GMER 2.1.19357 - http://www.gmer.net 3rd party scan 2015-01-29 19:47:06 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB Running: gmer.exe; Driver: C:\Users\Kasia\AppData\Local\Temp\fwddykob.sys ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A60579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A84F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.1 ---- ÒuÛŠëÔÿÿÿÿwinlogonentry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042E238] C:\Users\Kasia\AppData\Local\winlogon.exe[1452] C:\Users\Kasia\AppData\Local\winlogon.exe entry point in "ÒuÛŠëÔÿÿÿÿwinlogonentry point in "" section [0x0042E238] ÒuÛŠëÔÿÿÿÿwinlogonunknown last code section [0x00424000, 0x19000, 0xC00000E0] C:\Users\Kasia\AppData\Local\winlogon.exe[1452] C:\Users\Kasia\AppData\Local\winlogon.exe unknown last code section [0x00424000, 0x19000, 0xC00000E0] ÒuÛŠëÔÿÿÿÿservicesentry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042E238] C:\Users\Kasia\AppData\Local\services.exe[2332] C:\Users\Kasia\AppData\Local\services.exe entry point in "ÒuÛŠëÔÿÿÿÿservicesentry point in "" section [0x0042E238] ÒuÛŠëÔÿÿÿÿservicesunknown last code section [0x00424000, 0x19000, 0xC00000E0] C:\Users\Kasia\AppData\Local\services.exe[2332] C:\Users\Kasia\AppData\Local\services.exe unknown last code section [0x00424000, 0x19000, 0xC00000E0] ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\AdobeARMservice@ImagePath C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Acrobat Update Service/CA SIGNED)(2014-12-03 06:31:16) Reg HKLM\SYSTEM\CurrentControlSet\services\AdobeFlashPlayerUpdateSvc@ImagePath C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe® Flash® Player Update Service 16.0 r0/CA SIGNED)(2015-01-21 21:08:14) Reg HKLM\SYSTEM\CurrentControlSet\services\DsiWMIService@ImagePath C:\Program Files\Launch Manager\dsiwmis.exe (Dritek WMI Service/Dritek System Inc. SIGNED)(2011-03-31 19:38:36) Reg HKLM\SYSTEM\CurrentControlSet\services\ePowerSvc@ImagePath C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (ePowerSvc/Acer Incorporated SIGNED)(2015-01-21 15:38:23) Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Intel(R) ME Application@CategoryMessageFile C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (User Notification Service/Intel Corporation SIGNED)(2015-01-21 15:29:23) Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\LMS@EventMessageFile C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Local Manageability Service/Intel Corporation SIGNED)(2015-01-21 15:29:21) Reg HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\UNS@CategoryMessageFile C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (User Notification Service/Intel Corporation SIGNED)(2015-01-21 15:29:23) Reg HKLM\SYSTEM\CurrentControlSet\services\gupdate@ImagePath C:\Program Files\Google\Update\GoogleUpdate.exe (Google Installer/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SYSTEM\CurrentControlSet\services\gusvc@ImagePath C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google SIGNED)(2015-01-22 21:57:00) Reg HKLM\SYSTEM\CurrentControlSet\services\IAStorDataMgrSvc@ImagePath C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (IAStorDataSvc/Intel Corporation SIGNED)(2015-01-21 15:28:34) Reg HKLM\SYSTEM\CurrentControlSet\services\LMS@ImagePath C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Local Manageability Service/Intel Corporation SIGNED)(2015-01-21 15:29:21) Reg HKLM\SYSTEM\CurrentControlSet\services\McComponentHostService@ImagePath C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe (Component Host Service/McAfee, Inc. SIGNED)(2012-09-05 15:56:44) Reg HKLM\SYSTEM\CurrentControlSet\services\UNS@ImagePath C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (User Notification Service/Intel Corporation SIGNED)(2015-01-21 15:29:23) Reg HKLM\SYSTEM\CurrentControlSet\services\ZAtheros Wlan Agent@ImagePath C:\Program Files\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe (Atheros Coex Service Application/Atheros)(2015-01-21 15:46:51) Reg HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}@StubPath C:\Program Files\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe (Google Chrome Installer/Google Inc. SIGNED)(2015-01-27 04:43:52) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AcroRd32.exe@ C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /CA SIGNED)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe@ C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2015-01-21 20:47:36) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\LManager.exe@ C:\Program Files\Launch Manager\LManager.exe (Launch Manager/Dritek System Inc. SIGNED)(2011-03-31 19:38:34) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\Picasa2ImportPicturesOnArrival@DefaultIcon C:\Program Files\Google\Picasa3\Picasa3.exe (Picasa/Google Inc. SIGNED)(2014-08-13 00:28:56) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@IAStorIcon C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (IAStorIcon/Intel Corporation SIGNED)(2015-01-21 15:28:34) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@LManager C:\Program Files\Launch Manager\LManager.exe (Launch Manager/Dritek System Inc. SIGNED)(2011-03-31 19:38:34) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@Power Management C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (ePowerTray/Acer Incorporated SIGNED)(2015-01-21 15:38:23) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@Bron-Spizaetus C:\Windows\ShellNew\bronstab.exe(2015-01-21 15:48:43) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@Adobe ARM C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Reader and Acrobat Manager/CA SIGNED)(2012-09-23 19:43:34) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX@UninstallString C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_296_ActiveX.exe (Adobe® Flash® Player Installer/Uninstaller 16.0 r0/CA SIGNED)(2015-01-25 00:51:11) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome@UninstallString C:\Program Files\Google\Chrome\Application\40.0.2214.93\Installer\setup.exe (Google Chrome Installer/Google Inc. SIGNED)(2015-01-27 04:43:52) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome@DisplayIcon C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2015-01-21 20:47:36) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LManager@UninstallString C:\Windows\UNINSTLMv4.EXE (Uninstall Application/Dritek System Inc. SIGNED)(2010-12-01 18:08:46) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan@DisplayIcon C:\Program Files\McAfee Security Scan\uninstall.exe (McAfee Security Scan Plus Installer/McAfee, Inc.)(2015-01-26 21:50:18) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\McAfee Security Scan@ExePath C:\Program Files\McAfee Security Scan\3.0.285\McUICnt.exe (McAfee/McAfee, Inc. SIGNED)(2011-02-07 20:42:10) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Picasa 3@UninstallString C:\Program Files\Google\Picasa3\Uninstall.exe(2015-01-22 21:57:02) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}@ModifyPath C:\Program Files\InstallShield Installation Information\{0CA2063D-D43F-41F2-A8AC-A3C4A4C722D2}\setup.exe (InstallScript Setup Launcher /Acresso Software Inc. )(2015-01-21 15:46:21) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DB0448D-AD82-4923-B305-D001E521A964}@ModifyPath C:\Program Files\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe (Setup.exe/Acer Incorporated SIGNED)(2015-01-21 15:38:22) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3DB0448D-AD82-4923-B305-D001E521A964}@DisplayIcon C:\Program Files\Acer\Acer ePower Management\ePowerMsg.exe (ePowerMsg/Acer Incorporated SIGNED)(2015-01-21 15:38:23) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}@DisplayName_Localized C:\Program Files\Intel\Intel(R) Rapid Storage Technology\Uninstall\Setup.exe (Intel(R) Installation Framework/Intel Corporation SIGNED)(2015-01-21 15:28:29) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}@DisplayIcon C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe (IAStorUI/Intel Corporation SIGNED)(2015-01-21 15:28:34) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}@DisplayName_Localized C:\Program Files\Intel\Intel(R) Management Engine Components\Uninstall\Setup.exe (Intel(R) Management Engine Components installer/Intel Corporation SIGNED)(2015-01-21 15:29:18) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{96AE7E41-E34E-47D0-AC07-1091A8127911}@ModifyPath C:\Program Files\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe (Setup.exe/Macrovision Corporation SIGNED)(2015-01-21 15:33:18) Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}@DisplayName_Localized C:\Program Files\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\Setup.exe (Intel(R) Graphics Media Accelerator Driver installer/Intel Corporation SIGNED)(2015-01-21 15:36:14) Reg HKLM\SOFTWARE\Classes\acrobat\shell\open\command@ C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /CA SIGNED)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Classes\Applications\PicasaPhotoViewer.exe\Shell\Open\Command@ C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe (Picasa Photo Viewer/Google Inc. SIGNED)(2014-08-13 00:29:16) Reg HKLM\SOFTWARE\Classes\ChromeHTML\shell\open\command@ C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/Google Inc. SIGNED)(2015-01-21 20:47:36) Reg HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\InprocServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated SIGNED)(2012-09-23 19:43:36) Reg HKLM\SOFTWARE\Classes\CLSID\{12BA069D-0FC6-4577-97C6-5DF634CE6E84}\InProcServer32@ C:\Program Files\Adobe\Reader 11.0\Reader\ViewerPS.dll(2012-09-23 19:43:36) Reg HKLM\SOFTWARE\Classes\CLSID\{1610BE56-B101-40FD-8136-779285D7D4A6}\InprocServer32@ C:\Program Files\Common Files\Intel\Media SDK\i1\1.5\mfx_mft_vpp_32.dll (Video Pre-Processing MFT for Intel® HD Graphics/Intel Corporation)(2015-01-21 15:36:14) Reg HKLM\SOFTWARE\Classes\CLSID\{17F2E344-8227-4AA7-A25A-E89424566BBA}\InProcServer32@ C:\Program Files\Adobe\Reader 11.0\Reader\pdfprevhndlr.dll (Adobe PDF Preview Handler/Adobe Systems, Inc. SIGNED)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InprocServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated SIGNED)(2012-09-23 19:43:36) Reg HKLM\SOFTWARE\Classes\CLSID\{1A1703E9-3E7C-41C3-AD5A-795CBFB19552}\InprocServer32@ C:\Program Files\Common Files\Intel\Media SDK\i1\1.5\mfx_mft_h264vd_32.dll (H.264 Decoder MFT for Intel® HD Graphics/Intel Corporation)(2015-01-21 15:36:14) Reg HKLM\SOFTWARE\Classes\CLSID\{24DA047B-40C0-4018-841B-6B7409F730FC}\InprocServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/CA SIGNED)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Classes\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32@ C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}@LocalizedString C:\Program Files\Google\Update\1.3.25.11\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32@ C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{5AAABB05-F91B-4bce-AB18-D8319DEDABA8}\InprocServer32@ C:\Program Files\Adobe\Reader 11.0\Reader\adoberfp.dll (Adobe Reader File Preview/CA SIGNED)(2014-12-03 06:31:30) Reg HKLM\SOFTWARE\Classes\CLSID\{5BB2200E-5672-4A32-902A-5A98DB1C58DC}\InprocServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/CA SIGNED)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\LocalServer32@ C:\Program Files\Google\Chrome\Application\40.0.2214.93\delegate_execute.exe (Google Chrome/Google Inc. SIGNED)(2015-01-27 04:43:50) Reg HKLM\SOFTWARE\Classes\CLSID\{5E628A96-1BE5-42FE-9117-EDAD9A9C479C}\InProcServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll (PDF Shell Extension/Adobe Systems, Inc. SIGNED)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Classes\CLSID\{64417EAE-2E0E-45E8-A8C1-03284E3D3587}\LocalServer32@ C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (User Notification Service/Intel Corporation SIGNED)(2015-01-21 15:29:23) Reg HKLM\SOFTWARE\Classes\CLSID\{671B6145-4169-4ADD-9AF3-E6990EB2B325}\InProcServer32@ C:\Program Files\Adobe\Reader 11.0\Reader\adoberfp.dll (Adobe Reader File Preview/CA SIGNED)(2014-12-03 06:31:30) Reg HKLM\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}@LocalizedString C:\Program Files\Google\Update\1.3.25.11\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32@ C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{73C0325A-D3BF-48AF-9F37-1589CC58E788}\InprocServer32@ C:\Program Files\Intel\Intel(R) Management Engine Components\MEWMIProv\MeProv.dll (MEProv Dynamic Link Library/Intel Corporation)(2015-01-21 15:29:31) Reg HKLM\SOFTWARE\Classes\CLSID\{7CABC14E-7C51-4AAA-AE3F-CFEB42D5016A}\LocalServer32@ C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (User Notification Service/Intel Corporation SIGNED)(2015-01-21 15:29:23) Reg HKLM\SOFTWARE\Classes\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32@ C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{80C25488-192B-4DE2-8150-5B2D2A2F835E}\LocalServer32@ C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (User Notification Service/Intel Corporation SIGNED)(2015-01-21 15:29:23) Reg HKLM\SOFTWARE\Classes\CLSID\{8215BA54-B69F-4275-AE11-31CB63593B09}\InProcServer32@ C:\Program Files\Adobe\Reader 11.0\Reader\AcroRdIF.dll (PDF IFilter/Adobe Systems, Inc. SIGNED)(2012-09-23 19:43:42) Reg HKLM\SOFTWARE\Classes\CLSID\{89DAE4CD-9F17-4980-902A-99BA84A8F5C8}\LocalServer32@ C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google SIGNED)(2015-01-22 21:57:00) Reg HKLM\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}@LocalizedString C:\Program Files\Google\Update\1.3.25.11\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32@ C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{9061EE7F-1749-45C7-8806-48BE50E660C7}\InprocHandler32@ C:\Program Files\Google\Update\1.3.25.11\psmachine.dll (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{92B6DF56-82F7-4340-A562-5451481FD712}\InprocServer32@ C:\Program Files\Common Files\Intel\Media SDK\i1\1.5\mfx_mft_mp2vd_32.dll (MPEG-2 Decoder MFT for Intel® HD Graphics/Intel Corporation)(2015-01-21 15:36:14) Reg HKLM\SOFTWARE\Classes\CLSID\{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}\LocalServer32@ C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32Info.exe (Adobe Reader /CA SIGNED)(2014-12-03 06:31:24) Reg HKLM\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}@LocalizedString C:\Program Files\Google\Update\1.3.25.11\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32@ C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{9B7F0841-B9EA-4E79-8483-D7D626814A2F}\InProcServer32@ C:\Program Files\Google\Update\1.3.25.11\psmachine.dll (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}\LocalServer32@ C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateBroker.exe (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32@ C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}@LocalizedString C:\Windows\system32\Macromed\Flash\FlashUtil32_16_0_0_296_ActiveX.exe (Adobe® Flash® Player Installer/Uninstaller 16.0 r0/CA SIGNED)(2015-01-25 00:51:11) Reg HKLM\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}@LocalizedString C:\Program Files\Google\Update\1.3.25.11\goopdate.dll (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32@ C:\Program Files\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{B53B7061-6584-46AA-A033-D610EB10BD9B}\LocalServer32@ C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (gusvc/Google SIGNED)(2015-01-22 21:57:00) Reg HKLM\SOFTWARE\Classes\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\LocalServer32@ C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /CA SIGNED)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Classes\CLSID\{B89A1D42-E640-4CDC-9C06-FCF8AE041AA7}\LocalServer32@ C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (User Notification Service/Intel Corporation SIGNED)(2015-01-21 15:29:23) Reg HKLM\SOFTWARE\Classes\CLSID\{BD57A9B2-4E7D-4892-9107-9F4106472DA4}\LocalServer32@ C:\Program Files\Adobe\Reader 11.0\Reader\AcroBroker.exe (Adobe PDF Broker Process for Internet Explorer/CA SIGNED)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Classes\CLSID\{BDE0D630-7801-47cd-984E-1F0AFBC5ACBF}\InprocServer32@ C:\Program Files\Adobe\Reader 11.0\Reader\adoberfp.dll (Adobe Reader File Preview/CA SIGNED)(2014-12-03 06:31:30) Reg HKLM\SOFTWARE\Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32@ C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Update/Google Inc. SIGNED)(2015-01-21 20:46:56) Reg HKLM\SOFTWARE\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32@ C:\Program Files\Adobe\Reader 11.0\Reader\plug_ins\Accessibility.api (Adobe Acrobat Accessibility Plug-in/Adobe Systems Incorporated)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Classes\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\InprocServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/CA SIGNED)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Classes\CLSID\{cc6f4d12-8575-4cff-9455-cf5774aeb13b}\LocalServer32@ C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe (Component Host Service/McAfee, Inc. SIGNED)(2012-09-05 15:56:44) Reg HKLM\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32@ C:\Windows\system32\Macromed\Flash\Flash32_16_0_0_296.ocx (Adobe Flash Player 16.0 r0/CA SIGNED)(2015-01-25 00:51:10) Reg HKLM\SOFTWARE\Classes\CLSID\{D38406DA-E8AA-484b-B80D-3D3DBDCC2FB2}\LocalServer32@ C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32Info.exe (Adobe Reader /CA SIGNED)(2014-12-03 06:31:24) Reg HKLM\SOFTWARE\Classes\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}@DisplayName C:\Program Files\Adobe\Reader 11.0\Reader\pdfprevhndlr.dll (Adobe PDF Preview Handler/Adobe Systems, Inc. SIGNED)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Classes\CLSID\{E16E184E-B171-46A7-9548-50E24941E0D7}\LocalServer32@ C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (User Notification Service/Intel Corporation SIGNED)(2015-01-21 15:29:23) Reg HKLM\SOFTWARE\Classes\CLSID\{E7FD7E9F-F823-4283-9B29-BA65BF439CAD}\InprocServer32@ C:\Program Files\Common Files\Intel\Media SDK\i1\1.5\mfx_mft_vc1vd_32.dll (VC-1 Decoder MFT for Intel® HD Graphics/Intel Corporation)(2015-01-21 15:36:14) Reg HKLM\SOFTWARE\Classes\CLSID\{E8978DA6-047F-4E3D-9C78-CDBE46041603}\InprocServer32@ C:\Program Files\Adobe\Reader 11.0\Reader\AcroRdIF.dll (PDF IFilter/Adobe Systems, Inc. SIGNED)(2012-09-23 19:43:42) Reg HKLM\SOFTWARE\Classes\CLSID\{EE5A151A-AD2A-4CEE-AD65-228B59F5B4AD}\InProcServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/CA SIGNED)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Classes\CLSID\{F4817E4B-04B6-11D3-8862-00C04F72F303}\InProcServer32@ C:\Program Files\Common Files\InstallShield\Professional\RunTime\objectps.dll (InstallShield (R) ObjectPS DLL/Macrovision Corporation)(2015-01-21 15:31:57) Reg HKLM\SOFTWARE\Classes\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}\InprocServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll (PDF Shell Extension/Adobe Systems, Inc. SIGNED)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Classes\CLSID\{FA1F00CD-4445-401B-ADDF-FA4126EAA7C2}\LocalServer32@ C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (User Notification Service/Intel Corporation SIGNED)(2015-01-21 15:29:23) Reg HKLM\SOFTWARE\Classes\CLSID\{FDA6EEC2-325B-4E8A-A8C7-1C75DFBE72D5}\InProcServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe PDF Helper for Internet Explorer/Adobe Systems Incorporated SIGNED)(2012-09-23 19:43:36) Reg HKLM\SOFTWARE\Classes\Google.PhotoViewer.3.0\Shell\Open\Command@ C:\Program Files\Google\Picasa3\PicasaPhotoViewer.exe (Picasa Photo Viewer/Google Inc. SIGNED)(2014-08-13 00:29:16) Reg HKLM\SOFTWARE\Classes\Installer\Products\27BCD19CBB5FD0149AA113F4D5B12448@ProductIcon C:\Windows\Installer\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}\ARPPRODUCTICON.exe (InstallShield/Acresso Software Inc.)(2015-01-21 15:37:29) Reg HKLM\SOFTWARE\Classes\PDXFileType\shell\Read\command@ C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /CA SIGNED)(2014-12-03 06:31:20) Reg HKLM\SOFTWARE\Classes\picasa\shell\open\command@ C:\Program Files\Google\Picasa3\Picasa3.exe (Picasa/Google Inc. SIGNED)(2014-08-13 00:28:56) Reg HKLM\SOFTWARE\Classes\SOFTWARE\Adobe\Acrobat\Exe@ C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Reader /CA SIGNED)(2014-12-03 06:31:20) Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Tok-Cirrhatus C:\Users\Kasia\AppData\Local\smss.exe(2015-01-21 15:48:43) ---- Files - GMER 2.1 ---- File C:\Users\Kasia\AppData\Local\BronNetDomList.bat 229 bytes ---- EOF - GMER 2.1 ----