OTL logfile created on: 2013-10-19 15:13:12 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tds\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16721) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 6,00 Gb Total Physical Memory | 4,11 Gb Available Physical Memory | 68,46% Memory free 8,00 Gb Paging File | 5,81 Gb Available in Paging File | 72,66% Paging File free Paging file location(s): c:\pagefile.sys 2048 2048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 30,61 Gb Free Space | 27,38% Space Free | Partition Type: NTFS Drive D: | 811,32 Gb Total Space | 347,04 Gb Free Space | 42,77% Space Free | Partition Type: NTFS Drive E: | 232,88 Gb Total Space | 37,63 Gb Free Space | 16,16% Space Free | Partition Type: NTFS Drive F: | 585,94 Gb Total Space | 219,96 Gb Free Space | 37,54% Space Free | Partition Type: NTFS Drive X: | 76,69 Gb Total Space | 34,93 Gb Free Space | 45,55% Space Free | Partition Type: NTFS Computer Name: TDSXXX | User Name: tds | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-10-19 15:11:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tds\Desktop\OTL.scr PRC - [2013-10-11 17:46:58 | 000,960,014 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minert\cgminer.exe PRC - [2013-10-05 13:38:46 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013-10-01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2013-10-01 13:14:39 | 012,631,904 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe PRC - [2013-10-01 13:05:43 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe PRC - [2013-09-19 04:39:36 | 001,688,723 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minerd\bfgminer.exe PRC - [2013-09-17 22:22:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013-09-12 01:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013-07-12 18:16:23 | 000,595,144 | ---- | M] (Murray Hurps Software Pty Ltd) -- C:\Program Files (x86)\Ad Muncher\AdMunch.exe PRC - [2013-05-23 07:17:00 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2013-05-23 07:16:56 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2013-05-23 07:16:52 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-02-13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2013-01-03 17:59:17 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012-11-27 06:08:38 | 000,097,152 | ---- | M] (Maxthon International ltd.) -- C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe PRC - [2012-11-26 14:34:12 | 001,329,304 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2012-04-17 16:19:32 | 002,614,080 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe PRC - [2011-09-16 06:21:32 | 000,432,952 | ---- | M] (QFX Software Corporation) -- C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe PRC - [2009-12-21 08:00:50 | 000,081,920 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe PRC - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe PRC - [2001-06-10 18:28:02 | 000,246,272 | ---- | M] () -- C:\Program Files (x86)\Wallpaper Changer\WallPaper.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-10-11 17:46:58 | 000,960,014 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minert\cgminer.exe MOD - [2013-10-11 17:46:58 | 000,538,126 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minert\libcurl-4.dll MOD - [2013-10-11 17:46:58 | 000,084,992 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minert\zlib1.dll MOD - [2013-10-09 23:29:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef63e29e24bf73b2a8659e13aa18fbbb\System.Runtime.Remoting.ni.dll MOD - [2013-10-09 21:41:23 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e9147e4c70d4e387dc4aea59ce0a219a\PresentationFramework.ni.dll MOD - [2013-10-09 21:41:12 | 011,527,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll MOD - [2013-10-09 21:41:07 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll MOD - [2013-10-09 21:41:03 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll MOD - [2013-10-09 21:41:02 | 001,014,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll MOD - [2013-10-05 13:38:45 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013-09-19 04:39:36 | 001,688,723 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minerd\bfgminer.exe MOD - [2013-09-19 04:39:36 | 000,599,040 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minerd\backtrace.dll MOD - [2013-09-19 04:39:36 | 000,369,664 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minerd\libcurl-4.dll MOD - [2013-09-19 04:39:36 | 000,132,096 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minerd\libplibc-1.dll MOD - [2013-09-19 04:39:36 | 000,109,568 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minerd\zlib1.dll MOD - [2013-09-19 04:39:36 | 000,102,912 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minerd\pdcurses.dll MOD - [2013-09-19 04:39:36 | 000,082,944 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minerd\libmicrohttpd-10.dll MOD - [2013-09-19 04:39:36 | 000,052,736 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minerd\libjansson-4.dll MOD - [2013-09-19 04:39:36 | 000,044,781 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minerd\libblkmaker-0.1-0.dll MOD - [2013-09-19 04:39:36 | 000,040,717 | ---- | M] () -- C:\Users\tds\AppData\Roaming\minerd\libblkmaker_jansson-0.1-0.dll MOD - [2013-09-14 00:03:58 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll MOD - [2013-09-14 00:03:10 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll MOD - [2013-09-13 21:52:44 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll MOD - [2013-09-13 21:52:40 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll MOD - [2013-07-20 19:03:26 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll MOD - [2013-04-04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2013-02-13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2013-02-13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2012-08-03 06:15:26 | 000,258,944 | ---- | M] () -- C:\Program Files (x86)\Maxthon3\Bin\Maxzlib.dll MOD - [2007-09-02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007-09-02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll MOD - [2007-08-28 10:22:44 | 000,108,544 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.dll MOD - [2007-05-28 11:28:02 | 000,069,120 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.dll MOD - [2007-04-09 08:42:00 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll MOD - [2001-06-10 18:28:02 | 000,246,272 | ---- | M] () -- C:\Program Files (x86)\Wallpaper Changer\WallPaper.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2013-07-27 09:50:22 | 014,984,480 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV:[b]64bit:[/b] - [2012-11-26 14:34:12 | 001,329,304 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2011-09-27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013-10-09 14:28:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-10-05 13:38:45 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-10-01 13:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013-09-17 22:22:24 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013-09-12 01:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013-09-05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-05-29 19:05:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService) SRV - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-01-03 17:59:17 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011-03-16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2013-08-20 07:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2013-08-20 07:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2013-05-14 20:28:40 | 000,039,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:[b]64bit:[/b] - [2013-02-12 05:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:[b]64bit:[/b] - [2013-02-01 09:43:00 | 000,052,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:[b]64bit:[/b] - [2013-02-01 09:43:00 | 000,025,120 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:[b]64bit:[/b] - [2012-11-28 10:07:58 | 000,057,904 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2012-10-08 09:21:08 | 000,189,208 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2012-10-08 09:21:08 | 000,149,592 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2012-10-08 09:21:08 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF) DRV:[b]64bit:[/b] - [2012-10-08 09:21:06 | 000,211,344 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2012-08-26 10:22:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2012-08-23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2012-08-23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012-08-23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2012-08-23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012-02-15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:[b]64bit:[/b] - [2011-11-02 18:17:26 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-11-02 18:17:26 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2011-09-14 14:58:46 | 000,274,616 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler) DRV:[b]64bit:[/b] - [2011-09-02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:[b]64bit:[/b] - [2011-09-02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:[b]64bit:[/b] - [2011-08-02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:[b]64bit:[/b] - [2011-06-10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2011-05-02 11:41:22 | 000,040,744 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC600e.sys -- (DC600e) DRV:[b]64bit:[/b] - [2011-05-02 11:41:14 | 000,049,752 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC324e.sys -- (DC324e) DRV:[b]64bit:[/b] - [2011-05-02 11:41:06 | 000,040,344 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC300e.sys -- (DC300e) DRV:[b]64bit:[/b] - [2011-05-02 11:40:56 | 000,048,328 | ---- | M] (Dawicontrol GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DC3410.sys -- (DC3410) DRV:[b]64bit:[/b] - [2011-05-02 11:40:50 | 000,048,360 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC4300.sys -- (DC4300) DRV:[b]64bit:[/b] - [2011-05-02 11:40:42 | 000,048,136 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC154.sys -- (DC154) DRV:[b]64bit:[/b] - [2011-05-02 11:40:32 | 000,039,832 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC150.sys -- (DC150) DRV:[b]64bit:[/b] - [2011-05-02 11:40:20 | 000,039,320 | ---- | M] (Dawicontrol GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DC133.sys -- (DC133) DRV:[b]64bit:[/b] - [2011-03-07 10:01:46 | 000,313,136 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvs91xx.sys -- (mvs91xx) DRV:[b]64bit:[/b] - [2011-03-04 12:46:10 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:[b]64bit:[/b] - [2011-03-04 12:46:10 | 000,032,896 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:[b]64bit:[/b] - [2011-03-02 17:58:58 | 000,036,448 | ---- | M] (Asmedia Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64) DRV:[b]64bit:[/b] - [2011-02-14 07:08:24 | 000,024,880 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons) DRV:[b]64bit:[/b] - [2011-02-14 07:08:22 | 000,310,064 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:[b]64bit:[/b] - [2011-02-09 14:26:50 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci) DRV:[b]64bit:[/b] - [2010-12-02 18:23:46 | 000,161,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64) DRV:[b]64bit:[/b] - [2010-11-25 12:27:40 | 000,120,408 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-06 23:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter) DRV:[b]64bit:[/b] - [2010-11-06 08:45:46 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010-10-26 17:42:24 | 000,181,040 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx) DRV:[b]64bit:[/b] - [2010-09-23 16:48:52 | 000,264,272 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64.sys -- (ahcix64) DRV:[b]64bit:[/b] - [2010-06-15 01:09:18 | 000,465,488 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1) DRV:[b]64bit:[/b] - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:[b]64bit:[/b] - [2010-02-11 13:01:20 | 000,026,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64) DRV:[b]64bit:[/b] - [2010-02-11 13:00:22 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64) DRV:[b]64bit:[/b] - [2009-12-31 18:37:56 | 000,168,032 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr2522.sys -- (rr2522) DRV:[b]64bit:[/b] - [2009-12-31 18:23:58 | 000,162,400 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr2340.sys -- (rr2340) DRV:[b]64bit:[/b] - [2009-12-30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:[b]64bit:[/b] - [2009-12-21 14:56:12 | 000,155,232 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr62x.sys -- (rr62x) DRV:[b]64bit:[/b] - [2009-11-09 03:24:12 | 000,052,768 | ---- | M] (ARECA Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcm_a64.sys -- (arcm_a64) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-07 23:56:56 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:[b]64bit:[/b] - [2009-06-12 11:28:24 | 000,170,528 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\2310_00.sys -- (2310_00) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2009-05-25 17:56:54 | 000,017,440 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptiop.sys -- (hptiop) DRV:[b]64bit:[/b] - [2009-05-18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:[b]64bit:[/b] - [2009-02-09 10:25:04 | 000,333,864 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531) DRV:[b]64bit:[/b] - [2008-05-15 22:23:21 | 000,028,208 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:[b]64bit:[/b] - [2008-05-05 17:49:08 | 000,152,096 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr232x.sys -- (rr232x) DRV:[b]64bit:[/b] - [2007-11-13 15:47:18 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PnP680.sys -- (Pnp680) DRV:[b]64bit:[/b] - [2007-11-01 14:21:14 | 000,152,096 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv6.sys -- (hptmv6) DRV:[b]64bit:[/b] - [2007-11-01 14:20:10 | 000,153,632 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr2210.sys -- (rr2210) DRV:[b]64bit:[/b] - [2007-11-01 14:19:44 | 000,159,264 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr174x.sys -- (rr174x) DRV:[b]64bit:[/b] - [2007-11-01 14:19:04 | 000,124,448 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rr172x.sys -- (rr172x) DRV:[b]64bit:[/b] - [2007-10-03 15:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter) DRV:[b]64bit:[/b] - [2007-10-03 15:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil) DRV:[b]64bit:[/b] - [2007-10-03 15:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132) DRV:[b]64bit:[/b] - [2007-09-13 10:42:54 | 000,177,536 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiHFF32.sys -- (SaiHFF32) DRV:[b]64bit:[/b] - [2007-09-13 10:42:54 | 000,020,864 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiIFF32.sys -- (SaiIFF32) DRV:[b]64bit:[/b] - [2007-06-13 01:55:56 | 001,272,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17) DRV:[b]64bit:[/b] - [2007-04-11 15:02:42 | 000,163,632 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114r.sys -- (SI3114r) DRV:[b]64bit:[/b] - [2007-02-01 16:53:08 | 000,164,656 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3112r.sys -- (SI3112r) DRV:[b]64bit:[/b] - [2006-11-10 11:48:48 | 000,099,120 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114.sys -- (SI3114) DRV:[b]64bit:[/b] - [2006-11-02 16:25:04 | 000,113,456 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3124.sys -- (SI3124) DRV:[b]64bit:[/b] - [2006-09-20 11:38:28 | 000,334,640 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5) DRV:[b]64bit:[/b] - [2006-09-18 14:26:04 | 000,093,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv.sys -- (hptmv) DRV - [2012-08-25 12:59:56 | 000,042,081 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\gmer.sys -- (Gmer) DRV - [2010-06-14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008-11-14 02:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2006-07-24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKLM\..\SearchScopes,DefaultScope = {1F6E33D8-5929-47E3-90E6-D269865FDE37} IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylifeapp.com/?q={searchTerms}&pid=658&src=ie2&r=2013/05/27&hid=504504536&lg=EN&cc=GB IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={BBDA8324-51B8-11E2-9285-00242139113A} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl IE - HKU\.DEFAULT\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl IE - HKU\S-1-5-18\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?searchsource=10&cui=un39948887164765202&um=2&ctid=ct3289847&sspv=tb_t5 IE - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\..\SearchScopes,DefaultScope = {1F6E33D8-5929-47E3-90E6-D269865FDE37} IE - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylifeapp.com/?q={searchTerms}&pid=658&src=ie2&r=2013/05/27&hid=504504536&lg=EN&cc=GB IE - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A61D00242139113A&affID=119357&tt=110713_9126&tsp=4942 IE - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\..\SearchScopes\{1F6E33D8-5929-47E3-90E6-D269865FDE37}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN39948887164765202&UM=2&SSPV=TB_T5 IE - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005&barid={BBDA8324-51B8-11E2-9285-00242139113A} IE - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2337871059-3691734657-1116950341-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl IE - HKU\S-1-5-21-2337871059-3691734657-1116950341-1007\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "chrome://fvd.speeddial/content/fvd_about_blank.html" FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: Noia4Options%40ArisT2:1.8.6 FF - prefs.js..extensions.enabledAddons: pavel.sherbakov%40gmail.com:4.4.9 FF - prefs.js..extensions.enabledAddons: %7Bfaf13420-5e24-11e0-80e3-0800200c9a66%7D:1.8.6 FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013-02-17 11:40:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-02-17 11:40:40 | 000,000,000 | ---D | M] [2013-05-12 17:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tds\AppData\Roaming\mozilla\Extensions [2013-05-12 17:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tds\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012-06-03 15:14:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tds\AppData\Roaming\mozilla\Firefox\extensions [2012-06-03 15:14:43 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\tds\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2013-10-10 14:42:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tds\AppData\Roaming\mozilla\Firefox\Profiles\wrqlud0v.default\extensions [2013-10-04 11:50:01 | 000,000,000 | ---D | M] ("FVD Speed Dial with Full Online Sync") -- C:\Users\tds\AppData\Roaming\mozilla\Firefox\Profiles\wrqlud0v.default\extensions\pavel.sherbakov@gmail.com [2013-09-06 17:08:29 | 000,088,432 | R--- | M] () (No name found) -- C:\Users\tds\AppData\Roaming\mozilla\firefox\profiles\wrqlud0v.default\extensions\Noia4Options@ArisT2.xpi [2013-10-05 13:52:39 | 000,930,500 | ---- | M] () (No name found) -- C:\Users\tds\AppData\Roaming\mozilla\firefox\profiles\wrqlud0v.default\extensions\{69d0119c-32f1-4766-82d7-617f04d5643b}.xpi [2013-10-10 14:42:29 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\tds\AppData\Roaming\mozilla\firefox\profiles\wrqlud0v.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-27 21:17:07 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\tds\AppData\Roaming\mozilla\firefox\profiles\wrqlud0v.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-09-06 17:08:29 | 001,449,144 | R--- | M] () (No name found) -- C:\Users\tds\AppData\Roaming\mozilla\firefox\profiles\wrqlud0v.default\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi [2013-07-13 11:30:49 | 000,001,294 | ---- | M] () -- C:\Users\tds\AppData\Roaming\mozilla\firefox\profiles\wrqlud0v.default\searchplugins\delta.xml [2013-07-13 11:30:37 | 000,008,079 | ---- | M] () -- C:\Users\tds\AppData\Roaming\mozilla\firefox\profiles\wrqlud0v.default\searchplugins\Firefox.xml [2013-10-05 13:38:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013-10-05 13:38:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013-10-05 13:38:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://www.gazeta.pl/0,0.html?p=142 CHR - Extension: No name found = C:\Users\tds\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfhmmhhjhnenaipagdebalgafgjheikj\1\ CHR - Extension: No name found = C:\Users\tds\AppData\Local\Google\Chrome\User Data\Default\Extensions\imbdnjhfhbphlidghpjgfgmdnbmmklcc\1\ O1 HOSTS File: ([2013-10-10 19:12:19 | 000,000,925 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 genuine.microsoft.com O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com O1 - Hosts: 127.0.0.1 sls.microsoft.com O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek) O4:[b]64bit:[/b] - HKLM..\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek) O4 - HKLM..\Run: [Ad Muncher] C:\Program Files (x86)\Ad Muncher\AdMunch.exe (Murray Hurps Software Pty Ltd) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe File not found O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" File not found O4 - HKLM..\Run: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe (QFX Software Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000..\Run: [AQQ] C:\Program Files (x86)\AQQ\AQQ.exe (AQQ Sp. z o.o.) O4 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000..\Run: [Hoolapp Android] "C:\Users\tds\AppData\Roaming\HOOLAP~1\Hoolapp.exe" /Minimized File not found O4 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) O4 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000..\Run: [minerd] C:\Users\tds\AppData\Roaming\minerd\nircmd.exe (NirSoft) O4 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000..\Run: [minert] C:\Users\tds\AppData\Roaming\minert\nircmd.exe (NirSoft) O4 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC) O4 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\pokki.exe" File not found O4 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000..\Run: [WallPaper] C:\Program Files (x86)\Wallpaper Changer\WallPaper.exe () O4 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1007..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2012-06-03 12:52:33 | 000,000,000 | -H-D | M] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1 O7 - HKU\S-1-5-21-2337871059-3691734657-1116950341-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8:[b]64bit:[/b] - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\tds\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\tds\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation) O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D9048EF-E9E9-4CE9-BBE1-6F9B4F082FEB}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80A92FE6-99C1-4139-A165-7496DCF7F7EB}: DhcpNameServer = 172.30.139.17 172.31.139.17 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD87BF39-C542-486A-8F8D-945CC03965ED}: DhcpNameServer = 192.168.2.1 O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll) - C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxinput.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{04be7340-bd02-11e1-b422-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{271d79f9-ef5f-11e1-84c9-00242139113a}\Shell - "" = AutoRun O33 - MountPoints2\{271d79f9-ef5f-11e1-84c9-00242139113a}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\{271d79fe-ef5f-11e1-84c9-00242139113a}\Shell - "" = AutoRun O33 - MountPoints2\{271d79fe-ef5f-11e1-84c9-00242139113a}\Shell\AutoRun\command - "" = H:\DisneySplash.exe O33 - MountPoints2\{38455dc3-ad6d-11e1-8d28-00242139113a}\Shell - "" = AutoRun O33 - MountPoints2\{38455dc3-ad6d-11e1-8d28-00242139113a}\Shell\AutoRun\command - "" = S:\DPFMate.exe O33 - MountPoints2\{75144e7a-ad71-11e1-9150-00242139113a}\Shell - "" = AutoRun O33 - MountPoints2\{75144e7a-ad71-11e1-9150-00242139113a}\Shell\AutoRun\command - "" = N:\Setup.exe O33 - MountPoints2\{75144e7c-ad71-11e1-9150-00242139113a}\Shell - "" = AutoRun O33 - MountPoints2\{75144e7c-ad71-11e1-9150-00242139113a}\Shell\AutoRun\command - "" = O:\setup.exe O33 - MountPoints2\{98b62a00-d235-11e1-99ba-00242139113a}\Shell - "" = AutoRun O33 - MountPoints2\{98b62a00-d235-11e1-99ba-00242139113a}\Shell\AutoRun\command - "" = S:\DPFMate.exe O33 - MountPoints2\{f5621723-2663-11e2-a20a-00242139113a}\Shell - "" = AutoRun O33 - MountPoints2\{f5621723-2663-11e2-a20a-00242139113a}\Shell\AutoRun\command - "" = O:\Setup.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\N\Shell - "" = AutoRun O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-10-19 15:18:05 | 001,954,124 | ---- | C] (Farbar) -- C:\Users\tds\Desktop\FRST64.exe [2013-10-19 15:11:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tds\Desktop\OTL.scr [2013-10-19 14:33:03 | 000,000,000 | ---D | C] -- C:\Users\tds\Documents\Multisoft [2013-10-19 14:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forward Development [2013-10-18 20:55:47 | 000,000,000 | ---D | C] -- C:\Users\tds\AppData\Roaming\minert [2013-10-18 17:02:25 | 000,000,000 | ---D | C] -- C:\Users\tds\AppData\Local\Daedalic Entertainment [2013-10-10 19:43:08 | 000,000,000 | ---D | C] -- C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server [2013-10-10 19:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RivaTuner Statistics Server [2013-10-10 19:42:50 | 000,000,000 | ---D | C] -- C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EVGA Precision X [2013-10-10 19:42:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision X [2013-10-10 19:42:23 | 000,000,000 | ---D | C] -- C:\Users\tds\AppData\Roaming\minerd [2013-10-10 19:12:20 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll [2013-10-10 19:12:20 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sppcomapi.dll [2013-10-09 21:44:06 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-10-09 21:44:06 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-10-09 21:44:05 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-10-09 21:44:05 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-10-09 21:44:05 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-10-09 21:44:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-10-09 21:44:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-10-09 21:44:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-10-09 21:44:05 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-10-09 21:44:05 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-10-09 21:44:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-10-09 21:44:04 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-10-09 21:44:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-10-09 21:44:04 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-10-09 21:44:03 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-10-09 21:31:31 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013-10-09 21:31:30 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013-10-09 21:31:30 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013-10-09 21:31:30 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013-10-09 21:31:30 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2013-10-09 21:31:30 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll [2013-10-09 21:31:30 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll [2013-10-09 21:31:30 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013-10-09 21:31:30 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013-10-09 21:31:30 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013-10-09 21:31:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013-10-09 21:31:30 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013-10-09 21:31:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013-10-09 21:31:29 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll [2013-10-09 21:31:26 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll [2013-10-09 09:37:25 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2013-10-09 09:37:25 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013-10-09 09:37:25 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013-10-09 09:37:25 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013-10-09 09:37:25 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2013-10-09 09:37:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013-10-09 09:37:25 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll [2013-10-09 09:37:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013-10-09 09:37:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll [2013-10-09 09:37:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013-10-09 09:37:24 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys [2013-10-09 09:37:22 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2013-10-09 09:37:22 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2013-10-09 09:37:22 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2013-10-09 09:37:22 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [2013-10-05 13:38:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013-10-02 19:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MailShare [2013-10-02 19:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\MailShare [2013-10-02 18:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\5th Cell Media [2013-09-29 14:50:14 | 000,000,000 | ---D | C] -- C:\Users\tds\Documents\ZootFly [2013-09-25 19:20:19 | 000,000,000 | ---D | C] -- C:\Users\tds\Documents\Euro Truck Simulator 2 [2013-09-23 22:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Conceiva [2013-09-23 21:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013-09-23 21:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2013-09-22 11:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\rionix [2013-09-22 11:15:05 | 000,000,000 | ---D | C] -- C:\Users\tds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alawar.pl [2013-09-22 11:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alawar.pl [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-10-19 15:18:05 | 001,954,124 | ---- | M] (Farbar) -- C:\Users\tds\Desktop\FRST64.exe [2013-10-19 15:16:11 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-10-19 15:11:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tds\Desktop\OTL.scr [2013-10-19 15:07:22 | 001,671,464 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-10-19 15:07:22 | 000,741,116 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2013-10-19 15:07:22 | 000,654,880 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-10-19 15:07:22 | 000,155,712 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2013-10-19 15:07:22 | 000,121,752 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-10-19 15:01:36 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-10-19 15:01:28 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\schedule!3036567561.job [2013-10-19 15:01:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-10-19 15:00:29 | 000,000,356 | ---- | M] () -- C:\Users\tds\defogger_reenable [2013-10-19 15:00:13 | 000,050,477 | ---- | M] () -- C:\Users\tds\Desktop\Defogger.exe [2013-10-19 14:39:45 | 000,201,802 | ---- | M] () -- C:\Windows\SysWow64\poclbm130302GeForce 8800 GTv1w256l4.bin [2013-10-19 14:30:37 | 000,000,074 | ---- | M] () -- C:\Users\tds\Desktop\Product activation info.url [2013-10-19 14:30:14 | 000,004,186 | ---- | M] () -- C:\Windows\SysNative\notepad.ini [2013-10-19 14:28:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-10-18 20:45:29 | 000,000,218 | ---- | M] () -- C:\Users\tds\AppData\Local\recently-used.xbel [2013-10-18 15:02:11 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_DEFAULT.job [2013-10-17 17:25:35 | 000,001,393 | ---- | M] () -- C:\Users\tds\Desktop\LEGOMarvelDemo.exe.lnk [2013-10-16 19:42:11 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_UPDATES.job [2013-10-13 13:56:37 | 000,012,123 | ---- | M] () -- C:\Users\tds\Desktop\Cube.exe.lnk [2013-10-13 04:10:20 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-10-13 04:10:20 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-10-10 21:28:56 | 000,201,802 | ---- | M] () -- C:\Windows\SysWow64\poclbm130302GeForce8800GTv1w256l4pOpenCL1_1CUDA4_2_1.bin [2013-10-10 19:42:50 | 000,001,052 | ---- | M] () -- C:\Users\tds\Desktop\EVGA Precision X.lnk [2013-10-10 19:12:26 | 000,002,048 | ---- | M] () -- C:\Windows\SysWow64\winver.exe [2013-10-10 19:12:23 | 000,410,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\systemcpl.dll [2013-10-10 19:12:21 | 000,001,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\sppcomapi.dll [2013-10-10 19:12:20 | 000,113,543 | ---- | M] () -- C:\Windows\SysWow64\slmgr.vbs [2013-10-09 22:22:20 | 000,421,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013-10-09 22:17:40 | 000,131,507 | ---- | M] () -- C:\Users\tds\Desktop\Order-13075006-Docs-101048.pdf [2013-10-09 21:41:57 | 001,646,666 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-10-09 14:28:30 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-10-09 14:28:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-10-02 19:17:24 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\MailShare.lnk [2013-10-02 18:35:47 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Scribblenauts Unmasked A DC Comics Adventure.lnk [2013-09-29 10:35:19 | 000,000,110 | ---- | M] () -- C:\.dir [2013-09-28 20:03:58 | 000,000,043 | ---- | M] () -- C:\Windows\MezzmoMediaServer.INI [2013-09-23 21:02:21 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013-09-23 00:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-09-23 00:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-09-23 00:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-09-23 00:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-09-23 00:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-09-22 23:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-09-22 23:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-09-22 23:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-09-22 23:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-09-22 23:54:50 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-09-22 23:54:50 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-09-22 23:54:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-09-22 23:54:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-09-22 17:46:53 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif [2013-09-22 11:15:15 | 000,001,180 | ---- | M] () -- C:\Users\tds\Desktop\Ekipa ratunkowa.lnk [2013-09-21 03:48:36 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-09-21 03:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-10-19 15:00:17 | 000,050,477 | ---- | C] () -- C:\Users\tds\Desktop\Defogger.exe [2013-10-19 14:39:45 | 000,201,802 | ---- | C] () -- C:\Windows\SysWow64\poclbm130302GeForce 8800 GTv1w256l4.bin [2013-10-19 14:30:37 | 000,000,074 | ---- | C] () -- C:\Users\tds\Desktop\Product activation info.url [2013-10-18 20:45:29 | 000,000,218 | ---- | C] () -- C:\Users\tds\AppData\Local\recently-used.xbel [2013-10-17 19:34:48 | 000,000,597 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Wolf Among Us.lnk [2013-10-17 17:25:35 | 000,001,393 | ---- | C] () -- C:\Users\tds\Desktop\LEGOMarvelDemo.exe.lnk [2013-10-13 13:56:37 | 000,012,123 | ---- | C] () -- C:\Users\tds\Desktop\Cube.exe.lnk [2013-10-12 14:11:01 | 000,001,048 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-10-10 21:28:56 | 000,201,802 | ---- | C] () -- C:\Windows\SysWow64\poclbm130302GeForce8800GTv1w256l4pOpenCL1_1CUDA4_2_1.bin [2013-10-10 19:42:50 | 000,001,052 | ---- | C] () -- C:\Users\tds\Desktop\EVGA Precision X.lnk [2013-10-10 19:12:20 | 000,113,543 | ---- | C] () -- C:\Windows\SysWow64\slmgr.vbs [2013-10-09 22:17:49 | 000,131,507 | ---- | C] () -- C:\Users\tds\Desktop\Order-13075006-Docs-101048.pdf [2013-10-02 19:17:24 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\MailShare.lnk [2013-10-02 19:17:18 | 000,206,848 | ---- | C] () -- C:\Windows\SysNative\unrar.dll [2013-10-02 18:35:47 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Scribblenauts Unmasked A DC Comics Adventure.lnk [2013-09-23 22:42:28 | 000,000,110 | ---- | C] () -- C:\.dir [2013-09-23 22:12:45 | 000,000,043 | ---- | C] () -- C:\Windows\MezzmoMediaServer.INI [2013-09-23 21:02:21 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013-09-22 11:15:15 | 000,001,180 | ---- | C] () -- C:\Users\tds\Desktop\Ekipa ratunkowa.lnk [2013-08-31 11:15:52 | 000,210,944 | ---- | C] () -- C:\Windows\SysWow64\msvcrt10.dll [2013-08-02 17:01:11 | 000,200,697 | ---- | C] () -- C:\Windows\SysWow64\poclbm121016GeForce 8800 GTv1w256l4.bin [2013-07-01 08:27:53 | 000,200,697 | ---- | C] () -- C:\Windows\SysWow64\poclbm121016GeForce 8800 GTSv1w256l4.bin [2013-06-24 22:45:03 | 000,910,322 | ---- | C] () -- C:\Users\tds\AppData\Local\census.cache [2013-06-24 22:44:53 | 000,131,409 | ---- | C] () -- C:\Users\tds\AppData\Local\ars.cache [2013-06-24 22:24:30 | 000,000,036 | ---- | C] () -- C:\Users\tds\AppData\Local\housecall.guid.cache [2013-06-02 17:01:40 | 000,000,135 | ---- | C] () -- C:\Windows\pdf2word.INI [2013-05-29 19:06:18 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe [2013-05-04 13:30:43 | 000,000,414 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013-03-22 21:38:36 | 000,000,308 | ---- | C] () -- C:\Windows\game.ini [2013-03-17 18:48:18 | 000,000,108 | ---- | C] () -- C:\Windows\disney.ini [2013-03-17 18:48:15 | 000,000,194 | ---- | C] () -- C:\Windows\disneysy.ini [2013-01-03 17:59:25 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-01-03 17:59:17 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012-11-20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012-11-12 13:49:25 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2012-11-12 13:47:27 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2012-09-28 20:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2012-09-26 21:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012-09-07 15:24:23 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2012-08-28 10:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012-08-28 10:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012-08-28 10:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012-08-28 10:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012-08-25 16:21:41 | 000,000,404 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012-08-25 16:21:41 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012-08-25 13:00:03 | 000,000,249 | ---- | C] () -- C:\Windows\gmer.ini [2012-08-25 12:46:02 | 000,000,356 | ---- | C] () -- C:\Users\tds\defogger_reenable [2012-08-01 22:39:30 | 000,051,712 | ---- | C] () -- C:\Windows\SysWow64\coodest.dll [2012-06-17 16:19:02 | 000,144,220 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012-06-17 10:23:55 | 000,000,600 | ---- | C] () -- C:\Users\tds\AppData\Roaming\winscp.rnd [2012-06-16 20:17:52 | 000,039,712 | ---- | C] () -- C:\Windows\SysWow64\ASL.dll [2012-06-10 22:14:36 | 000,007,598 | ---- | C] () -- C:\Users\tds\AppData\Local\Resmon.ResmonCfg [2012-06-03 14:35:15 | 000,003,560 | ---- | C] () -- C:\Windows\SysWow64\ludap17.ini [2012-06-03 14:35:15 | 000,000,078 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2012-06-03 14:35:07 | 000,108,544 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.dll [2012-06-03 14:35:07 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.dll [2012-06-03 12:17:23 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin [2012-06-03 11:23:16 | 001,646,666 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-01-03 08:28:06 | 002,570,286 | ---- | C] () -- C:\Windows\SysWow64\abgx360.exe [color=#E56717]========== ZeroAccess Check ==========[/color] [2011-12-23 13:05:18 | 000,003,039 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2337871059-3691734657-1116950341-1000\$R4QD6WV\data\gui\Common\imagesets\speedometer\transmissions\N.png [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-07-26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2012-06-17 14:23:57 | 000,000,000 | -HSD | M] -- C:\Users\tds\AppData\Roaming\.# [2013-10-15 20:48:40 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\.minecraft [2013-01-18 19:30:42 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\abgx360 [2013-03-22 21:42:15 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Activision [2013-10-13 15:43:53 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\AIMP3 [2013-08-04 14:58:46 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\AlawarEntertainment [2012-06-10 11:15:21 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\aliasworlds [2012-12-16 12:03:24 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Anuman [2012-06-05 19:12:31 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Ashampoo [2013-06-15 18:18:59 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Audacity [2013-01-30 21:09:48 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Babylon [2013-03-12 22:21:42 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\bicyclestudios [2013-02-23 17:28:03 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\BlamGames [2012-10-13 18:07:32 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\BlueSprig [2013-06-24 19:26:39 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\cerasus.media [2013-06-02 16:58:41 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012-09-10 22:10:17 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Curiolab [2012-10-14 13:00:40 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\DAEMON Tools Lite [2013-08-29 10:52:43 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\dclogs [2013-10-18 20:45:29 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\deluge [2013-07-07 10:48:58 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\DiskAid [2013-03-10 10:29:03 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\DisneyInteractiveStudios [2013-03-02 14:44:40 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Doublefine [2012-09-18 19:16:58 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Dropbox [2012-06-09 17:06:49 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\DVDVideoSoft [2012-06-09 17:05:19 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\DVDVideoSoftIEHelpers [2013-08-02 21:21:06 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Elephant Games [2012-10-28 12:54:54 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\ERS Game Studios [2013-02-17 11:41:02 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\ESET [2012-10-13 09:49:36 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\EurekaLog [2013-08-04 15:11:59 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\FixCleaner [2013-06-22 14:19:41 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\foobar2000 [2013-06-23 19:02:32 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Foxit Software [2013-06-22 14:09:24 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Free Music Tag Finder [2012-12-05 19:21:25 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Frogwares [2013-06-26 19:27:12 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\G-Force [2012-08-24 20:54:25 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\HD Tune Pro [2013-06-15 18:41:00 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\HoolappForAndroid [2012-09-09 10:21:48 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\ImgBurn [2012-06-03 12:42:14 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Leadertech [2013-06-10 19:06:20 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Little Inferno [2013-07-18 20:10:11 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\LucasArts [2012-06-03 13:28:46 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Maxthon3 [2013-03-12 21:22:53 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Melesta [2012-10-13 11:56:43 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Milestone [2013-10-10 19:42:30 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\minerd [2013-10-18 20:55:52 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\minert [2013-08-02 22:57:48 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Mirillis [2013-06-22 22:56:57 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\NapiProjekt [2013-03-17 20:42:17 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Nico Mak Computing [2013-03-17 20:42:22 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\OpenCandy [2013-07-13 12:30:00 | 000,000,000 | -H-D | M] -- C:\Users\tds\AppData\Roaming\Origin [2013-06-21 19:27:47 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\PlayFirst [2013-09-14 18:48:43 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Playrix Entertainment [2013-09-15 09:31:47 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Playstos srl [2013-03-18 20:32:15 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\PowerRangers [2012-06-10 16:19:34 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\PunkBuster [2013-06-11 22:08:50 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Python-Eggs [2013-07-24 09:38:56 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\QFX Software [2012-09-30 14:22:03 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\QuickStoresToolbar [2012-10-25 17:13:22 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\R.G.BestCLub [2012-06-10 10:35:20 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Radialpoint [2012-11-21 20:23:54 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Rainbow [2012-09-10 16:32:51 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\redsn0w [2013-09-08 12:04:34 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Samsung [2013-06-22 16:22:36 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\ShamanGS [2013-02-11 09:26:48 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Softplicity [2013-06-04 16:42:21 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Spider-Man - Shattered Dimensions [2013-08-30 21:22:22 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Splinter Cell - Blacklist [2013-03-17 20:42:48 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Spotflux [2013-09-14 17:30:40 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\SulusGames [2013-05-27 12:14:30 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Systweak [2013-06-11 21:29:52 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\TeamViewer [2012-08-17 18:09:09 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\TestApp [2013-08-05 21:28:25 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\TheScruffs [2013-05-12 17:08:51 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\TomTom [2012-06-24 19:02:33 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Ubisoft [2013-06-21 21:48:33 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\uTorrent [2012-06-10 10:34:21 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Virgin Media [2012-06-09 22:16:43 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\VS Revo Group [2013-10-17 17:25:47 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Warner Bros. Interactive Entertainment [2013-08-29 20:05:23 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Wayforward Technologies [2012-12-02 17:30:06 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\WB Games [2013-09-01 23:02:42 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\WhenInRome [2013-05-21 11:21:08 | 000,000,000 | ---D | M] -- C:\Users\tds\AppData\Roaming\Wondershare [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 24 bytes -> C:\Windows:27A9E4560CEE80AC @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:3E7908F7 @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E153075C @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report >