Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015 Ran by Ikar (2015-08-17 19:19:45) Running from C:\Users\Ikar\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3326815062-3995382162-3647125834-500 - Administrator - Disabled) Gość (S-1-5-21-3326815062-3995382162-3647125834-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3326815062-3995382162-3647125834-1004 - Limited - Enabled) Ikar (S-1-5-21-3326815062-3995382162-3647125834-1002 - Administrator - Enabled) => C:\Users\Ikar ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: COMODO Antivirus (Enabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5} AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) «The Witcher 2» 3.4 (HKLM-x32\...\The Witcher 2 - Assassins of Kings - Enhanced Edition_is1) (Version: 3.4 - CD Project RED) µTorrent (HKU\S-1-5-21-3326815062-3995382162-3647125834-1002\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.) 7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated) AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.60.1497, 15.07.2015 - AIMP DevTeam) AirDroid 3.1.4.0 (HKLM-x32\...\AirDroid) (Version: 3.1.4.0 - Sand Studio) ALLPlayer V6.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) AMD Catalyst Install Manager (HKLM\...\{529C5283-F484-94CA-8D10-3A69FD0776D3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) CCSDK (HKLM-x32\...\{AE75190B-11B4-4F90-8254-DAB275CF2557}_is1) (Version: 1.0.3.4 - Lenovo) Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft) COMODO Internet Security Premium (HKLM\...\{73830292-868E-4C82-9AF5-CCFE2047B6A3}) (Version: 8.2.0.4508 - COMODO Security Solutions Inc.) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.52 - Conexant) Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc) EaseUS Partition Master 10.5 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS) e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 7.0.3 - Ministerstwo Finansow) e-Deklaracje Desktop (x32 Version: 7.0.3 - Ministerstwo Finansow) Hidden Emergency Download Driver (HKLM-x32\...\{05DBF996-83D0-4C40-8D3A-A6850800BC88}) (Version: 1.1.7.1439 - Nokia) Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.5.0.17 - Lenovo) Energy Manager (x32 Version: 1.5.0.17 - Lenovo) Hidden ffdshow x64 v1.3.4533 [2014-09-29] (HKLM\...\ffdshow64_is1) (Version: 1.3.4533.0 - ) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.) GenoPro 2.5.4.1 (HKLM-x32\...\GenoPro) (Version: - GenoPro Inc.) GoPro App (x32 Version: 5.6.509 - GoPro, Inc.) Hidden GoPro Studio 2.5.6 (HKLM-x32\...\{8850d4d9-a0fc-453f-ba03-ec084375d0c2}) (Version: 2.5.6.509 - GoPro, Inc.) Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_is1) (Version: - ) Grid 2 version 5.1 (HKLM-x32\...\{432CF492-2A3C-4F96-821A-E102B6F18F07}_is1) (Version: 5.1 - Black_Box) Heroes III Armageddon's Blade (HKLM-x32\...\Heroes III Armageddon's Blade) (Version: - ) Heroes III The Restoration of Erathia (HKLM-x32\...\Heroes III The Restoration of Erathia) (Version: - ) Heroes III The Shadow of Death (HKLM-x32\...\Heroes III The Shadow of Death) (Version: - ) Host App Service (HKU\S-1-5-21-3326815062-3995382162-3647125834-1002\...\Pokki) (Version: 0.269.7.738 - Pokki) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Photosmart 5510 series — podstawowe oprogramowanie urządzenia (HKLM\...\{FDC2652E-A08C-495D-8878-BDEE57909CB3}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Instrukcje użytkownika (x32 Version: 3.0.0.3 - Lenovo) Hidden ipla 2.8.4 (HKLM-x32\...\ipla) (Version: 2.8.4 - Redefine Sp z o.o.) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) iRoot (HKLM-x32\...\{1295E43F-382A-4CB2-9E0F-079C0D7401BB}_is1) (Version: 1.8.5.15285 - Shenzhen Xinyi Network Co.,Ltd.) Jumpstart Installation Program (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version: - Atheros) Komunikator WTW 1.6.0.4630 (HKLM\...\{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}) (Version: 1.6.0.4630 - K2T.eu) Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.14.2.9 - ClientConnect LTD) <==== ATTENTION Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited) Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10260 - Realtek Semiconductor Corp.) Lenovo FusionEngine (HKLM-x32\...\Lenovo FusionEngine) (Version: 1.0.13.0 - Lenovo, Inc.) Lenovo Mobile Phone Wireless Import (HKLM-x32\...\InstallShield_{DFB2E0D6-8DDE-49A4-B8F7-03C14DACCBA6}) (Version: 1.1.1.9 - Lenovo) Lenovo Mobile Phone Wireless Import (x32 Version: 1.1.1.9 - Lenovo) Hidden Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.1.0.2619 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 8.1.0.2619 - CyberLink Corp.) Hidden Lenovo PhoneCompanion (HKLM-x32\...\InstallShield_{0F82EA83-B0C5-4AB9-9695-DFE92C5FD57B}) (Version: 1.2.0.2 - Lenovo) Lenovo PhoneCompanion (x32 Version: 1.2.0.2 - Lenovo) Hidden Lenovo Photo Master (HKLM-x32\...\InstallShield_{BC94C56A-3649-420C-8756-2ADEBE399D33}) (Version: 1.0.1823.01 - CyberLink Corp.) Lenovo Photo Master (x32 Version: 1.0.1823.01 - CyberLink Corp.) Hidden Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.36.1 - ELAN Microelectronic Corp.) Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited) Lenovo Updates (HKLM-x32\...\InstallShield_{A2E1E9F0-0B68-4166-8C7F-85B563B84DF4}) (Version: 1.3.0.6 - Lenovo) Lenovo Updates (x32 Version: 1.3.0.6 - Lenovo) Hidden Lenovo VeriFace Pro (HKLM\...\Lenovo VeriFace) (Version: 5.0.14.1061 - Lenovo) Lumia UEFI Blue Driver (HKLM-x32\...\{D6EEB835-5BBF-4F6B-8382-1681148D7771}) (Version: 1.1.8.1448 - Nokia) Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden Microsoft Office 365 - pl-pl (HKLM\...\O365HomePremRetail - pl-pl) (Version: 15.0.4737.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3326815062-3995382162-3647125834-1002\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{01db25f3-1b76-4d97-88c8-1c90634d88fb}) (Version: 11.0.60610.1 - Корпорация Майкрософт) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.14.01.105 - Huawei Technologies Co.,Ltd) Mozilla Firefox 39.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pl)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla) MyPlayer (HKLM-x32\...\MyPlayer) (Version: 2.7.0.10 - MyPortal) Napisy24 (HKLM-x32\...\{D1985DBC-F09E-4317-91B8-932AD0FD4A27}_is1) (Version: 1.1 - Napisy24.pl) NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation) Obsługa programów Apple (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden OpenVPN 2.3.8-I601 (HKLM\...\OpenVPN) (Version: 2.3.8-I601 - ) Opera beta 32.0.1948.4 (HKLM-x32\...\Opera 32.0.1948.4) (Version: 32.0.1948.4 - Opera Software) Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation) Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (09/24/2013 19.29.2.34) (HKLM\...\EE9B1F2037C580F36D92FA431CC02BFF04C31F15) (Version: 09/24/2013 19.29.2.34 - Lenovo) Pakiet sterowników systemu Windows - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK) (Version: 10.0.50903 - Microsoft Corporation) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Raptr (HKLM-x32\...\Raptr) (Version: - ) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39058 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek) Revo Uninstaller Pro wersja 3.1.4 (HKLM\...\Revo Uninstaller Pro_is1) (Version: 3.1.4 - ) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games) SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.2.1.0 - Lenovo Group Limited) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation) Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.) Start Menu (HKU\S-1-5-21-3326815062-3995382162-3647125834-1002\...\Pokki_Start_Menu) (Version: 0.269.7.738 - Pokki) TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - ) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45471 - TeamViewer) This War of Mine (HKLM-x32\...\1207666873_is1) (Version: 2.0.0.2 - GOG.com) TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.2 - TrueCrypt Foundation) UESDK (HKLM-x32\...\{EB3F6640-58AE-4886-B8BA-466B6939A933}_is1) (Version: 1.0.2.7 - Lenovo) Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) User Manuals (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 3.0.0.3 - Lenovo) Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony) VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-2 - IDRIX) VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro) Windows Phone app for desktop (HKLM-x32\...\{99759E36-8961-43DC-A7E6-4601D6AEF166}) (Version: 1.1.2726.0 - Microsoft Corporation) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies) WinRAR 5.21 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinUsb CoInstallers (HKLM-x32\...\{B7D4B08A-9D89-4369-B51C-92CF8C03D2F8}) (Version: 1.1.8.1406 - Nokia) WinUSB Compatible ID Drivers (HKLM-x32\...\{316ED84C-ACDA-4F1F-8E64-52B7AFF8677D}) (Version: 1.1.9.1439 - Nokia) WinUSB Drivers ext (HKLM-x32\...\{238EAE31-4E9E-43CF-B244-C4879279E6AF}) (Version: 1.1.12.1439 - Nokia) Wtyczka e-Deklaracje (HKLM-x32\...\{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1) (Version: 4.1.0 - Ministerstwo Finansów) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3326815062-3995382162-3647125834-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Ikar\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 12-08-2015 10:48:08 Windows Update 17-08-2015 18:31:35 SPTD setup V1.87 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02A2615C-9DCE-4ACA-AE4B-676F23B55D7E} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3326815062-3995382162-3647125834-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe Task: {07A91E7D-F5AB-45B5-9B1A-68D76BAAA4B1} - System32\Tasks\Opera scheduled Autoupdate 1435748973 => C:\Program Files (x86)\Opera beta\launcher.exe [2015-08-15] (Opera Software) Task: {0FB78B08-7A7F-4D48-BFA1-B256817D1DB8} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-04-24] (Lenovo) Task: {226B7F7D-27DD-414D-8C08-1E5D61BAF2BA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation) Task: {2B2F3DAF-D5FD-4DA9-B88F-1EA39569C159} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation) Task: {305E6BB0-38D1-4C6A-968E-421C40D4275C} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] () Task: {59DD4606-470A-4EB4-BEA9-016B6BC2335B} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-07] (COMODO) Task: {5E41A0E0-2D52-4BDF-B747-006DC9546F22} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.) Task: {6433943E-CD88-4D36-A0D8-337F7835829E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-15] (Adobe Systems Incorporated) Task: {6D509DEF-EB41-4B02-91A6-548D9ADD367A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-22] (Microsoft Corporation) Task: {774A7CC5-899D-448A-B494-1E4736DE9B49} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe Task: {797D9A41-DD75-4ED7-8FEF-0AE9A741E0D0} - System32\Tasks\Pokki => %LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe Task: {7B17FA79-1479-42DB-9DC0-89D7660AB645} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO) Task: {9AE9F4B2-002E-4416-B054-19D9E8326ADE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo) Task: {A908D514-4ED0-4316-8F56-0A0F0550450D} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO) Task: {ABE732CD-B6E7-44BD-8FE5-8AB0BC4A50A4} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO) Task: {ADBEB3F8-6F19-40FE-B196-FEF0B95DFB33} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-08-18] (Lenovo) Task: {B355A829-9359-4FB1-95EE-C889C0466E00} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-04-24] () Task: {B6CC58E6-5A98-49C1-B8F4-7CB07316AE4C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-17] (Adobe Systems Incorporated) Task: {B71DFC31-1374-46E1-A5E9-B66BEAC9100A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser Task: {BDE36C7F-4BA7-4B82-A924-DAADAB90A520} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-04-24] (Lenovo) Task: {C36D205F-F03B-473F-8734-5DE777DEB70F} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-07] (COMODO) Task: {D0FDD73B-5C7B-482D-B883-D45F995C0342} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-07] (COMODO) Task: {D1CD37E5-CBA5-4539-8C0E-53045B97C3E0} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-04-24] () Task: {DB6AF7AA-FBA9-468F-BDA5-B5D5AA1FD978} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {F5E12039-CA11-448D-8BB4-54609C9C81A9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-22] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe ==================== Loaded Modules (Whitelisted) ============== 2015-07-15 21:38 - 2015-07-15 21:38 - 00127488 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2015-04-25 11:00 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-04-27 08:02 - 2015-04-27 08:02 - 00232288 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe 2015-04-25 23:05 - 2015-04-25 23:05 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe 2014-12-05 18:49 - 2014-12-05 18:49 - 00067856 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfConnectorService.exe 2014-12-05 18:49 - 2014-12-05 18:49 - 00672016 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace Pro\VfDataStorageInterface.dll 2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2014-02-25 23:14 - 2014-02-25 23:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-02-25 23:11 - 2014-02-25 23:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2014-12-05 17:48 - 2010-10-26 22:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe 2014-02-25 23:17 - 2014-02-25 23:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2014-03-26 13:50 - 2014-12-05 18:55 - 00058864 _____ () C:\Program Files (x86)\Lenovo\Energy Manager\kbdhook.dll 2015-04-24 05:16 - 2015-05-01 10:01 - 00019456 _____ () C:\Program Files\K2T\WTW\libCryptoLayer.module 2015-04-24 05:16 - 2015-05-01 10:01 - 00088064 _____ () C:\Program Files\K2T\WTW\libCryptoWtw.module 2015-04-24 05:16 - 2015-05-01 10:01 - 00579072 _____ () C:\Program Files\K2T\WTW\libImage.module 2015-04-24 05:16 - 2015-05-01 10:01 - 00546816 _____ () C:\Program Files\K2T\WTW\libSQ3.module 2015-04-24 05:16 - 2015-05-01 10:01 - 00092160 _____ () C:\Program Files\K2T\WTW\libZlib.module 2015-04-24 05:16 - 2015-05-01 10:01 - 00129024 _____ () C:\Program Files\K2T\WTW\libExpat.module 2015-04-24 05:16 - 2015-05-01 10:01 - 00442880 _____ () C:\Program Files\K2T\WTW\libLexer.module 2015-04-24 05:16 - 2015-05-01 10:01 - 00014336 _____ () C:\Program Files\K2T\WTW\libWin8.module 2015-07-15 21:38 - 2015-07-15 21:38 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2014-12-05 18:35 - 2014-07-09 18:19 - 00592880 _____ () C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe 2015-08-17 18:17 - 2015-08-17 18:17 - 00380416 _____ () C:\Users\Ikar\Downloads\fgsy7mvg.exe 2015-04-25 15:03 - 2013-11-22 11:38 - 00073272 _____ () F:\Foxmail 7.2\FoxPrefetch.dll 2015-04-25 15:03 - 2014-11-10 12:59 - 39029304 _____ () F:\Foxmail 7.2\cef3\libcef.dll 2015-04-25 15:03 - 2014-02-27 09:39 - 00017976 _____ () F:\Foxmail 7.2\exchange.dll 2015-04-25 15:03 - 2013-11-22 11:38 - 00064568 _____ () F:\Foxmail 7.2\FoxBugReport.dll 2015-04-25 15:03 - 2014-03-24 13:33 - 00503352 _____ () F:\Foxmail 7.2\SpamFilter.dll 2015-04-25 15:03 - 2013-11-22 11:38 - 00278072 _____ () F:\Foxmail 7.2\libcurl.dll 2015-04-25 15:03 - 2013-11-22 11:38 - 00074808 _____ () F:\Foxmail 7.2\zlib1.dll 2015-04-25 15:03 - 2014-04-01 09:07 - 01619408 _____ () F:\Foxmail 7.2\cef3\ffmpegsumo.dll 2015-08-15 15:53 - 2015-08-15 15:53 - 59619448 _____ () C:\Program Files (x86)\Opera beta\32.0.1948.4\opera.dll 2015-08-15 15:53 - 2015-08-15 15:52 - 01880696 _____ () C:\Program Files (x86)\Opera beta\32.0.1948.4\libglesv2.dll 2015-08-15 15:53 - 2015-08-15 15:52 - 00081528 _____ () C:\Program Files (x86)\Opera beta\32.0.1948.4\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SECOH-QAD.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\splwow64.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\UnGins.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\amdave64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\amdgfxinfo64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\amdhcp64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\amdhdl64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\amdmantle64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\amdmiracast.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\amdmmcl6.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\amdocl12cl64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\amdpcom64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\amdumcsp.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aspnet_counters.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atiadlxx.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atiapfxx.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aticalcl64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aticaldd64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aticalrt64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\aticfx64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atidemgy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atidxx64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atieah64.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atieclxx.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atiesrxx.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atig6pxx.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atig6txx.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atiglpxx.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atimpc64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atimuixx.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atio6axx.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atisamu64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atitmm64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atiu9p64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atiumd64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atiumd6a.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atiuxp64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\authz.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\clinfo.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\coinst_15.20.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_33.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_34.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_35.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_36.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx10.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx10_33.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx10_34.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx10_35.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx10_36.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx10_42.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx9_25.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx9_26.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx9_27.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx9_30.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx9_32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx9_33.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx9_34.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\d3dx9_36.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dbghelp.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\DelayAPO.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\detoured.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\DevicePairing.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dnsapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dnsrslvr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\eventcls.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\hpinkcoia111.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\hpinkinsa111.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\hpinkstsa111LM.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\HPScanTRDrv_PS5510.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\HPWia2_PS5510.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\hsa-thunk64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\kmddsp.tsp:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mantle64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mantleaxl64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MDMAgent.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MFMediaEngine.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mfplat.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\OpenCL.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\pspcoins.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\QSHVHOST.DLL:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\QSVRMGMT.DLL:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rasapi32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rascfg.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rasdiag.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rasmxs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rasser.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sdbinst.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\services.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SkyDrive.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SkyDriveTelemetry.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\spoolsv.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SRH.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SyncEngine.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SystemSettings.Handlers.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsDatabase.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\t-base_client_api.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\tbaseregistry64.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\untfs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\vpnike.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\vssapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\vsstrace.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01009.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wevtsvc.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Input.Inking.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WinSCard.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WinUSBCoInstaller2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WSDApi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WSDMon.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine2_8.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xinput1_1.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ac3filter.ax:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\amdave32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\amdgfxinfo32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\amdhcp32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\amdhdl32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\amdmantle32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\amdmmcl.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl12cl.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\amdpcom32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\amdumcsp.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\aspnet_counters.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atiadlxx.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atiadlxy.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalcl.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\aticaldd.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\aticalrt.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\aticfx32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atidxx32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atieah32.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atigktxx.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atiglpxx.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atimpc32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atioglxx.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atisamu32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atiu9pag.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdag.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atiumdva.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atiuxpag.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\authz.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\BugTrap.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_33.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_34.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_35.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_36.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_33.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_34.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_35.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_36.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_33.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_35.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_36.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_41.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dbgeng.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dbghelp.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\detoured.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\DevicePairing.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dnsapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\eventcls.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\hsa-thunk.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\kmddsp.tsp:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\libFLAC.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mantle32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mantleaxl32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\MFMediaEngine.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mfplat.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenCL.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\PhysXCompatCplUI.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\PhysXCplUI.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\PnkBstrA.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\PnkBstrB.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\QSHVHOST.DLL:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\QSVRMGMT.DLL:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rasapi32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rascfg.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rasdiag.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rasmxs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rasser.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\rootpacommon.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\sdbinst.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\SRH.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\t-base_client_api.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\tbaseregistry32.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\untfs.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\vssapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\vsstrace.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSCard.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\WSDApi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_10.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_6.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_7.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_8.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_9.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\SysWOW64\xvidcore.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\agilevpn.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ahcache.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdacpksd.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdacpksl.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdkmafd.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdkmcsp.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\amdpsp.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\appexDrv.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\athuwbx.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\athuwbx.sys:$CmdZnID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ati2erec.dll:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\AtihdWB6.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmdag.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\atikmpag.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthhfenum.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\dam.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\dumpsd.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\intelpep.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\jswpslwfx.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndistapi.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndproxy.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\netio.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasl2tp.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\revoflt.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\sdbus.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\serscan.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxDrv.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxUSB.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\wanarp.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID AlternateDataStreams: C:\ProgramData\Temp:054203E4 AlternateDataStreams: C:\Users\Ikar\OneDrive:ms-properties AlternateDataStreams: C:\Users\Ikar\Downloads\1436606037_by_Moris299.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\1438624921_ryquav_600.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\24_10.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\32d7c1f63c91.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\3_03.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\3_04.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\4_01.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\61s6knbl.exe:$CmdTcID AlternateDataStreams: C:\Users\Ikar\Downloads\61s6knbl.exe:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\8765701ea880.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\beaker-muppet1.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\fgsy7mvg.exe:$CmdTcID AlternateDataStreams: C:\Users\Ikar\Downloads\fgsy7mvg.exe:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\FRST64.exe:$CmdTcID AlternateDataStreams: C:\Users\Ikar\Downloads\FRST64.exe:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\kalendarz_depilacji_damskiej.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\Kali Linux Tools - Pixie Dust Attack (Offline WPS Attack) Full HD (1).mp4:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\Kali Linux Tools - Pixie Dust Attack (Offline WPS Attack) Full HD.mp4:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\Major Lazer & DJ Snake - Lean On feat. MØ (Twerk Freestyle) _ LexTwerkOut.mp4:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\NASŁUCHIWANIE SIECI KOMPUTEROWEJ - WIRESHARK.mp4:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\nethunter1.png:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\netstumblerinstaller_0_4_0.exe:$CmdTcID AlternateDataStreams: C:\Users\Ikar\Downloads\netstumblerinstaller_0_4_0.exe:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\night-photography-from-finland-by-mikko-lageerstedt-4-700x700.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\night-photography-from-finland-by-mikko-lageerstedt-7-700x700.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\oda.jpg:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\Offline WPS Attack using PixieWPS (1).mp4:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\Offline WPS Attack using PixieWPS.mp4:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\Setup.X86.pl-PL_O365HomePremRetail_8cf224b7-4ba8-46cb-8ba1-cae34d48368a_TX_DB_.exe:$CmdTcID AlternateDataStreams: C:\Users\Ikar\Downloads\Setup.X86.pl-PL_O365HomePremRetail_8cf224b7-4ba8-46cb-8ba1-cae34d48368a_TX_DB_.exe:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\SPTDinst-v187-x64.exe:$CmdTcID AlternateDataStreams: C:\Users\Ikar\Downloads\SPTDinst-v187-x64.exe:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\SPTDinst-v187-x86.exe:$CmdTcID AlternateDataStreams: C:\Users\Ikar\Downloads\SPTDinst-v187-x86.exe:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\todaynews bigbanner.png:$CmdZnID AlternateDataStreams: C:\Users\Ikar\Downloads\WiFi Wireless Password Hacking -- WPS Pixie Dust Attack 2015.mp4:$CmdZnID AlternateDataStreams: C:\Users\Ikar\AppData\Local\unins000.exe:$CmdTcID ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDWFP => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VisualDiscovery => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3326815062-3995382162-3647125834-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Ikar\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp DNS Servers: 37.8.214.2 - 31.11.202.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "GoPro Importer.lnk" HKLM\...\StartupApproved\Run: => "ETDCtrl" HKLM\...\StartupApproved\Run: => "PhoneCompanion" HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "QuickTime Task" HKLM\...\StartupApproved\Run32: => "jswtrayutil" HKLM\...\StartupApproved\Run32: => "GoPro Studio Importer" HKLM\...\StartupApproved\Run32: => "2d059fe3b8bce1556560e5f5ca3462c4" HKLM\...\StartupApproved\Run32: => "vmware-tray.exe" HKU\S-1-5-21-3326815062-3995382162-3647125834-1002\...\StartupApproved\StartupFolder: => "2d059fe3b8bce1556560e5f5ca3462c4.exe" HKU\S-1-5-21-3326815062-3995382162-3647125834-1002\...\StartupApproved\Run: => "AppEx Accelerator UI" HKU\S-1-5-21-3326815062-3995382162-3647125834-1002\...\StartupApproved\Run: => "ALLUpdate" HKU\S-1-5-21-3326815062-3995382162-3647125834-1002\...\StartupApproved\Run: => "Napisy24Update" HKU\S-1-5-21-3326815062-3995382162-3647125834-1002\...\StartupApproved\Run: => "Napisy24.pl" HKU\S-1-5-21-3326815062-3995382162-3647125834-1002\...\StartupApproved\Run: => "2d059fe3b8bce1556560e5f5ca3462c4" HKU\S-1-5-21-3326815062-3995382162-3647125834-1002\...\StartupApproved\Run: => "AirDroid 3" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{F49DC210-61B7-4F1E-8C89-E1AB1C8B1B10}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{CDD3AFF7-1B71-40B1-83A5-D0697F6960C8}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe FirewallRules: [{703FEDC6-81DB-4AF9-9DE4-070F4B972335}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{02424044-942D-4661-A3D0-A462C766D493}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe FirewallRules: [{0A19AB46-2926-433C-B19E-95DEA0C37F83}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{6D3DF0A3-D465-4FDC-815B-209FA8671ADC}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE FirewallRules: [{A75C53E2-A28C-4BB0-ADA9-DEFE4D621649}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\PhotoPlus.exe FirewallRules: [{DDDB630D-DF42-465C-BF28-DF5BCC25F5AA}] => (Allow) C:\Program Files (x86)\Lenovo\Lenovo Photo Master\subsys\AdvPhotoEditor\PhotoDirector5.exe FirewallRules: [{85F2A2CC-3469-4F19-9D45-49D36039BB63}] => (Allow) LPort=55100 FirewallRules: [{608FDB02-6631-414E-8AD6-74EAAF90FB8F}] => (Allow) C:\Program Files\Lenovo PhotoMasterImport\PhotoMasterImport.exe FirewallRules: [{F8A70FDD-157F-4B81-9F45-5D74C7A102D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AB2D1ADE-28EC-4D5F-A012-62FF8E74EBBA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3A2B304D-5A86-4FA8-8F95-7282FA843708}] => (Allow) C:\Users\Ikar\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{89BA1327-6B83-435B-8B90-BD51BC1208DB}] => (Allow) C:\Users\Ikar\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DFE38A34-53C2-4350-A123-0B31275B079D}] => (Allow) C:\Users\Ikar\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{D9B712D3-5411-4E0B-997E-C825E4FC4C09}D:\r.g. catalyst\the witcher 2 - assassins of kings - enhanced edition\bin\witcher2.exe] => (Allow) D:\r.g. catalyst\the witcher 2 - assassins of kings - enhanced edition\bin\witcher2.exe FirewallRules: [UDP Query User{A04E59B9-8B72-4936-9691-CDEF8CF1F9E5}D:\r.g. catalyst\the witcher 2 - assassins of kings - enhanced edition\bin\witcher2.exe] => (Allow) D:\r.g. catalyst\the witcher 2 - assassins of kings - enhanced edition\bin\witcher2.exe FirewallRules: [{76D80C8C-136C-4233-8965-11FC1C094DB2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{27117B7A-16AC-4377-8029-F13B1260A9C7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{8F5E9A66-2FE4-4710-9296-0A2C644A39AD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{B2210DB2-2C78-4C1B-8E50-4DD230F89E5D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{0176AF32-761E-4912-A480-8EAAB0CA7DB0}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe FirewallRules: [{0A3F81B1-C394-4F60-B7AA-465BD0BC733D}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3.exe FirewallRules: [{6F41113C-D5C6-4B38-8235-9BC2B31F6C8E}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe FirewallRules: [{7C0375C2-A797-49B4-AAD8-206462B6AFC0}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\farcry3_d3d11.exe FirewallRules: [{6254E452-46C1-40ED-8D14-E6259E5112B0}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe FirewallRules: [{04E55787-ACA1-421F-9466-196F3619FCC7}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Updater.exe FirewallRules: [{6B3111EC-9D49-43CE-AE42-A74C9B4DCC10}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe FirewallRules: [{5A8337F9-7B02-4CD3-A5F5-A0EA7406797C}] => (Allow) C:\Program Files (x86)\Ubisoft\FarCry 3\bin\FC3Editor.exe FirewallRules: [{E03A389F-6C2E-4E59-A84B-FB9708F966FA}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe FirewallRules: [{2EF6A490-7C5A-4D20-BC6F-430A11EC0BAE}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe FirewallRules: [{6057DEA9-3DE8-4809-897D-F2CA36F9BD08}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{1BDD8B9B-F312-4DAB-A562-A468CC3DA5FE}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{D46FBEDC-EB53-4724-BFBD-87B7AB1E2C24}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe FirewallRules: [{21A1424B-AA95-4B16-BB33-8DA37346D585}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [TCP Query User{4C5428D0-EE4F-43B0-B5A1-F6B062936E3D}F:\grand theft auto v\gta5.exe] => (Allow) F:\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{C43A035F-9D3E-4401-AD05-6AEAF4740426}F:\grand theft auto v\gta5.exe] => (Allow) F:\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{B14975B8-2676-4583-9A86-9BC09F7CAB5B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{3EB8A5EB-D1C3-4A69-809A-8BA265FF009A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{F44FB8C6-E34B-40A1-A5D6-83D9A4E7428F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{F5A3D9BF-DCF3-4487-9472-146AA67243D0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{0F444232-7613-4C6F-8AC5-8BD147DB580E}] => (Allow) C:\Users\Ikar\AppData\Local\Temp\7zS0C9B\hppiw.exe FirewallRules: [{F69D0749-DC97-4D5C-A3BD-0AFA24BFA060}] => (Allow) C:\Users\Ikar\AppData\Local\Temp\7zS0C9B\hppiw.exe FirewallRules: [{12108B59-325C-497E-BB56-5FEC39BBF1A8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{6E93B7AD-797D-449B-957B-8CF78B4961A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{088418D3-3497-4BEC-BE74-42B1CC331E35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{793B6681-2AD5-4D4A-B80F-8BC54DDA881E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A59D8A3F-CBA0-4726-A4E2-2872AE5769C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{8F406A96-B32B-4F0E-BB9A-3D9909723549}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{C32E880A-CB8C-4CFC-A389-2560D9CE3391}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{FAD60E93-39AA-4959-AF62-06328E03E9F4}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{49DA5BE4-A518-4059-93D0-0F82BCC4BFA2}] => (Allow) C:\Users\Ikar\AppData\Local\Temp\svchost.exe FirewallRules: [{979AE789-FF1F-49CE-8F63-73FD657D8348}] => (Allow) C:\Users\Ikar\AppData\Local\Temp\svchost.exe ==================== Faulty Device Manager Devices ============= Name: Realtek PCIe GBE Family Controller Description: Realtek PCIe GBE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8168 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Lenovo Primary iM Controller Description: Lenovo Primary iM Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Lenovo Corporation Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (08/17/2015 06:54:00 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (08/17/2015 06:44:30 PM) (Source: NtServicePack) (EventID: 4373) (User: ) Description: WindowsW magazynie brak miejsca dla wykonania tego polecenia. Error: (08/17/2015 06:38:53 PM) (Source: NtServicePack) (EventID: 4373) (User: ) Description: WindowsW magazynie brak miejsca dla wykonania tego polecenia. Error: (08/17/2015 06:31:35 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Błąd Usługi kopiowania woluminów w tle: nieoczekiwany błąd podczas badania interfejsu IVssWriterCallback. hr = 0x80070005, Odmowa dostępu. . To jest często spowodowane przez niepoprawne ustawienia zabezpieczeń w procesie zapisującym lub żądającym. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {cec516eb-aea0-494e-8caa-19b3444c1ea4} Error: (08/17/2015 05:47:43 PM) (Source: NtServicePack) (EventID: 4373) (User: ) Description: WindowsW magazynie brak miejsca dla wykonania tego polecenia. Error: (08/17/2015 05:38:31 PM) (Source: NtServicePack) (EventID: 4373) (User: ) Description: WindowsW magazynie brak miejsca dla wykonania tego polecenia. Error: (08/17/2015 05:18:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: InstallFlashPlayer.exe, wersja: 18.0.0.232, sygnatura czasowa: 0x55c42efe Nazwa modułu powodującego błąd: fpb.tmp_unloaded, wersja: 18.0.0.232, sygnatura czasowa: 0x55c42f57 Kod wyjątku: 0xc000041d Przesunięcie błędu: 0x000162de Identyfikator procesu powodującego błąd: 0xecc Godzina uruchomienia aplikacji powodującej błąd: 0xInstallFlashPlayer.exe0 Ścieżka aplikacji powodującej błąd: InstallFlashPlayer.exe1 Ścieżka modułu powodującego błąd: InstallFlashPlayer.exe2 Identyfikator raportu: InstallFlashPlayer.exe3 Pełna nazwa pakietu powodującego błąd: InstallFlashPlayer.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: InstallFlashPlayer.exe5 Error: (08/17/2015 05:18:27 PM) (Source: NtServicePack) (EventID: 4373) (User: ) Description: WindowsW magazynie brak miejsca dla wykonania tego polecenia. Error: (08/17/2015 05:18:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: InstallFlashPlayer.exe, wersja: 18.0.0.232, sygnatura czasowa: 0x55c42efe Nazwa modułu powodującego błąd: fpb.tmp_unloaded, wersja: 18.0.0.232, sygnatura czasowa: 0x55c42f57 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000162de Identyfikator procesu powodującego błąd: 0xecc Godzina uruchomienia aplikacji powodującej błąd: 0xInstallFlashPlayer.exe0 Ścieżka aplikacji powodującej błąd: InstallFlashPlayer.exe1 Ścieżka modułu powodującego błąd: InstallFlashPlayer.exe2 Identyfikator raportu: InstallFlashPlayer.exe3 Pełna nazwa pakietu powodującego błąd: InstallFlashPlayer.exe4 Identyfikator aplikacji względem pakietu powodującego błąd: InstallFlashPlayer.exe5 Error: (08/16/2015 06:53:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 System errors: ============= Error: (08/17/2015 06:41:29 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (08/17/2015 06:41:29 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (08/17/2015 06:38:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Lenovo Browser Guard Service zależy od usługi Usługi pulpitu zdalnego, której nie można uruchomić z powodu następującego błędu: %%1070 Error: (08/17/2015 06:38:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Usługa Usługi pulpitu zdalnego zawiesiła się podczas uruchamiania. Error: (08/17/2015 06:34:03 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (08/17/2015 06:34:03 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (08/17/2015 06:33:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Usługa Wstępne ładowanie do pamięci zakończyła działanie; wystąpił następujący błąd: %%1062 Error: (08/17/2015 06:27:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Disc Soft Lite Bus Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Error: (08/17/2015 05:45:00 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Error: (08/17/2015 05:45:00 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: Microsoft Office: ========================= Error: (08/17/2015 06:54:00 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 Error: (08/17/2015 06:44:30 PM) (Source: NtServicePack) (EventID: 4373) (User: ) Description: WindowsW magazynie brak miejsca dla wykonania tego polecenia. Error: (08/17/2015 06:38:53 PM) (Source: NtServicePack) (EventID: 4373) (User: ) Description: WindowsW magazynie brak miejsca dla wykonania tego polecenia. Error: (08/17/2015 06:31:35 PM) (Source: VSS) (EventID: 8194) (User: ) Description: 0x80070005, Odmowa dostępu. Operacja: Zbieranie danych modułu zapisującego Kontekst: Identyfikator klasy modułu zapisującego: {e8132975-6f93-4464-a53e-1050253ae220} Nazwa modułu zapisującego: System Writer Identyfikator wystąpienia modułu zapisującego: {cec516eb-aea0-494e-8caa-19b3444c1ea4} Error: (08/17/2015 05:47:43 PM) (Source: NtServicePack) (EventID: 4373) (User: ) Description: WindowsW magazynie brak miejsca dla wykonania tego polecenia. Error: (08/17/2015 05:38:31 PM) (Source: NtServicePack) (EventID: 4373) (User: ) Description: WindowsW magazynie brak miejsca dla wykonania tego polecenia. Error: (08/17/2015 05:18:36 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: InstallFlashPlayer.exe18.0.0.23255c42efefpb.tmp_unloaded18.0.0.23255c42f57c000041d000162deecc01d0d8ffd7207c21C:\Users\Ikar\AppData\Local\Temp\{0DF6EBFE-0C30-44E2-B95A-DB9E7EF39F98}\InstallFlashPlayer.exefpb.tmp3ab6e17b-44f3-11e5-8290-5c93a2e340da Error: (08/17/2015 05:18:27 PM) (Source: NtServicePack) (EventID: 4373) (User: ) Description: WindowsW magazynie brak miejsca dla wykonania tego polecenia. Error: (08/17/2015 05:18:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: InstallFlashPlayer.exe18.0.0.23255c42efefpb.tmp_unloaded18.0.0.23255c42f57c0000005000162deecc01d0d8ffd7207c21C:\Users\Ikar\AppData\Local\Temp\{0DF6EBFE-0C30-44E2-B95A-DB9E7EF39F98}\InstallFlashPlayer.exefpb.tmp30a851c3-44f3-11e5-8290-5c93a2e340da Error: (08/16/2015 06:53:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073415161 CodeIntegrity: =================================== Date: 2015-08-17 19:14:54.637 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-17 18:44:45.159 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-17 18:37:18.281 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-17 18:23:27.951 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-17 18:11:11.484 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-17 17:57:15.656 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-17 17:47:25.527 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-17 17:37:13.258 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-17 17:31:49.700 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-08-17 17:17:27.771 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics Percentage of memory in use: 29% Total physical RAM: 11224.26 MB Available physical RAM: 7938.34 MB Total Virtual: 12952.26 MB Available Virtual: 8610.16 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:177.72 GB) (Free:50.78 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:5.67 GB) NTFS Drive f: (Dane) (Fixed) (Total:248.15 GB) (Free:146.77 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 5584E5BF) Partition: GPT. ==================== End of log ============================