***** DRIVE/DIRECTORY SCAN ***** Trojan Remover Ver 6.8.2.2599. For information, email support@simplysup.com Scan started at: 10:24:16 20 sie 2011 Using Database v7718 Operating System: Windows 7 x64 Ultimate (SP1) [Build: 6.1.7601] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Bogutek\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Bogutek\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files (x86)\Trojan Remover\ Running with Administrator privileges ************************************************************ Carrying out scan on C:\ (including subdirectories) Archive files will be EXCLUDED. ------------------------------ C:\$Recycle.Bin\S-1-5-21-103101031-3165163358-47840468-1000\$RSFD72B.exe - scanning skipped, too large C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSORES.DLL - scanning skipped, too large C:\ProgramData\Adobe\ARM\Acrobat_10.0.2\AcrobatUpd1010.msp - scanning skipped, too large C:\ProgramData\Corel\Downloads\540215253_610005\1300677038363\CDGSX5SP3.exe - scanning skipped, too large C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin appears to be in-use/locked C:\Users\All Users\Adobe\ARM\Acrobat_10.0.2\AcrobatUpd1010.msp - scanning skipped, too large C:\Users\All Users\Corel\Downloads\540215253_610005\1300677038363\CDGSX5SP3.exe - scanning skipped, too large C:\Users\All Users\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin appears to be in-use/locked C:\Users\Bogutek\AppData\Roaming\Skype\temp-dDhaiHfDNLdxNaPqe7efDgJW appears to be in-use/locked C:\Users\Bogutek\AppData\Roaming\Skype\temp-VU2seoLB1av6lfhoU9MZwOD0 appears to be in-use/locked C:\Users\Bogutek\Downloads\Grafika\ABBYY.FineReader.Corporate.Edition.v10.0.102.185.PL-Pafnutiy761\ABBYY_FineReader_10_CE.exe - scanning skipped, too large C:\Users\Bogutek\Downloads\Grafika\ACDSee.Photo.Manager.12.0.344.EN.PL\ACDsee.12.0.344.EN.exe - scanning skipped, too large C:\Users\Bogutek\Downloads\Grafika\Corel.PaintShop.Photo.Pro.X3\Corel PaintShop Photo Pro X3 v13.2.0.41 MULTil With Tutorials & Features\PSPP_X3_TBYB.exe - scanning skipped, too large C:\Users\Bogutek\Downloads\Grafika\CorelDRAW Graphics Suite X5 15.2.0.661\CorelDRAWGraphicsSuiteX5Installer_PL.exe - scanning skipped, too large C:\Users\Bogutek\Downloads\Nagrywanie CD - DVD\Nero.10.0.13200\Nero-10.0.13200_trial.exe - scanning skipped, too large C:\Users\Bogutek\Downloads\Nauka\angielski podstawowy\aa-smanpppp2007.bin - scanning skipped, too large C:\Users\Bogutek\Downloads\Nauka\angielski sredni\aa-smanppps2007.bin - scanning skipped, too large C:\Users\Bogutek\Downloads\System\Ivona.1.4.1.PL.Jacek.22KHz.Ewa.22KHz_by_prezesxx1\Ivona_Ewa_22KHz\Ewa_Ivona_22KHz.exe - scanning skipped, too large C:\Users\Bogutek\Downloads\System\Ivona.1.4.1.PL.Jacek.22KHz.Ewa.22KHz_by_prezesxx1\Ivona_Jacek_22KHz\Jacek_Ivona_22KHz.exe - scanning skipped, too large C:\Windows\Sysnative\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb appears to be in-use/locked C:\Windows\Sysnative\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb appears to be in-use/locked C:\Windows\Sysnative\config\default appears to be in-use/locked C:\Windows\Sysnative\config\RegBack\DEFAULT appears to be in-use/locked C:\Windows\Sysnative\config\RegBack\SAM appears to be in-use/locked C:\Windows\Sysnative\config\RegBack\SECURITY appears to be in-use/locked C:\Windows\Sysnative\config\sam appears to be in-use/locked C:\Windows\Sysnative\config\security appears to be in-use/locked ------------------------------ 236965 files scanned Directory scan complete - no Malware files detected Scan completed at: 19:41:25 20 sie 2011 Total Scan time: 09:17:09 ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.2.2599. For information, email support@simplysup.com Scan started at: 10:23:59 20 sie 2011 Using Database v7718 Operating System: Windows 7 x64 Ultimate (SP1) [Build: 6.1.7601] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Bogutek\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Bogutek\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files (x86)\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 10:23:59: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 10:23:59: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\system32\explorer.exe 2616320 bytes Created: 2011-05-18 21:33 Modified: 2011-02-25 07:30 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [userinit.exe,] File: userinit.exe C:\Windows\system32\userinit.exe 26624 bytes Created: 2011-05-21 07:13 Modified: 2010-11-20 14:17 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "System" value appears to be blank ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: run The Data Value for this entry appears to be blank -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: BCSSync Value Data: "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe 91520 bytes Created: 2010-03-13 14:54 Modified: 2010-03-13 14:54 Company: Microsoft Corporation -------------------- Value Name: avast5 Value Data: "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui C:\Program Files\Alwil Software\Avast5\avastUI.exe 3493720 bytes Created: 2011-07-11 17:06 Modified: 2011-07-04 13:43 Company: AVAST Software -------------------- Value Name: IAStorIcon Value Data: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 284696 bytes Created: 2011-05-23 19:05 Modified: 2010-04-13 09:57 Company: Intel Corporation -------------------- Value Name: StartCCC Value Data: "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 98304 bytes Created: 2010-09-09 14:05 Modified: 2010-09-09 14:05 Company: Advanced Micro Devices, Inc. -------------------- Value Name: HP Quick Launch Value Data: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe 586296 bytes Created: 2010-11-09 15:20 Modified: 2010-11-09 15:20 Company: Hewlett-Packard Development Company, L.P. -------------------- Value Name: Adobe ARM Value Data: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 937920 bytes Created: 2011-06-06 12:55 Modified: 2011-06-06 12:55 Company: Adobe Systems Incorporated -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 254696 bytes Created: 2011-04-08 12:59 Modified: 2011-04-08 12:59 Company: Sun Microsystems, Inc. -------------------- Value Name: Bonus.SSR.FR10 Value Data: "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe 941320 bytes Created: 2010-12-30 04:26 Modified: 2011-07-05 07:57 Company: ABBYY. -------------------- Value Name: TrojanScanner Value Data: C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot C:\Program Files (x86)\Trojan Remover\Trjscan.exe 1233856 bytes Created: 2011-08-20 10:17 Modified: 2011-08-20 10:19 Company: Simply Super Software Scan cancelled by User -------------------- Windows Registry scan stopped at user request The ShellExecuteHooks were not scanned Hidden Registry Entries were not scanned for The ScreenSaver was not checked The Windows Registry Active Setup keys were not scanned The ServiceDLLs registry keys were not scanned The Services registry keys were not scanned The VxD Entries were not scanned The Winlogon\Notify DLLs were not scanned The ContextMenuHandlers were not scanned The Browser Helper Objects were not scanned The ShellServiceObjects were not scanned The SharedTaskScheduler DLLs were not scanned The Imagefile Debuggers were not scanned The AppInit_DLLs were not scanned The Security Provider DLLs were not scanned The Global Startup Group was not scanned The User Startup Groups were not scanned The Scheduled Tasks were not scanned The ShellIconOverylayIdentifiers were not scanned The Device Drivers were not scanned Heuristic Scans were not carried out Running Processes were not scanned The HOSTS file was not checked The check on Explorer.exe was not carried out Internet Explorer settings were not checked. ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 10:24:02 20 sie 2011 Total Scan time: 00:00:03 ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.8.2.2599. For information, email support@simplysup.com Scan started at: 10:23:00 20 sie 2011 Using Database v7718 Operating System: Windows 7 x64 Ultimate (SP1) [Build: 6.1.7601] File System: NTFS UAC is ENABLED [default level] UserData directory: C:\Users\Bogutek\AppData\Roaming\Simply Super Software\Trojan Remover\ Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\ Logfile directory: C:\Users\Bogutek\Documents\Simply Super Software\Trojan Remover Logfiles\ Program directory: C:\Program Files (x86)\Trojan Remover\ Running with Administrator privileges ************************************************************ ************************************************************ 10:23:00: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ************************************************************ 10:23:00: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Key value: [explorer.exe] File: explorer.exe C:\Windows\system32\explorer.exe 2616320 bytes Created: 2011-05-18 21:33 Modified: 2011-02-25 07:30 Company: Microsoft Corporation ---------- This key's "Userinit" value calls the following program(s): Key value: [userinit.exe,] File: userinit.exe C:\Windows\system32\userinit.exe 26624 bytes Created: 2011-05-21 07:13 Modified: 2010-11-20 14:17 Company: Microsoft Corporation ---------- This key's "System" value appears to be blank ---------- This key's "System" value appears to be blank ---------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name: run The Data Value for this entry appears to be blank -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value Name: BCSSync Value Data: "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe 91520 bytes Created: 2010-03-13 14:54 Modified: 2010-03-13 14:54 Company: Microsoft Corporation -------------------- Value Name: avast5 Value Data: "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui C:\Program Files\Alwil Software\Avast5\avastUI.exe 3493720 bytes Created: 2011-07-11 17:06 Modified: 2011-07-04 13:43 Company: AVAST Software -------------------- Value Name: IAStorIcon Value Data: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 284696 bytes Created: 2011-05-23 19:05 Modified: 2010-04-13 09:57 Company: Intel Corporation -------------------- Value Name: StartCCC Value Data: "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 98304 bytes Created: 2010-09-09 14:05 Modified: 2010-09-09 14:05 Company: Advanced Micro Devices, Inc. -------------------- Value Name: HP Quick Launch Value Data: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe 586296 bytes Created: 2010-11-09 15:20 Modified: 2010-11-09 15:20 Company: Hewlett-Packard Development Company, L.P. -------------------- Value Name: Adobe ARM Value Data: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 937920 bytes Created: 2011-06-06 12:55 Modified: 2011-06-06 12:55 Company: Adobe Systems Incorporated -------------------- Value Name: SunJavaUpdateSched Value Data: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 254696 bytes Created: 2011-04-08 12:59 Modified: 2011-04-08 12:59 Company: Sun Microsystems, Inc. -------------------- Value Name: Bonus.SSR.FR10 Value Data: "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe 941320 bytes Created: 2010-12-30 04:26 Modified: 2011-07-05 07:57 Company: ABBYY. -------------------- Value Name: TrojanScanner Value Data: C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot C:\Program Files (x86)\Trojan Remover\Trjscan.exe 1233856 bytes Created: 2011-08-20 10:17 Modified: 2011-08-20 10:19 Company: Simply Super Software -------------------- -------------------- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Value Name: DAEMON Tools Lite Value Data: "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe 1305408 bytes Created: 2011-01-20 11:20 Modified: 2011-01-20 11:20 Company: DT Soft Ltd -------------------- Value Name: HPAdvisorDock Value Data: C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe 1715768 bytes Created: 2010-09-28 14:04 Modified: 2010-09-28 14:04 Company: Hewlett-Packard -------------------- Value Name: ISUSPM Value Data: "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe 210208 bytes Created: 2008-10-20 15:32 Modified: 2008-10-20 15:32 Company: Acresso Corporation -------------------- Value Name: DIMPobieranie aktualizacji...1300677038363 Value Data: "c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe" "c:\programdata\corel\downloads\540215253_610005\1300677038363\dim_params.xml" -Launch=3 -uibase="c:\users\bogutek\appdata\roaming\corel\messages\540215253_610005\pl\messagecache1\workflow" c:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.exe 95592 bytes Created: 2010-01-13 18:11 Modified: 2010-01-13 18:11 Company: Corel Corporation -------------------- Value Name: Skype Value Data: "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized C:\Program Files (x86)\Skype\Phone\Skype.exe -R- 15141768 bytes Created: 2011-06-15 15:02 Modified: 2011-06-15 15:02 Company: Skype Technologies S.A. -------------------- -------------------- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty ************************************************************ 10:23:03: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} Value: Groove GFS Stub Execution Hook File: C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL 4222864 bytes Created: 2010-03-25 10:25 Modified: 2010-03-25 10:25 Company: Microsoft Corporation ---------- ************************************************************ 10:23:03: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Hidden File-loading Registry Entries found ---------- ************************************************************ 10:23:03: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ************************************************************ 10:23:03: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Key: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} Path: %SystemRoot%\system32\unregmp2.exe /ShowWMP C:\Windows\Sysnative\unregmp2.exe 323584 bytes Created: 2009-07-14 02:23 Modified: 2009-07-14 03:39 Company: Microsoft Corporation ---------- Key: >{26923b43-4d38-484f-9b9e-de460746276c} Path: C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig C:\Windows\SysWOW64\ie4uinit.exe 74240 bytes Created: 2011-05-18 22:58 Modified: 2011-05-18 22:58 Company: Microsoft Corporation ---------- Key: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} Path: "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP C:\Windows\SysWOW64\iedkcs32.dll 353584 bytes Created: 2011-05-18 22:58 Modified: 2011-05-18 22:58 Company: Microsoft Corporation ---------- Key: {10880D85-AAD9-4558-ABDC-2AB1552D831F} Path: "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe 451872 bytes Created: 2011-03-04 12:29 Modified: 2011-03-04 12:29 Company: Hewlett-Packard Company ---------- Key: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} Path: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll C:\Windows\Sysnative\themeui.dll 2851840 bytes Created: 2011-05-21 07:14 Modified: 2010-11-20 15:27 Company: Microsoft Corporation ---------- Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} Path: "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE C:\Program Files (x86)\Windows Mail\WinMail.exe Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6} Path: %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI C:\Windows\Sysnative\unregmp2.exe 323584 bytes Created: 2009-07-14 02:23 Modified: 2009-07-14 03:39 Company: Microsoft Corporation ---------- Key: {89820200-ECBD-11cf-8B85-00AA005B4383} Path: C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings C:\Windows\SysWOW64\ie4uinit.exe 74240 bytes Created: 2011-05-18 22:58 Modified: 2011-05-18 22:58 Company: Microsoft Corporation ---------- Key: {89B4C1CD-B018-4511-B0A1-5476DBF70820} Path: C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install C:\Windows\SysWOW64\mscories.dll 80720 bytes Created: 2011-05-21 07:13 Modified: 2010-11-05 03:58 Company: Microsoft Corporation ---------- ************************************************************ 10:23:04: Scanning ----- SERVICEDLL REGISTRY KEYS ----- ************************************************************ 10:23:05: Scanning ----- SERVICES REGISTRY KEYS ----- Key: ABBYY.Licensing.FineReader.Corporate.10.0 ImagePath: "C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe" -service C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe 814344 bytes Created: 2010-07-22 21:07 Modified: 2010-07-22 21:07 Company: ABBYY ---------- Key: Accelerometer ImagePath: system32\DRIVERS\Accelerometer.sys C:\Windows\Sysnative\DRIVERS\Accelerometer.sys 43320 bytes Created: 2011-05-13 18:57 Modified: 2011-05-13 18:57 Company: Hewlett-Packard Company ---------- Key: AdobeARMservice ImagePath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 64952 bytes Created: 2011-06-06 12:55 Modified: 2011-06-06 12:55 Company: Adobe Systems Incorporated ---------- Key: AESTFilters ImagePath: C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\IDT\WDM\AESTSr64.exe 89600 bytes Created: 2011-05-23 19:58 Modified: 2009-03-03 03:42 Company: Andrea Electronics Corporation ---------- Key: AMD External Events Utility ImagePath: %SystemRoot%\system32\atiesrxx.exe C:\Windows\Sysnative\atiesrxx.exe 203264 bytes Created: 2010-09-08 23:26 Modified: 2010-09-08 23:26 Company: AMD ---------- Key: amdkmdap ImagePath: system32\DRIVERS\atikmpag.sys C:\Windows\Sysnative\DRIVERS\atikmpag.sys 279040 bytes Created: 2010-09-08 22:52 Modified: 2010-09-08 22:52 Company: Advanced Micro Devices, Inc. ---------- Key: amdsata ImagePath: \SystemRoot\system32\drivers\amdsata.sys C:\Windows\Sysnative\drivers\amdsata.sys 107904 bytes Created: 2011-05-21 07:14 Modified: 2010-11-20 15:32 Company: Advanced Micro Devices ---------- Key: amdxata ImagePath: system32\drivers\amdxata.sys C:\Windows\Sysnative\drivers\amdxata.sys 27008 bytes Created: 2011-05-21 07:14 Modified: 2010-11-20 15:32 Company: Advanced Micro Devices ---------- Key: aswMonFlt ImagePath: \??\C:\Windows\system32\drivers\aswMonFlt.sys C:\Windows\Sysnative\drivers\aswMonFlt.sys 64856 bytes Created: 2011-06-17 21:46 Modified: 2011-07-04 13:32 Company: AVAST Software ---------- Key: atapi ImagePath: system32\drivers\atapi.sys C:\Windows\Sysnative\drivers\atapi.sys 24128 bytes Created: 2009-07-14 01:19 Modified: 2009-07-14 03:52 Company: Microsoft Corporation ---------- Key: AtiHdmiService ImagePath: system32\drivers\AtiHdmi.sys C:\Windows\Sysnative\drivers\AtiHdmi.sys 125456 bytes Created: 2010-05-05 14:21 Modified: 2010-05-05 14:21 Company: ATI Technologies, Inc. ---------- Key: avast! Antivirus ImagePath: "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 42184 bytes Created: 2011-07-11 17:06 Modified: 2011-07-04 13:43 Company: AVAST Software ---------- Key: AVerAF35 ImagePath: System32\Drivers\HPAF35.sys C:\Windows\Sysnative\Drivers\HPAF35.sys 511104 bytes Created: 2011-05-23 18:49 Modified: 2009-10-19 05:35 Company: Hewlett-Packard ---------- Key: b06bdrv ImagePath: \SystemRoot\system32\DRIVERS\bxvbda.sys C:\Windows\Sysnative\DRIVERS\bxvbda.sys 468480 bytes Created: 2009-06-10 22:34 Modified: 2009-06-10 22:34 Company: Broadcom Corporation ---------- Key: b57nd60a ImagePath: system32\DRIVERS\b57nd60a.sys C:\Windows\Sysnative\DRIVERS\b57nd60a.sys 270848 bytes Created: 2009-06-10 22:34 Modified: 2009-06-10 22:34 Company: Broadcom Corporation ---------- Key: BthEnum ImagePath: \SystemRoot\system32\drivers\BthEnum.sys C:\Windows\Sysnative\drivers\BthEnum.sys 41984 bytes Created: 2009-07-14 02:06 Modified: 2009-07-14 02:06 Company: Microsoft Corporation ---------- Key: BTHPORT ImagePath: \SystemRoot\System32\Drivers\BTHport.sys C:\Windows\Sysnative\Drivers\BTHport.sys 552448 bytes Created: 2011-05-21 07:13 Modified: 2010-11-20 12:44 Company: Microsoft Corporation ---------- Key: BTHUSB ImagePath: \SystemRoot\System32\Drivers\BTHUSB.sys C:\Windows\Sysnative\Drivers\BTHUSB.sys 80384 bytes Created: 2011-05-21 07:13 Modified: 2010-11-20 12:44 Company: Microsoft Corporation ---------- Key: circlass ImagePath: system32\DRIVERS\circlass.sys C:\Windows\Sysnative\DRIVERS\circlass.sys 45568 bytes Created: 2009-07-14 02:06 Modified: 2009-07-14 02:06 Company: Microsoft Corporation ---------- Key: clr_optimization_v2.0.50727_64 ImagePath: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 89920 bytes Created: 2009-07-13 22:37 Modified: 2009-06-10 22:39 Company: Microsoft Corporation ---------- Key: clr_optimization_v4.0.30319_32 ImagePath: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 130384 bytes Created: 2010-03-18 13:16 Modified: 2010-03-18 13:16 Company: Microsoft Corporation ---------- Key: clr_optimization_v4.0.30319_64 ImagePath: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 138576 bytes Created: 2010-03-18 14:27 Modified: 2010-03-18 14:27 Company: Microsoft Corporation ---------- Key: clwvd ImagePath: system32\DRIVERS\clwvd.sys C:\Windows\Sysnative\DRIVERS\clwvd.sys 32880 bytes Created: 2010-07-30 09:53 Modified: 2010-07-30 09:53 Company: Windows (R) Win 7 DDK provider ---------- Key: CompositeBus ImagePath: \SystemRoot\system32\drivers\CompositeBus.sys C:\Windows\Sysnative\drivers\CompositeBus.sys 38912 bytes Created: 2011-05-21 07:13 Modified: 2010-11-20 12:33 Company: Microsoft Corporation ---------- Key: dot4 ImagePath: system32\DRIVERS\Dot4.sys C:\Windows\Sysnative\DRIVERS\Dot4.sys 145920 bytes Created: 2009-07-14 02:00 Modified: 2009-07-14 02:00 Company: Microsoft Corporation ---------- Key: Dot4Print ImagePath: system32\DRIVERS\Dot4Prt.sys C:\Windows\Sysnative\DRIVERS\Dot4Prt.sys 19968 bytes Created: 2011-05-21 07:13 Modified: 2010-11-20 12:32 Company: Microsoft Corporation ---------- Key: Dot4Scan ImagePath: system32\DRIVERS\Dot4Scan.sys C:\Windows\Sysnative\DRIVERS\Dot4Scan.sys 13824 bytes Created: 2009-07-14 02:00 Modified: 2009-07-14 02:00 Company: Microsoft Corporation ---------- Key: dot4usb ImagePath: system32\DRIVERS\dot4usb.sys C:\Windows\Sysnative\DRIVERS\dot4usb.sys 43008 bytes Created: 2009-07-14 02:00 Modified: 2009-07-14 02:00 Company: Microsoft Corporation ---------- Key: DpHost ImagePath: C:\Program Files\DigitalPersona\Bin\DpHostW.exe C:\Program Files\DigitalPersona\Bin\DpHostW.exe 445192 bytes Created: 2010-04-23 18:42 Modified: 2010-04-23 18:42 Company: DigitalPersona, Inc. ---------- Key: dtsoftbus01 ImagePath: system32\DRIVERS\dtsoftbus01.sys C:\Windows\Sysnative\DRIVERS\dtsoftbus01.sys 254528 bytes Created: 2011-05-21 09:05 Modified: 2011-05-21 09:05 Company: DT Soft Ltd ---------- Key: ebdrv ImagePath: \SystemRoot\system32\DRIVERS\evbda.sys C:\Windows\Sysnative\DRIVERS\evbda.sys 3286016 bytes Created: 2009-06-10 22:34 Modified: 2009-06-10 22:34 Company: Broadcom Corporation ---------- Key: ElbyCDFL ImagePath: System32\Drivers\ElbyCDFL.sys C:\Windows\Sysnative\Drivers\ElbyCDFL.sys 40648 bytes Created: 2007-02-16 02:57 Modified: 2007-02-16 02:57 Company: SlySoft, Inc. ---------- Key: epmntdrv ImagePath: \??\C:\Windows\system32\epmntdrv.sys C:\Windows\Sysnative\epmntdrv.sys 16776 bytes Created: 2011-07-25 21:19 Modified: 2009-08-26 12:45 Company: [no info] ---------- Key: EuGdiDrv ImagePath: \??\C:\Windows\system32\EuGdiDrv.sys C:\Windows\Sysnative\EuGdiDrv.sys 9096 bytes Created: 2011-07-25 21:19 Modified: 2009-09-16 16:55 Company: [no info] ---------- Key: FontCache3.0.0.0 ImagePath: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 42856 bytes Created: 2011-05-21 07:13 Modified: 2010-11-05 03:53 Company: Microsoft Corporation ---------- Key: Futuremark SystemInfo Service ImagePath: "C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe" C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe 128928 bytes Created: 2011-06-05 19:02 Modified: 2010-11-11 14:39 Company: Futuremark Corporation ---------- Key: HdAudAddService ImagePath: \SystemRoot\system32\drivers\HdAudio.sys C:\Windows\Sysnative\drivers\HdAudio.sys 350208 bytes Created: 2011-05-21 07:13 Modified: 2010-11-20 12:44 Company: Microsoft Corporation ---------- Key: HECIx64 ImagePath: system32\DRIVERS\HECIx64.sys C:\Windows\Sysnative\DRIVERS\HECIx64.sys 56344 bytes Created: 2010-05-01 09:21 Modified: 2010-05-01 09:21 Company: Intel Corporation ---------- Key: HidIr ImagePath: system32\DRIVERS\hidir.sys C:\Windows\Sysnative\DRIVERS\hidir.sys 46592 bytes Created: 2009-07-14 02:06 Modified: 2009-07-14 02:06 Company: Microsoft Corporation ---------- Key: HP Health Check Service ImagePath: "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 125496 bytes Created: 2011-02-23 09:56 Modified: 2011-02-23 09:56 Company: Hewlett-Packard Company ---------- Key: HPDrvMntSvc.exe ImagePath: "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe" C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 92216 bytes Created: 2011-01-25 17:40 Modified: 2011-01-25 17:40 Company: Hewlett-Packard Company ---------- Key: hpdskflt ImagePath: system32\DRIVERS\hpdskflt.sys C:\Windows\Sysnative\DRIVERS\hpdskflt.sys 30008 bytes Created: 2011-05-13 18:58 Modified: 2011-05-13 18:58 Company: Hewlett-Packard Company ---------- Key: HPIR ImagePath: system32\DRIVERS\HPIR.sys C:\Windows\Sysnative\DRIVERS\HPIR.sys 93184 bytes Created: 2011-05-23 18:49 Modified: 2009-11-16 08:28 Company: Hewlett-Packard ---------- Key: hpqwmiex ImagePath: "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 791608 bytes Created: 2011-01-25 17:35 Modified: 2011-01-25 17:35 Company: Hewlett-Packard Company ---------- Key: hpsrv ImagePath: %SystemRoot%\system32\Hpservice.exe C:\Windows\Sysnative\Hpservice.exe 30520 bytes Created: 2011-05-13 18:58 Modified: 2011-05-13 18:58 Company: Hewlett-Packard Company ---------- Key: HPWMISVC ImagePath: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 26680 bytes Created: 2010-11-09 15:20 Modified: 2010-11-09 15:20 Company: Hewlett-Packard Development Company, L.P. ---------- Key: iaStor ImagePath: system32\DRIVERS\iaStor.sys C:\Windows\Sysnative\DRIVERS\iaStor.sys 540696 bytes Created: 2011-05-23 19:04 Modified: 2010-04-13 09:44 Company: Intel Corporation ---------- Key: IAStorDataMgrSvc ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 13336 bytes Created: 2011-05-23 19:05 Modified: 2010-04-13 09:57 Company: Intel Corporation ---------- Key: iaStorV ImagePath: \SystemRoot\system32\drivers\iaStorV.sys C:\Windows\Sysnative\drivers\iaStorV.sys 410496 bytes Created: 2011-05-21 07:14 Modified: 2010-11-20 15:33 Company: Intel Corporation ---------- Key: IDriverT ImagePath: "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 69632 bytes Created: 2005-04-04 00:41 Modified: 2005-04-04 00:41 Company: Macrovision Corporation ---------- Key: idsvc ImagePath: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 856400 bytes Created: 2011-05-21 07:13 Modified: 2010-11-05 03:52 Company: Microsoft Corporation ---------- Key: igfx ImagePath: system32\DRIVERS\igdkmd64.sys C:\Windows\Sysnative\DRIVERS\igdkmd64.sys 10610400 bytes Created: 2010-07-27 23:10 Modified: 2010-07-27 23:10 Company: Intel Corporation ---------- Key: Impcd ImagePath: system32\DRIVERS\Impcd.sys C:\Windows\Sysnative\DRIVERS\Impcd.sys 151936 bytes Created: 2009-10-25 20:39 Modified: 2009-10-25 20:39 Company: Intel Corporation ---------- Key: intelkmd ImagePath: system32\DRIVERS\igdpmd64.sys C:\Windows\Sysnative\DRIVERS\igdpmd64.sys 10610400 bytes Created: 2010-07-27 23:10 Modified: 2010-07-27 23:10 Company: Intel Corporation ---------- Key: iscFlash ImagePath: \??\c:\SwSetup\SP50942\iscflashx64.sys c:\SwSetup\SP50942\iscflashx64.sys - [file not found to scan] ---------- Key: KMService ImagePath: C:\Windows\system32\srvany.exe C:\Windows\system32\srvany.exe 8192 bytes Created: 2011-06-22 13:40 Modified: 2011-06-22 13:40 Company: [no info] ---------- Key: ksthunk ImagePath: \SystemRoot\system32\drivers\ksthunk.sys C:\Windows\Sysnative\drivers\ksthunk.sys 20992 bytes Created: 2009-07-14 02:00 Modified: 2009-07-14 02:00 Company: Microsoft Corporation ---------- Key: LightScribeService ImagePath: "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 73728 bytes Created: 2011-03-04 12:38 Modified: 2011-03-04 12:38 Company: Hewlett-Packard Company ---------- Key: LMS ImagePath: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 325656 bytes Created: 2011-05-23 20:09 Modified: 2010-05-01 09:21 Company: Intel Corporation ---------- Key: Microsoft SharePoint Workspace Audit Service ImagePath: "C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE" /auditservice C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE 30969208 bytes Created: 2010-03-25 10:25 Modified: 2010-03-25 10:25 Company: Microsoft Corporation ---------- Key: msahci ImagePath: system32\drivers\msahci.sys C:\Windows\Sysnative\drivers\msahci.sys 31104 bytes Created: 2011-05-21 07:14 Modified: 2010-11-20 15:33 Company: Microsoft Corporation ---------- Key: mssmbios ImagePath: \SystemRoot\system32\drivers\mssmbios.sys C:\Windows\Sysnative\drivers\mssmbios.sys 32320 bytes Created: 2009-07-14 01:31 Modified: 2009-07-14 03:48 Company: Microsoft Corporation ---------- Key: netr28x ImagePath: system32\DRIVERS\netr28x.sys C:\Windows\Sysnative\DRIVERS\netr28x.sys 1353280 bytes Created: 2011-05-23 20:10 Modified: 2011-03-07 09:55 Company: Ralink Technology, Corp. ---------- Key: ose ImagePath: "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 149352 bytes Created: 2010-01-09 21:18 Modified: 2010-01-09 21:18 Company: Microsoft Corporation ---------- Key: osppsvc ImagePath: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 4925184 bytes Created: 2010-01-09 21:34 Modified: 2010-01-09 21:34 Company: Microsoft Corporation ---------- Key: PerfHost ImagePath: %SystemRoot%\SysWow64\perfhost.exe C:\Windows\SysWow64\perfhost.exe 20992 bytes Created: 2009-07-14 01:11 Modified: 2009-07-14 03:14 Company: Microsoft Corporation ---------- Key: PSI_SVC_2 ImagePath: "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 189728 bytes Created: 2010-03-10 14:26 Modified: 2010-03-10 14:26 Company: Protexis Inc. ---------- Key: RdpVideoMiniport ImagePath: System32\drivers\rdpvideominiport.sys C:\Windows\Sysnative\drivers\rdpvideominiport.sys 20992 bytes Created: 2011-05-21 07:13 Modified: 2010-11-20 13:03 Company: Microsoft Corporation ---------- Key: RSUSBSTOR ImagePath: System32\Drivers\RtsUStor.sys C:\Windows\Sysnative\Drivers\RtsUStor.sys 232992 bytes Created: 2011-05-23 18:49 Modified: 2010-01-11 14:31 Company: Realtek Semiconductor Corp. ---------- Key: RTL8167 ImagePath: system32\DRIVERS\Rt64win7.sys C:\Windows\Sysnative\DRIVERS\Rt64win7.sys 344680 bytes Created: 2011-05-23 20:00 Modified: 2010-06-24 09:10 Company: Realtek ---------- Key: Serenum ImagePath: \SystemRoot\system32\DRIVERS\serenum.sys C:\Windows\Sysnative\DRIVERS\serenum.sys 23552 bytes Created: 2009-07-14 02:00 Modified: 2009-07-14 02:00 Company: Microsoft Corporation ---------- Key: Serial ImagePath: \SystemRoot\system32\DRIVERS\serial.sys C:\Windows\Sysnative\DRIVERS\serial.sys 94208 bytes Created: 2009-07-14 02:00 Modified: 2009-07-14 02:00 Company: Brother Industries Ltd. ---------- Key: STacSV ImagePath: C:\Program Files\IDT\WDM\STacSV64.exe C:\Program Files\IDT\WDM\STacSV64.exe 263168 bytes Created: 2011-05-23 19:58 Modified: 2010-07-22 03:19 Company: IDT, Inc. ---------- Key: STHDA ImagePath: system32\DRIVERS\stwrt64.sys C:\Windows\Sysnative\DRIVERS\stwrt64.sys 515584 bytes Created: 2011-05-23 19:58 Modified: 2010-07-22 03:19 Company: IDT, Inc. ---------- Key: swenum ImagePath: \SystemRoot\system32\drivers\swenum.sys C:\Windows\Sysnative\drivers\swenum.sys 12496 bytes Created: 2009-07-14 02:00 Modified: 2009-07-14 03:45 Company: Microsoft Corporation ---------- Key: Synth3dVsc ImagePath: System32\drivers\synth3dvsc.sys C:\Windows\Sysnative\drivers\synth3dvsc.sys - [file not found to scan] ---------- Key: SynTP ImagePath: system32\DRIVERS\SynTP.sys C:\Windows\Sysnative\DRIVERS\SynTP.sys 1403440 bytes Created: 2010-12-17 02:28 Modified: 2010-12-17 02:28 Company: Synaptics Incorporated ---------- Key: TermDD ImagePath: \SystemRoot\system32\drivers\termdd.sys C:\Windows\Sysnative\drivers\termdd.sys 63360 bytes Created: 2011-05-21 07:14 Modified: 2010-11-20 15:33 Company: Microsoft Corporation ---------- Key: TsUsbFlt ImagePath: system32\drivers\tsusbflt.sys C:\Windows\Sysnative\drivers\tsusbflt.sys 59392 bytes Created: 2011-05-21 07:14 Modified: 2010-11-20 13:07 Company: Microsoft Corporation ---------- Key: tsusbhub ImagePath: system32\drivers\tsusbhub.sys C:\Windows\Sysnative\drivers\tsusbhub.sys - [file not found to scan] ---------- Key: UnlockerDriver5 ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys C:\Program Files\Unlocker\UnlockerDriver5.sys 12352 bytes Created: 2010-07-01 19:11 Modified: 2010-07-01 19:11 Company: [no info] ---------- Key: UNS ImagePath: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 2533400 bytes Created: 2011-05-23 20:09 Modified: 2010-05-01 09:21 Company: Intel Corporation ---------- Key: usbvideo ImagePath: \SystemRoot\System32\Drivers\usbvideo.sys C:\Windows\Sysnative\Drivers\usbvideo.sys 184960 bytes Created: 2011-05-21 07:13 Modified: 2010-11-20 12:44 Company: Microsoft Corporation ---------- Key: vcsFPService ImagePath: C:\Windows\system32\vcsFPService.exe C:\Windows\Sysnative\vcsFPService.exe 2192176 bytes Created: 2010-02-23 07:38 Modified: 2010-02-23 07:38 Company: Validity Sensors, Inc. ---------- Key: VGPU ImagePath: System32\drivers\rdvgkmd.sys C:\Windows\Sysnative\drivers\rdvgkmd.sys - [file not found to scan] ---------- Key: vmbus ImagePath: system32\drivers\vmbus.sys C:\Windows\Sysnative\drivers\vmbus.sys 199552 bytes Created: 2011-05-21 07:14 Modified: 2010-11-20 15:34 Company: Microsoft Corporation ---------- Key: vwifibus ImagePath: system32\DRIVERS\vwifibus.sys C:\Windows\Sysnative\DRIVERS\vwifibus.sys 24576 bytes Created: 2009-07-14 02:07 Modified: 2009-07-14 02:07 Company: Microsoft Corporation ---------- Key: vwififlt ImagePath: system32\DRIVERS\vwififlt.sys C:\Windows\Sysnative\DRIVERS\vwififlt.sys 59904 bytes Created: 2009-07-14 02:07 Modified: 2009-07-14 02:07 Company: Microsoft Corporation ---------- Key: vwifimp ImagePath: system32\DRIVERS\vwifimp.sys C:\Windows\Sysnative\DRIVERS\vwifimp.sys 17920 bytes Created: 2009-07-14 02:07 Modified: 2009-07-14 02:07 Company: Microsoft Corporation ---------- Key: WatAdminSvc ImagePath: %SystemRoot%\system32\Wat\WatAdminSvc.exe C:\Windows\Sysnative\Wat\WatAdminSvc.exe 1255736 bytes Created: 2011-05-18 22:19 Modified: 2011-05-18 22:19 Company: Microsoft Corporation ---------- Key: Wd ImagePath: system32\DRIVERS\wd.sys C:\Windows\Sysnative\DRIVERS\wd.sys 21056 bytes Created: 2009-07-14 01:19 Modified: 2009-07-14 03:45 Company: Microsoft Corporation ---------- Key: WinUSB ImagePath: system32\DRIVERS\WinUSB.sys C:\Windows\Sysnative\DRIVERS\WinUSB.sys 41984 bytes Created: 2011-05-21 07:13 Modified: 2010-11-20 12:43 Company: Microsoft Corporation ---------- ************************************************************ 10:23:26: Scanning -----VXD ENTRIES----- ************************************************************ 10:23:26: Scanning ----- WINLOGON\NOTIFY DLLS ----- No WINLOGON\NOTIFY DLLs found to scan Rootkit scan of Winlogon\Notify key not possible [key may not exist] ************************************************************ 10:23:26: Scanning ----- CONTEXTMENUHANDLERS ----- Key: avast CLSID: {472083B0-C522-11CF-8763-00608CC02F24} Path: C:\Program Files\Alwil Software\Avast5\ashShell.dll C:\Program Files\Alwil Software\Avast5\ashShell.dll 122512 bytes Created: 2011-07-11 17:06 Modified: 2011-07-04 13:43 Company: AVAST Software ---------- Key: Corel.Paint.Shop.Pro.Photo CLSID: {B1D2CD8F-45E9-49d1-838A-AAA5780D94B7} Path: c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu.dll 117904 bytes Created: 2010-07-28 02:24 Modified: 2010-07-28 02:24 Company: [no info] ---------- Key: DVDFAB32 CLSID: {2B896307-03F8-4771-B13F-88176CAC4065} Path: C:\PROGRA~2\DVDFAB~1\DVDFabShellEx32.dll C:\PROGRA~2\DVDFAB~1\DVDFabShellEx32.dll 22520 bytes Created: 2011-05-24 20:27 Modified: 2010-11-16 12:58 Company: Fengtao Software Inc. ---------- Key: DVDFAB64 CLSID: {2B896307-03F8-4771-B13F-88176CAC4066} File: [CLSID does not appear to reference a file] ---------- Key: Eraser CLSID: {BC9B776A-90D7-4476-A791-79D835F30650} File: [CLSID does not appear to reference a file] ---------- Key: LavasoftShellExt CLSID: {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} File: [CLSID does not appear to reference a file] ---------- Key: PPTminimizer CLSID: {92A94EB1-16E9-44D8-A98A-9C3CCE9B25E8} Path: C:\Program Files (x86)\PPTminimizer\PPTMShell.dll C:\Program Files (x86)\PPTminimizer\PPTMShell.dll 75552 bytes Created: 2011-05-25 20:40 Modified: 2008-05-15 13:04 Company: [no info] ---------- Key: WinRAR CLSID: {B41DB860-64E4-11D2-9906-E49FADC173CA} File: [CLSID does not appear to reference a file] ---------- Key: WinRAR32 CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA} Path: C:\Program Files\WinRAR\rarext32.dll C:\Program Files\WinRAR\rarext32.dll 141312 bytes Created: 2011-05-23 14:46 Modified: 2009-08-16 17:06 Company: Alexander Roshal ---------- Key: XXX Groove GFS Context Menu Handler XXX CLSID: {6C467336-8281-4E60-8204-430CED96822D} Path: C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL 4222864 bytes Created: 2010-03-25 10:25 Modified: 2010-03-25 10:25 Company: Microsoft Corporation ---------- Key: {A4FD8DDB-5800-4414-97F9-7457AC8EE4F0} Path: C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBShell.dll 681256 bytes Created: 2010-04-03 01:27 Modified: 2010-04-03 01:27 Company: Nero AG ---------- Key: {F764812A-132C-4013-9960-5CBBEB408A0E} Path: C:\Program Files (x86)\Common Files\Nero\NeroShellExt\\NeroShellExt.dll C:\Program Files (x86)\Common Files\Nero\NeroShellExt\NeroShellExt.dll 918824 bytes Created: 2010-03-24 13:02 Modified: 2010-03-24 13:02 Company: Nero AG ---------- ************************************************************ 10:23:27: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key: {8EF5DC20-419C-4E43-A088-DE5B5625CA47} File: [CLSID does not appear to reference a file] Key: {F9DB5320-233E-11D1-9F84-707F02C10627} File: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll 394136 bytes Created: 2011-06-06 12:55 Modified: 2011-06-06 12:55 Company: Adobe Systems, Inc. ---------- ************************************************************ 10:23:28: Scanning ----- BROWSER HELPER OBJECTS ----- Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} BHO: C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} BHO: C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll 820864 bytes Created: 2011-07-11 17:06 Modified: 2011-07-04 13:43 Company: AVAST Software ---------- Key: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} BHO: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll 1164680 bytes Created: 2011-05-16 17:06 Modified: 2011-05-16 17:06 Company: Skype Technologies S.A. ---------- Key: {B4F3A835-0E21-4959-BA22-42B3008E02FF} BHO: C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL 561552 bytes Created: 2010-02-28 02:20 Modified: 2010-02-28 02:20 Company: Microsoft Corporation ---------- Key: {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} BHO: C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL C:\PROGRA~2\ALLPLA~1\Iplex\IPLEXT~1.DLL 400384 bytes Created: 2011-05-21 09:20 Modified: 2011-02-09 19:29 Company: ALLCinema Ltd. ---------- ************************************************************ 10:23:28: Scanning ----- SHELLSERVICEOBJECTS ----- ************************************************************ 10:23:28: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- No SharedTaskScheduler entries found to scan ************************************************************ 10:23:28: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ************************************************************ 10:23:28: Scanning ----- APPINIT_DLLS ----- The AppInit_DLLs value is blank or does not exist ************************************************************ 10:23:29: Scanning ----- SECURITY PROVIDER DLLS ----- ************************************************************ 10:23:29: Scanning ------ COMMON STARTUP GROUP ------ [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup] The Common Startup Group attempts to load the following file(s) at boot time: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 2009-07-14 06:54 Modified: 2009-07-14 06:54 Company: [no info] -------------------- ************************************************************ 10:23:29: Scanning ----- USER STARTUP GROUPS ----- Checking Startup Group for: Bogutek [C:\Users\Bogutek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup] C:\Users\Bogutek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -HS- 174 bytes Created: 2011-05-18 21:00 Modified: 2011-05-23 19:37 Company: [no info] ---------- -------------------- ************************************************************ 10:23:29: Scanning ----- SCHEDULED TASKS ----- Taskname: {00DEAADC-84D0-44E9-AB0A-B325EEF41DAB} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Bogutek\Downloads\sp49094.exe -d C:\Users\Bogutek\Downloads ---------- Taskname: {589D12BA-8F95-4359-B690-30E263DEA37C} File: C:\Windows\system32\msiexec.exe C:\Windows\system32\msiexec.exe 73216 bytes Created: 2011-05-21 07:13 Modified: 2010-11-20 14:17 Company: Microsoft Corporation Parameters: /package "C:\Users\Bogutek\Downloads\Paragon.Partition.Manager.v10.0\fo-pm10.msi" Schedule: At task creation/modification Next Run Time: Status: Ready Creator: Comments: ---------- Taskname: {64DE2E5D-6167-44A8-8E97-A72B08E6C7B8} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Bogutek\Downloads\sp50180.exe -d C:\Users\Bogutek\Downloads ---------- Taskname: {7B8BBD92-3237-43C4-A2B7-4CA749E2BAB2} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Bogutek\Downloads\sp50783.exe -d C:\Users\Bogutek\Downloads ---------- Taskname: {8C2784DF-2801-434C-AA4B-1795977029CE} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Bogutek\Downloads\sp50791.exe -d C:\Users\Bogutek\Downloads ---------- Taskname: {990BB7FD-475F-40E3-84B1-BE61E0F6C7E7} File: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Skype\Phone\Skype.exe -R- 15141768 bytes Created: 2011-06-15 15:02 Modified: 2011-06-15 15:02 Company: Skype Technologies S.A. Schedule: At task creation/modification Next Run Time: Status: Ready Creator: SkypeSetupLight Comments: ---------- Taskname: {B598D5D9-F6BC-4ED6-A2C6-8A4C19441E34} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Bogutek\Downloads\sp50785.exe -d C:\Users\Bogutek\Downloads ---------- Taskname: {E0CBFDB0-F79A-4049-ABD3-EE5DB75A2DB3} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Bogutek\Downloads\sp50498.exe -d C:\Users\Bogutek\Downloads ---------- Taskname: {EEE632C4-3959-430B-88D4-7D8BBECDD12C} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Bogutek\Downloads\sp49452.exe -d C:\Users\Bogutek\Downloads ---------- Taskname: {F5BB92EB-DDBB-46BC-8909-49329326B29D} File: C:\Windows\system32\pcalua.exe - globally excluded Parameters: -a C:\Users\Bogutek\Downloads\sp50935.exe -d C:\Users\Bogutek\Downloads ---------- Taskname: CreateChoiceProcessTask File: C:\Windows\Sysnative\browserchoice.exe C:\Windows\Sysnative\browserchoice.exe 294912 bytes Created: 2011-05-18 21:43 Modified: 2010-02-23 10:16 Company: Microsoft Corporation Parameters: /launch Schedule: At task creation/modification Next Run Time: Status: Ready Creator: BrowserChoice Comments: ---------- Taskname: MirageAgent File: C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe 136488 bytes Created: 2010-07-30 09:53 Modified: 2010-07-30 09:53 Company: CyberLink Schedule: At logon Next Run Time: Status: Running Creator: CyberLink Comments: ---------- Taskname: SpyHunter3 File: C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter3.exe Parameters: /s Schedule: At logon Next Run Time: Status: Ready Creator: Bogutek Comments: C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter3.exe - [file not found to scan] ---------- Taskname: User_Feed_Synchronization-{904784E9-F801-4C2D-9D6E-A86825E2873E} File: C:\Windows\Sysnative\msfeedssync.exe C:\Windows\Sysnative\msfeedssync.exe 10752 bytes Created: 2011-05-18 22:58 Modified: 2011-05-18 22:58 Company: Microsoft Corporation Parameters: sync Schedule: At 08:26:20 every day Next Run Time: 2011-08-20 10:26:20 Status: Ready Creator: Bogutek-PC\Bogutek Comments: Aktualizacja nieaktualnych systemowych Ÿródeł danych. ---------- ************************************************************ 10:23:31: Scanning ----- SHELLICONOVERLAYIDENTIFIERS ----- Key: Groove Explorer Icon Overlay 1 (GFS Unread Stub) CLSID: {99FD978C-D287-4F50-827F-B2C658EDA8E7} File: C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: Groove Explorer Icon Overlay 2 (GFS Stub) CLSID: {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} File: C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) CLSID: {920E6DB1-9907-4370-B3A0-BAFC03D81399} File: C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: Groove Explorer Icon Overlay 3 (GFS Folder) CLSID: {16F3DD56-1AF5-4347-846D-7C10C4192619} File: C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: Groove Explorer Icon Overlay 4 (GFS Unread Mark) CLSID: {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} File: C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL - file already scanned ---------- Key: SharingPrivate CLSID: {08244EE6-92F0-47f2-9FC9-929BAA2E7235} File: %SystemRoot%\system32\ntshrui.dll C:\Windows\Sysnative\ntshrui.dll 509952 bytes Created: 2011-05-21 07:14 Modified: 2010-11-20 15:27 Company: Microsoft Corporation ---------- ************************************************************ 10:23:32: Scanning ----- DEVICE DRIVER ENTRIES ----- Value: msacm.l3acm File: C:\Windows\SysWOW64\l3codeca.acm C:\Windows\SysWOW64\l3codeca.acm 64000 bytes Created: 2009-07-14 02:07 Modified: 2009-07-14 03:14 Company: Fraunhofer Institut Integrierte Schaltungen IIS ---------- Value: msacm.dvacm File: c:\PROGRA~2\COMMON~1\ULEADS~1\Vio\Dvacm.acm c:\PROGRA~2\COMMON~1\ULEADS~1\Vio\Dvacm.acm 20480 bytes Created: 2011-01-05 16:46 Modified: 2011-01-05 16:46 Company: Corel TW Corp. ---------- ************************************************************ 10:23:32: ----- ADDITIONAL CHECKS ----- Heuristic checks for hidden files/drivers completed ---------- Layered Service Provider entries checks completed ---------- Windows Explorer Policies checks completed ---------- Desktop Wallpaper: C:\Users\Bogutek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg C:\Users\Bogutek\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg 287153 bytes Created: 2011-03-06 01:03 Modified: 2011-07-27 18:28 Company: [no info] ---------- Web Desktop Wallpaper entry is blank ---------- Checks for rogue DNS NameServers completed ---------- Additional checks completed ************************************************************ 10:23:33: Scanning ----- RUNNING PROCESSES ----- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe 625416 bytes Created: 2010-04-23 18:42 Modified: 2010-04-23 18:42 Company: DigitalPersona, Inc. -------------------- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe 1590840 bytes Created: 2010-09-28 14:03 Modified: 2010-09-28 14:03 Company: Hewlett-Packard -------------------- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 924632 bytes Created: 2011-05-18 22:57 Modified: 2011-06-16 06:51 Company: Mozilla Corporation -------------------- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 16856 bytes Created: 2011-05-18 22:57 Modified: 2011-06-16 06:51 Company: Mozilla Corporation -------------------- C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe FileSize: 4678576 [This is a Trojan Remover component] -------------------- ************************************************************ 10:23:34: Checking HOSTS file No malicious entries were found in the HOSTS file ************************************************************ ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\SysWOW64\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": http://go.microsoft.com/fwlink/?LinkId=69157 HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": http://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page": This value is blank HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\Windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page": http://go.microsoft.com/fwlink/?LinkId=54896 ************************************************************ === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES === Scan completed at: 10:23:34 20 sie 2011 Total Scan time: 00:00:33 ************************************************************