27 09:50:21 | 000,001,396 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml [2013-02-27 09:50:21 | 000,001,896 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml Hosts file not found O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo) O4:[b]64bit:[/b] - HKLM..\Run: [ALCKRESI.EXE] C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited) O4:[b]64bit:[/b] - HKLM..\Run: [ForteConfig] C:\Program Files\CONEXANT\ForteConfig\fmapp.exe () O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:[b]64bit:[/b] - HKLM..\Run: [M-Files Status 9.0.3372.6] C:\Program Files\M-Files\9.0.3372.6\Bin\x64\MFStatus.exe (M-Files Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [M-Files Updates 9.0.3372.6] C:\Program Files\M-Files\9.0.3372.6\Bin\x64\MFAUClient.exe (M-Files Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.) O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [MobileAccess] C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe (Lenovo) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [Pgvvpwwaqgocctdh.exe] C:\Users\jbr\AppData\Roaming\Pgvvpwwaqgocctdh.exe () O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited) O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.) O4 - HKLM..\Run: [TC UP] C:\Program Files (x86)\TC UP\TC UP.exe (Robert Łajka & Pawel Porwisz) O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\TightVNC\tvnserver.exe (GlavSoft LLC.) O4 - HKU\S-1-5-21-649295582-2107987914-6498272-10032..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) O4 - HKU\S-1-5-21-649295582-2107987914-6498272-10032..\Run: [Gadwin PrintScreen Pro] C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe (Gadwin Systems, Inc) O4 - HKU\S-1-5-21-649295582-2107987914-6498272-10032..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKU\S-1-5-21-649295582-2107987914-6498272-10032..\Run: [Konnekt] C:\Program Files (x86)\Konnekt\konnekt.exe (Stamina) O4 - HKU\S-1-5-21-649295582-2107987914-6498272-10032..\Run: [Pgvvpwwaqgocctdh.exe] C:\Users\jbr\AppData\Roaming\Pgvvpwwaqgocctdh.exe () O4 - HKU\S-1-5-21-649295582-2107987914-6498272-10032..\Run: [WINSXS32] C:\Users\jbr\AppData\Local\Temp\trjritnskgkpdjk.exe () O4 - Startup: C:\Users\jbr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\jbr\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-649295582-2107987914-6498272-10032\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-649295582-2107987914-6498272-10032\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-649295582-2107987914-6498272-10032\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-649295582-2107987914-6498272-10032\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1 O7 - HKU\S-1-5-21-649295582-2107987914-6498272-10032\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O7 - HKU\S-1-5-21-649295582-2107987914-6498272-10032\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = msimn.exe O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm () O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-649295582-2107987914-6498272-10032\..Trusted Domains: rekarubber.local ([]* in Local intranet) O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {6C9B3550-8DF6-415D-9B8F-4B1E74D08355} http://192.168.2.102/IndigoScreen.cab (IndigoScreen2 ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {FC4EE151-0923-4495-9B21-AEC164EC9BAA} http://podgladacz/WebWaveletLive.cab (WebWaveletLive Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.201.53 213.199.225.14 82.160.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rekarubber.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A08271C-451D-4954-9715-7EDBA7495D1A}: DhcpNameServer = 192.168.201.53 213.199.225.14 82.160.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28927AEC-656A-42DF-A93B-B17B9696AC38}: NameServer = 213.158.199.1 213.158.199.5 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A25CA807-686B-42CC-B35A-1CC8A16EE4A7}: DhcpNameServer = 192.168.201.53 213.199.225.14 82.160.1.1 O18:[b]64bit:[/b] - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files\QlikView\QvProtocol\qvp.dll (QlikTech AB) O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll (QlikTech AB) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013-04-12 10:58:44 | 000,126,587 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O32 - AutoRun File - [2010-09-14 00:53:20 | 000,000,000 | RHSD | M] - N:\autodesk Inventor -- [ NTFS ] O32 - AutoRun File - [2010-09-14 00:53:19 | 000,000,000 | RHSD | M] - N:\autodesk inventor 11 viewer -- [ NTFS ] O32 - AutoRun File - [2010-09-14 00:53:19 | 000,000,000 | RHSD | M] - N:\autodesk inventor 11 viewer -- [ NTFS ] O32 - AutoRun File - [2010-09-14 00:53:20 | 000,000,000 | RHSD | M] - N:\autodesk Inventor -- [ NTFS ] O32 - AutoRun File - [2013-04-12 16:18:27 | 000,005,815 | RHS- | M] () - N:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2013-04-12 16:19:07 | 000,003,521 | RHS- | M] () - O:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011-09-19 09:11:14 | 001,016,140 | RHS- | M] () - Q:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-04-12 12:46:07 | 000,000,000 | ---D | C] -- C:\Users\jbr\Desktop\Florence_And_The_Machine-Between_Two_Lungs-2CD-2010-CaHeSo [2013-04-12 08:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-04-11 14:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoMapa [2013-04-11 13:53:52 | 000,000,000 | ---D | C] -- C:\Users\jbr\Desktop\AUTOMAPA_6.12_FINAL_EU [2013-04-11 12:42:15 | 000,000,000 | ---D | C] -- C:\Users\jbr\Desktop\AUTOMAPA_6.12_1302_FINAL_PL [2013-04-11 10:36:51 | 000,000,000 | ---D | C] -- C:\Users\jbr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat [2013-04-11 10:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat [2013-04-11 10:36:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDirStat [2013-04-10 15:00:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013-04-10 15:00:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013-04-10 15:00:41 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-04-10 15:00:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-04-10 15:00:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013-04-10 15:00:40 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013-04-10 15:00:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013-04-10 15:00:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013-04-10 15:00:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013-04-10 15:00:39 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-04-10 15:00:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013-04-10 15:00:39 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-04-10 15:00:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-04-10 15:00:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-04-10 15:00:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013-04-10 08:15:07 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013-04-10 08:15:06 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013-04-10 08:15:06 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll [2013-04-10 08:15:06 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll [2013-04-10 08:15:06 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll [2013-04-10 08:15:06 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll [2013-04-10 08:15:01 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-04-10 08:15:00 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-04-10 08:15:00 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-04-10 08:15:00 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013-04-10 08:15:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013-04-10 08:15:00 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013-04-04 09:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak [2013-04-03 08:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin [2013-03-27 09:47:41 | 000,000,000 | ---D | C] -- C:\Users\jbr\AppData\Roaming\Passware [2013-03-27 09:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel Password Recovery [2013-03-27 09:32:05 | 000,000,000 | ---D | C] -- C:\Users\jbr\Documents\My Password Recovery [2013-03-27 09:32:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intelore [2013-03-26 09:56:46 | 014,298,728 | ---- | C] (Kingsoft Corporation) -- C:\Users\jbr\Desktop\kav_setup.exe [2013-03-26 08:17:25 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys [2013-03-26 08:17:25 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013-03-22 15:33:43 | 000,017,280 | ---- | C] (Scott) -- C:\Windows\SysNative\drivers\USBDrv_AMD64.sys [2013-03-22 12:26:16 | 000,000,000 | -H-D | C] -- C:\Users\jbr\Documents\.4sh [2013-03-22 12:25:54 | 000,000,000 | ---D | C] -- C:\ProgramData\4shared Desktop [2013-03-21 14:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer [2013-03-21 14:56:58 | 000,000,000 | ---D | C] -- C:\wamp [2013-03-21 13:57:23 | 000,000,000 | ---D | C] -- C:\xampp [2013-03-20 10:40:45 | 000,000,000 | ---D | C] -- C:\Users\jbr\VirtualBox VMs [2013-03-20 10:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2013-03-20 10:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2013-03-20 10:21:51 | 000,000,000 | ---D | C] -- C:\Users\jbr\AppData\Roaming\NVIDIA [2013-03-15 20:14:04 | 000,131,856 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys [2013-03-15 20:13:04 | 000,204,048 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNobj.dll [2013-03-15 15:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes [2012-10-26 22:55:51 | 000,483,328 | ---- | C] (Simon Tatham) -- C:\Program Files (x86)\putty.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-04-12 16:20:14 | 000,023,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-04-12 16:20:14 | 000,023,392 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-04-12 16:18:45 | 000,794,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-04-12 16:18:45 | 000,662,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-04-12 16:18:45 | 000,125,310 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-04-12 16:18:22 | 000,000,110 | ---- | M] () -- C:\Windows\SysNative\null [2013-04-12 16:18:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-04-12 16:18:02 | 2054,868,991 | -HS- | M] () -- C:\hiberfil.sys [2013-04-12 16:00:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-04-12 13:05:16 | 000,101,376 | RH-- | M] () -- C:\Users\jbr\AppData\Roaming\Pgvvpwwaqgocctdh.exe [2013-04-12 12:44:52 | 000,000,600 | ---- | M] () -- C:\Users\jbr\AppData\Local\PUTTY.RND [2013-04-12 09:21:38 | 000,000,378 | ---- | M] () -- C:\ProgramData\LastUpdate.xml [2013-04-12 09:21:22 | 000,000,207 | ---- | M] () -- C:\Windows\WebUpdateSvc4.INI [2013-04-12 08:21:19 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-04-12 08:21:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-04-11 15:00:50 | 000,001,986 | -H-- | M] () -- C:\Users\jbr\Documents\Default.rdp [2013-04-11 10:36:51 | 000,001,027 | ---- | M] () -- C:\Users\jbr\Desktop\WinDirStat.lnk [2013-04-11 08:05:03 | 000,419,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-04-06 04:04:50 | 1717,914,704 | ---- | M] () -- C:\Users\jbr\Desktop\GP070008.MP4 [2013-04-05 10:10:55 | 3217,289,216 | ---- | M] () -- C:\Users\jbr\Desktop\AUTOMAPA_6.12_FINAL_EU.iso [2013-04-05 08:25:47 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013-04-02 16:56:10 | 000,009,833 | ---- | M] () -- C:\Users\jbr\Desktop\read-acl-gui.ps1 [2013-03-28 09:28:40 | 000,001,009 | ---- | M] () -- C:\Users\jbr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-03-26 09:57:08 | 014,298,728 | ---- | M] (Kingsoft Corporation) -- C:\Users\jbr\Desktop\kav_setup.exe [2013-03-22 19:40:28 | 001,751,825 | ---- | M] () -- C:\Users\jbr\Desktop\Kiyosaki - Kwadrant przeplywu pieniedzy.pdf [2013-03-22 15:33:43 | 000,017,280 | ---- | M] (Scott) -- C:\Windows\SysNative\drivers\USBDrv_AMD64.sys [2013-03-22 15:33:43 | 000,002,987 | ---- | M] () -- C:\Windows\SysNative\drivers\USBDrv.inf [2013-03-21 14:57:33 | 000,000,613 | ---- | M] () -- C:\Users\jbr\Application Data\Microsoft\Internet Explorer\Quick Launch\WampServer.lnk [2013-03-21 14:57:33 | 000,000,589 | ---- | M] () -- C:\Users\jbr\Desktop\WampServer.lnk [2013-03-20 10:24:11 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk [2013-03-19 08:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-03-19 07:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013-03-19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-03-19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-03-19 06:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013-03-19 05:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013-03-18 09:31:05 | 000,003,106 | ---- | M] () -- C:\Users\jbr\advanced_ip_scanner_MAC.bin [2013-03-16 14:30:14 | 001,291,625 | ---- | M] () -- C:\Users\jbr\Desktop\bogaty ojciec biedny ojciec.pdf [2013-03-15 20:14:04 | 000,131,856 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys [2013-03-15 20:13:04 | 000,204,048 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\VBoxNetFltNobj.dll [2013-03-15 09:46:00 | 000,001,021 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-04-12 15:40:31 | 000,101,376 | RH-- | C] () -- C:\Users\jbr\AppData\Roaming\Pgvvpwwaqgocctdh.exe [2013-04-11 11:49:20 | 000,009,833 | ---- | C] () -- C:\Users\jbr\Desktop\read-acl-gui.ps1 [2013-04-11 10:36:51 | 000,001,027 | ---- | C] () -- C:\Users\jbr\Desktop\WinDirStat.lnk [2013-04-10 08:17:20 | 1717,914,704 | ---- | C] () -- C:\Users\jbr\Desktop\GP070008.MP4 [2013-04-05 10:00:27 | 3217,289,216 | ---- | C] () -- C:\Users\jbr\Desktop\AUTOMAPA_6.12_FINAL_EU.iso [2013-04-05 08:25:47 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013-03-26 11:27:08 | 001,751,825 | ---- | C] () -- C:\Users\jbr\Desktop\Kiyosaki - Kwadrant przeplywu pieniedzy.pdf [2013-03-26 11:27:08 | 001,291,625 | ---- | C] () -- C:\Users\jbr\Desktop\bogaty ojciec biedny ojciec.pdf [2013-03-22 15:33:43 | 000,002,987 | ---- | C] () -- C:\Windows\SysNative\drivers\USBDrv.inf [2013-03-21 14:57:33 | 000,000,613 | ---- | C] () -- C:\Users\jbr\Application Data\Microsoft\Internet Explorer\Quick Launch\WampServer.lnk [2013-03-21 14:57:33 | 000,000,589 | ---- | C] () -- C:\Users\jbr\Desktop\WampServer.lnk [2013-03-18 09:31:05 | 000,003,106 | ---- | C] () -- C:\Users\jbr\advanced_ip_scanner_MAC.bin [2013-03-15 09:46:00 | 000,001,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk [2013-03-08 13:52:16 | 000,144,988 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2013-02-26 15:49:55 | 000,000,345 | ---- | C] () -- C:\Windows\fslaunch.ini [2012-12-11 12:33:34 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe [2012-10-20 11:09:48 | 000,000,378 | ---- | C] () -- C:\ProgramData\LastUpdate.xml [2012-10-20 11:09:47 | 000,000,207 | ---- | C] () -- C:\Windows\WebUpdateSvc4.INI [2012-10-16 11:41:27 | 000,000,014 | ---- | C] () -- C:\Windows\hpmssnpjt.ini [2012-07-13 09:54:02 | 000,000,041 | ---- | C] () -- C:\Windows\WEBWAV~1.INI [2012-07-06 15:35:55 | 000,006,550 | ---- | C] () -- C:\Users\jbr\AppData\Local\recently-used.xbel [2012-06-08 13:48:48 | 000,000,600 | ---- | C] () -- C:\Users\jbr\AppData\Local\PUTTY.RND [2012-03-26 11:29:42 | 000,223,808 | ---- | C] () -- C:\Users\jbr\AppData\Local\wanancsp.dat [2012-03-26 11:28:47 | 000,223,808 | ---- | C] () -- C:\Users\jbr\AppData\Roaming\wanancsp.dat [2012-03-22 17:16:03 | 000,007,638 | ---- | C] () -- C:\Users\jbr\AppData\Local\Resmon.ResmonCfg [2012-03-20 17:14:29 | 000,033,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2012-03-20 12:18:09 | 000,003,854 | RHS- | C] () -- C:\Users\jbr\ntuser.pol [2012-03-19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012-03-19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012-03-13 14:09:22 | 000,011,596 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012-03-07 15:01:20 | 000,417,600 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012-02-29 15:49:11 | 000,035,265 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2012-02-29 15:42:07 | 000,780,426 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-02-29 15:04:50 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012-02-29 14:16:01 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini [2012-02-14 19:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012-02-14 19:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011-09-17 15:44:53 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\Uninstow.exe [2011-08-31 20:51:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-02-29 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe Limited [2012-02-29 17:42:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Copernic [2012-02-29 15:06:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nokia [2012-02-29 15:06:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PC Suite [2012-02-29 15:04:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\pdfforge [2012-02-29 16:30:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PwrMgr [2012-02-29 17:48:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\QlikTech [2012-03-13 14:31:41 | 000,000,000 | ---D | M] -- C:\Users\administrator.RUBBERDOM\AppData\Roaming\PwrMgr [2012-07-19 14:36:29 | 000,000,000 | ---D | M] -- C:\Users\administrator.RUBBERDOM\AppData\Roaming\Rainmeter [2012-05-30 11:24:22 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\Autodesk [2012-03-27 17:33:54 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\Canneverbe Limited [2012-03-21 14:47:44 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\Copernic [2013-01-31 10:33:04 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\DiskAid [2013-04-12 16:18:31 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\Dropbox [2013-03-15 09:25:26 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\DVDVideoSoft [2013-01-17 14:48:18 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\Garmin [2012-10-01 12:13:55 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\HateML [2012-09-10 09:39:02 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\HEXelon [2013-03-21 13:52:48 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\ihelper [2012-05-18 08:24:31 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\ImgBurn [2012-10-17 09:44:46 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\IsolatedStorage [2012-03-23 11:30:33 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\Leadertech [2012-06-06 22:54:04 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\LSC [2012-06-22 12:15:19 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\Minolta [2012-05-31 11:09:38 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\NAVIGON Fresh [2012-06-06 11:42:08 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\Nokia [2013-03-27 09:47:41 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\Passware [2012-06-06 10:58:22 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\PC Suite [2012-03-20 16:56:22 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\PwrMgr [2012-03-30 10:46:27 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\QlikTech [2012-03-26 16:19:42 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\Rainmeter [2012-10-15 13:40:21 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\redsn0w [2012-03-26 17:16:16 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\Softarium.com [2012-03-21 15:08:03 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\stamina [2012-03-27 10:51:56 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\TeamViewer [2012-04-13 14:17:19 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\TightVNC [2012-11-27 12:28:51 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\TomTom [2012-03-26 11:29:18 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\WMCore [2012-10-18 12:51:17 | 000,000,000 | ---D | M] -- C:\Users\jbr\AppData\Roaming\XnView [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE < End of report >