x-kom hosting

Czyszczenie laptopa, naprawa błędów

Shimek
utworzono
utworzono (edytowane)

Witam, przez rok nazbierało mi się bardzo dużo smieci na komputerze a jego wydajność spadła i pojawia sie masa błędów pokroju 0xc00007b robiłem to co kazali w intranecie ale nic nie pomogło. 

 

Jako że mam problem to bede wrzucał logi pojedynczo bo gdy chciałem wszystko na raz to już 3x mi wywaliło jakiś błąd. 

 

OTL

[log]OTL logfile created on: 2013-12-25 10:37:43 - Run 1

 

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LENOVO\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,95 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,66% Memory free
7,89 Gb Paging File | 5,96 Gb Available in Paging File | 75,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,20 Gb Total Space | 85,87 Gb Free Space | 12,55% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 26,11 Gb Free Space | 89,14% Space Free | Partition Type: NTFS
Drive F: | 5,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 1,84 Gb Total Space | 1,43 Gb Free Space | 77,63% Space Free | Partition Type: FAT
 
Computer Name: LENOVO-KOMPUTER | User Name: LENOVO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-12-25 10:35:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LENOVO\Downloads\OTL.exe
PRC - [2013-12-08 18:08:07 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013-11-08 21:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013-11-08 21:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013-10-23 17:33:19 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
PRC - [2013-07-07 16:22:50 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-01-03 13:05:36 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012-12-13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2012-11-29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012-08-21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011-10-01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011-10-01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011-08-14 22:24:10 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011-01-29 00:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011-01-12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011-01-12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010-12-21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010-12-21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013-12-04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013-12-04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013-12-04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013-12-04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013-12-04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013-02-13 12:36:16 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013-01-10 18:29:08 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013-01-10 18:29:08 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013-01-10 09:37:06 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013-01-10 09:36:42 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013-01-10 09:36:33 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013-01-10 09:36:29 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013-01-10 09:36:26 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013-01-10 09:36:26 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013-01-10 09:36:20 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011-08-14 22:24:10 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011-08-14 13:30:04 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011-02-16 18:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011-02-16 18:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010-11-13 03:37:37 | 000,311,296 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013-12-08 12:32:42 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2013-11-08 21:47:21 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2011-05-12 17:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011-05-02 15:27:50 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011-05-02 15:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011-05-02 15:10:26 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010-09-22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-12-16 18:51:22 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013-11-08 21:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-10-23 17:33:19 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe -- (dealplylivem)
SRV - [2013-10-23 17:33:19 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) [Auto | Stopped] -- C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe -- (dealplylive)
SRV - [2013-07-07 16:22:50 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013-05-11 23:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-04-04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-12-13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2012-11-29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012-11-19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-08-21 14:43:58 | 000,794,272 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012-04-30 17:17:38 | 000,104,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011-10-01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011-10-01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011-01-12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010-12-21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-12-21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007-05-31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013-10-23 11:30:23 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013-09-28 00:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013-04-04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-04-03 08:58:08 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2013-04-03 08:58:08 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2013-04-03 08:58:08 | 000,158,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2013-04-03 08:58:08 | 000,038,080 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2013-04-03 08:58:08 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2013-01-06 17:25:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-10-01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011-10-01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011-10-01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011-10-01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011-08-14 22:29:45 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011-08-14 22:29:43 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011-08-14 22:22:35 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan)
DRV:64bit: - [2011-08-14 22:22:35 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
DRV:64bit: - [2011-08-14 13:36:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-08-14 13:36:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-05-13 01:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011-05-13 01:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011-05-13 01:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011-05-13 01:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011-05-13 01:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011-05-13 01:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011-05-09 21:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011-05-01 15:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011-03-26 02:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-03-21 06:42:52 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011-01-29 00:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011-01-12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-12-13 04:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010-12-01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-10-15 09:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010-03-02 19:50:54 | 000,038,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HybridDiskX64.sys -- (HybridDisk)
DRV:64bit: - [2010-03-02 19:50:38 | 000,013,920 | ---- | M] (Lenovo.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\HybridCFileX64.sys -- (hybridcfile)
DRV:64bit: - [2009-07-21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013-03-14 13:36:18 | 000,017,160 | ---- | M] (XFire) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Xfire2\XFDriver64.sys -- (XFDriver64)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c..._S0RUNYAB604258
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c..._S0RUNYAB604258
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c..._S0RUNYAB604258
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c..._S0RUNYAB604258
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.lenovo.com
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =http://www.lenovo.com
 
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =http://start.qone8.c..._S0RUNYAB604258
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =http://www.lenovo.com/ [binary data]
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =http://start.qone8.c..._S0RUNYAB604258
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" =http://www2.delta-se...120695&tsp=5007
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" =http://start.qone8.c...q={searchTerms}
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =http://www.google.co...1I7LENN_plPL500
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" =http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" =http://websearch.sof...q={searchTerms}
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..browser.startup.homepage: ""
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013-01-03 13:05:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-03 13:05:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xz123@ya456.com: C:\Program Files (x86)\BetterSurf\ff [2013-11-23 01:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12x3q@3244516.com: C:\Program Files (x86)\Better-Surf\ff [2013-11-25 22:47:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@bettersurfplus.com: C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [2013-12-11 00:52:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha872.net: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\ff [2013-12-21 17:01:42 | 000,000,000 | ---D | M]
 
[2013-05-26 22:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Extensions
[2013-12-08 13:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Firefox\Profiles\kd9he9xy.default\extensions
[2013-10-23 17:33:18 | 000,000,000 | ---D | M] (DealPly  Shopping) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Firefox\Profiles\kd9he9xy.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}
[2013-10-23 17:32:45 | 000,000,000 | ---D | M] (LemurLeap) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Firefox\Profiles\kd9he9xy.default\extensions\firefox@lemurleap.info
[2013-09-16 22:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013-05-26 22:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-05-26 22:57:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-12-21 17:01:42 | 000,000,000 | ---D | M] (Webexp Enhanced) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA872\FF
[2013-10-23 17:33:07 | 000,000,665 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qone8.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: No name found = C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\
CHR - Extension: Google Wallet = C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Better Surf Plus) - {1824FF90-C98E-48A6-838F-E3B6572B0C77} - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll File not found
O2 - BHO: (Webexp Enhanced) - {f4b8af81-d6cc-4c27-bbd7-2b22617cdb75} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\ie\WebexpEnhancedV1alpha872.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKU\S-1-5-18..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB File not found
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [Spotify Web Helper] C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_45)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F810A68-84E5-4561-B3D1-DFEC470A3F73}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6F30F37-AD2C-4EDA-B51D-7BDD9EEF212C}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll) -  File not found
O20:64bit: - AppInit_DLLs: (c:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-07-31 22:02:08 | 000,227,212 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
O32 - AutoRun File - [2012-09-25 00:06:33 | 000,000,040 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{12203ea3-55d2-11e2-bc16-402cf452c667}\Shell - "" = AutoRun
O33 - MountPoints2\{12203ea3-55d2-11e2-bc16-402cf452c667}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg)
O33 - MountPoints2\{7d1ebd69-f80c-11e1-bdd7-402cf452c667}\Shell - "" = AutoRun
O33 - MountPoints2\{7d1ebd69-f80c-11e1-bdd7-402cf452c667}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg)
O33 - MountPoints2\{bded9453-f4f6-11e2-bcee-402cf452c667}\Shell - "" = AutoRun
O33 - MountPoints2\{bded9453-f4f6-11e2-bcee-402cf452c667}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bded9469-f4f6-11e2-bcee-402cf452c667}\Shell - "" = AutoRun
O33 - MountPoints2\{bded9469-f4f6-11e2-bcee-402cf452c667}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-12-25 10:35:28 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\Raporty
[2013-12-25 10:09:57 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Urządzenia interfejsu Bluetooth
[2013-12-25 10:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2013-12-21 17:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebexpEnhancedV1
[2013-12-15 22:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013-12-08 17:56:54 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Carambis
[2013-12-08 17:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carambis
[2013-12-08 17:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carambis
[2013-12-08 17:56:22 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Local\TempDIR
[2013-12-08 12:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\FARO
[2013-12-08 12:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2013-12-08 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Local\Autodesk
[2013-12-08 12:28:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Autodesk
[2013-12-08 12:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2013-12-08 12:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2013-12-08 12:27:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2013-12-08 12:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2013-12-08 12:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2013-12-08 12:20:07 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Autodesk
[2013-12-08 12:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2013-12-08 11:37:29 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Xfire
[2013-12-08 11:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Xfire
[2013-12-08 11:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire2
[2013-12-08 11:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire2
[2013-12-08 11:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2013-12-08 11:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013-12-08 11:32:38 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Local\cache
[2013-12-08 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Documents\Mobogenie
[2013-12-08 11:32:37 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Local\Mobogenie
[2013-12-08 11:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013-12-06 08:51:21 | 000,000,000 | ---D | C] -- C:\Intel
[2013-11-25 22:47:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Better-Surf
[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013-12-25 10:16:53 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-12-25 10:16:53 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-12-25 10:15:22 | 001,676,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013-12-25 10:15:22 | 000,743,058 | ---- | M] () -- C:\windows\SysNative\perfh015.dat
[2013-12-25 10:15:22 | 000,656,594 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013-12-25 10:15:22 | 000,156,786 | ---- | M] () -- C:\windows\SysNative\perfc015.dat
[2013-12-25 10:15:22 | 000,122,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013-12-25 10:09:51 | 000,001,062 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-12-25 10:09:21 | 000,000,286 | ---- | M] () -- C:\windows\tasks\RMAutoUpdate.job
[2013-12-25 10:09:18 | 000,000,360 | ---- | M] () -- C:\windows\tasks\AmiUpdXp.job
[2013-12-25 10:09:11 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-12-25 10:09:05 | 000,000,350 | ---- | M] () -- C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013-12-25 10:08:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013-12-25 10:08:14 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2013-12-24 19:56:08 | 000,000,286 | ---- | M] () -- C:\windows\tasks\RMSchedule.job
[2013-12-16 22:12:01 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-12-16 22:10:59 | 000,064,103 | ---- | M] () -- C:\Users\LENOVO\Desktop\1472119_549260008485895_773149106_n.jpg
[2013-12-08 18:05:16 | 000,005,033 | ---- | M] () -- C:\ProgramData\mtbjfghn.xbe
[2013-12-08 17:56:54 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Driver Updater.lnk
[2013-12-08 17:39:25 | 000,509,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013-12-08 17:20:20 | 017,053,578 | ---- | M] () -- C:\Users\LENOVO\Desktop\SIPS.rar
[2013-12-08 12:37:11 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk ReCap.lnk
[2013-12-08 12:36:31 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 360.lnk
[2013-12-08 12:33:23 | 000,000,153 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013-12-08 12:32:02 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk
[2013-12-08 12:24:42 | 001,649,090 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013-12-08 12:14:26 | 000,001,061 | ---- | M] () -- C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2013-12-08 11:37:09 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2013-12-08 11:35:20 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013-11-26 12:08:33 | 000,007,606 | ---- | M] () -- C:\Users\LENOVO\AppData\Local\Resmon.ResmonCfg
[3 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013-12-16 22:10:58 | 000,064,103 | ---- | C] () -- C:\Users\LENOVO\Desktop\1472119_549260008485895_773149106_n.jpg
[2013-12-08 18:05:16 | 000,005,033 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2013-12-08 17:56:54 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Driver Updater.lnk
[2013-12-08 17:20:19 | 017,053,578 | ---- | C] () -- C:\Users\LENOVO\Desktop\SIPS.rar
[2013-12-08 12:37:11 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk ReCap.lnk
[2013-12-08 12:36:31 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 360.lnk
[2013-12-08 12:33:23 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013-12-08 12:32:02 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk
[2013-12-08 12:14:25 | 000,001,061 | ---- | C] () -- C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2013-12-08 11:37:09 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2013-12-08 11:35:20 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013-11-25 11:16:23 | 000,007,021 | ---- | C] () -- C:\Users\LENOVO\Desktop\jolo.rtf
[2013-10-16 20:55:56 | 000,000,977 | ---- | C] () -- C:\Users\LENOVO\AppData\Local\recently-used.xbel
[2013-09-21 17:27:26 | 000,007,606 | ---- | C] () -- C:\Users\LENOVO\AppData\Local\Resmon.ResmonCfg
[2013-07-07 15:08:38 | 000,000,331 | ---- | C] () -- C:\windows\game.ini
[2013-02-05 16:52:54 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2013-02-05 16:52:50 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2013-02-05 16:52:50 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2013-02-05 16:52:50 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2013-02-05 16:52:50 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2013-01-02 22:57:03 | 000,000,367 | ---- | C] () -- C:\Program Files (x86)\conquer.ini
[2012-12-28 22:04:22 | 000,036,352 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll
[2012-12-01 17:24:36 | 000,281,688 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012-12-01 17:24:35 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012-10-12 01:50:40 | 000,049,738 | ---- | C] () -- C:\Program Files (x86)\AutoMapa EU.md5
[2012-09-29 23:50:28 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012-09-29 23:50:28 | 000,243,200 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2012-09-29 23:50:28 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\lagarith.dll
[2012-09-29 23:50:28 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2012-09-29 23:50:26 | 000,112,640 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012-09-22 12:51:41 | 000,361,096 | ---- | C] () -- C:\windows\SysWow64\lead3dengine.dll
[2012-09-08 23:09:27 | 000,000,243 | ---- | C] () -- C:\Users\LENOVO\AppData\Roaming\GPU Meter_Settings.ini
[2012-09-08 23:08:01 | 000,000,532 | ---- | C] () -- C:\Users\LENOVO\AppData\Roaming\All CPU MeterV3_Settings.ini
 
========== ZeroAccess Check ==========
 
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013-12-06 08:20:38 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\.minecraft
[2013-12-08 12:27:59 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Autodesk
[2013-09-19 08:57:58 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Awesomium
[2013-12-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\calibre
[2013-12-08 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Carambis
[2013-03-20 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Cream Software
[2013-12-08 12:18:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\DAEMON Tools Lite
[2013-10-23 17:33:19 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Dealply
[2012-09-09 10:08:14 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\dll-files.com
[2012-09-22 18:33:52 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\EasyCapture
[2012-09-07 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Hive Cluster
[2013-05-02 18:06:54 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\iPumper
[2012-10-17 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\IrfanView
[2012-09-07 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\LolClient
[2013-11-07 12:33:26 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Milestone
[2012-12-09 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Mount&Blade Warband
[2012-09-22 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\NapiProjekt
[2013-05-20 08:51:00 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Samsung
[2012-11-15 03:25:45 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\SoftGrid Client
[2013-05-18 17:51:44 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Softland
[2013-12-08 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotify
[2013-09-16 22:10:35 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotydl
[2013-11-23 17:55:49 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\State of Decay
[2013-05-18 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\StatSoft
[2013-09-16 22:04:34 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\systweak
[2012-09-21 18:01:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TP
[2013-09-23 14:03:16 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TS3Client
[2013-09-20 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Unified Remote
[2013-12-25 10:10:46 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\uTorrent
[2013-03-23 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Wargaming.net
[2013-09-11 09:55:32 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< C:\*.* >
[2013-07-31 22:02:08 | 000,227,212 | ---- | M] () -- C:\AutoMapaSetupLog.txt
[2013-05-02 18:06:55 | 000,000,000 | ---- | M] () -- C:\END
[2013-12-08 13:23:15 | 002,384,644 | ---- | M] () -- C:\FaceProv.log
[2013-12-25 10:08:14 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2013-12-25 10:08:20 | 4236,099,584 | -HS- | M] () -- C:\pagefile.sys
[2011-08-14 21:59:35 | 000,002,150 | ---- | M] () -- C:\RHDSetup.log
[2013-05-14 07:15:32 | 000,357,814 | ---- | M] () -- C:\SDK Manager.exe
[2009-07-14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009-07-14 06:08:49 | 000,032,604 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2011-08-14 22:20:05 | 000,001,058 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011-08-14 22:20:05 | 000,001,062 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013-01-15 17:44:23 | 000,000,286 | ---- | C] () -- C:\windows\Tasks\RMSchedule.job
[2013-01-15 19:00:00 | 000,000,286 | ---- | C] () -- C:\windows\Tasks\RMAutoUpdate.job
[2013-06-03 11:08:43 | 000,000,350 | ---- | C] () -- C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013-10-23 17:32:32 | 000,000,360 | ---- | C] () -- C:\windows\Tasks\AmiUpdXp.job
 
< D:\*.* >
[1 D:\*.tmp files -> D:\*.tmp -> ]
 
< E:\*.* >
 
< F:\*.* >
[2012-09-25 00:06:33 | 000,000,040 | R--- | M] () -- F:\autorun.inf
[2012-09-29 13:15:12 | 000,023,558 | R--- | M] () -- F:\icon.ico
[2012-09-28 18:48:08 | 998,655,488 | R--- | M] () -- F:\setup-1.bin
[2012-09-28 18:57:55 | 1000,000,000 | R--- | M] () -- F:\setup-2.bin
[2012-09-28 19:04:53 | 1000,000,000 | R--- | M] () -- F:\setup-3.bin
[2012-09-28 19:09:14 | 1000,000,000 | R--- | M] () -- F:\setup-4.bin
[2012-09-28 19:15:34 | 1000,000,000 | R--- | M] () -- F:\setup-5.bin
[2012-09-28 19:23:50 | 1000,000,000 | R--- | M] () -- F:\setup-6.bin
[2012-09-28 19:25:09 | 072,691,766 | R--- | M] () -- F:\setup-7.bin
[2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg) -- F:\Setup.exe
 
< G:\*.* >
[2013-11-11 11:11:02 | 000,000,512 | -H-- | M] () -- G:\NIKON001.DSC
[2011-11-21 21:22:42 | 000,022,059 | ---- | M] () -- G:\1.5Sciaga - bramki logiczne (kolos 2).docx
[2011-11-21 21:22:44 | 000,510,432 | ---- | M] () -- G:\1.6Sciaga - klad sterowania silnikiem (kolos 2).docx
[2011-11-21 21:22:44 | 000,054,272 | ---- | M] () -- G:\ciaga - bramki logiczne (kolos 2).doc
[2011-11-21 21:22:46 | 003,208,192 | ---- | M] () -- G:\ciaga - klad sterowania silnikiem (kolos 2).doc
[2013-12-05 13:36:58 | 000,181,078 | ---- | M] () -- G:\sciaga new.docx
[2013-12-08 23:19:06 | 000,385,536 | ---- | M] () -- G:\PID Grupa 3 (1).doc
 
< H:\*.* >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %APPDATA%\*. >
[2013-12-06 08:20:38 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\.minecraft
[2013-03-25 20:34:40 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Adobe
[2013-12-08 12:27:59 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Autodesk
[2013-09-19 08:57:58 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Awesomium
[2013-12-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\calibre
[2013-12-08 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Carambis
[2013-03-20 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Cream Software
[2012-09-06 08:49:25 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\CyberLink
[2013-12-08 12:18:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\DAEMON Tools Lite
[2013-10-23 17:33:19 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Dealply
[2012-09-09 10:08:14 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\dll-files.com
[2013-10-30 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\dvdcss
[2012-09-22 18:33:52 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\EasyCapture
[2012-09-06 19:00:32 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Google
[2012-09-07 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Hive Cluster
[2012-08-20 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Identities
[2012-08-20 19:49:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Intel
[2012-08-20 19:49:40 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Intel Corporation
[2013-05-02 18:06:54 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\iPumper
[2012-10-17 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\IrfanView
[2012-09-07 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\LolClient
[2013-03-18 10:04:55 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Macromedia
[2013-05-20 09:21:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Malwarebytes
[2011-02-22 12:42:06 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Media Center Programs
[2013-12-04 16:07:57 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Media Player Classic
[2013-12-08 19:49:43 | 000,000,000 | --SD | M] -- C:\Users\LENOVO\AppData\Roaming\Microsoft
[2013-11-07 12:33:26 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Milestone
[2012-12-09 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Mount&Blade Warband
[2013-05-26 22:57:34 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Mozilla
[2012-09-22 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\NapiProjekt
[2013-03-17 15:28:55 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\NVIDIA
[2013-03-24 22:11:36 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Real
[2013-01-03 13:06:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\RealNetworks
[2013-05-20 08:51:00 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Samsung
[2012-09-08 07:58:53 | 000,000,000 | RH-D | M] -- C:\Users\LENOVO\AppData\Roaming\SecuROM
[2013-07-14 23:57:44 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Skype
[2012-11-15 03:25:45 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\SoftGrid Client
[2013-05-18 17:51:44 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Softland
[2013-12-08 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotify
[2013-09-16 22:10:35 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotydl
[2013-11-23 17:55:49 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\State of Decay
[2013-05-18 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\StatSoft
[2013-09-16 22:04:34 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\systweak
[2012-09-21 18:01:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TP
[2013-09-23 14:03:16 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TS3Client
[2013-09-20 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Unified Remote
[2013-12-25 10:10:46 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\uTorrent
[2013-12-22 20:03:04 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\vlc
[2013-03-23 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Wargaming.net
[2013-12-01 10:51:04 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Winamp
[2013-09-11 09:55:32 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Windows Live Writer
[2012-09-06 11:53:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\WinRAR
[2013-12-25 10:10:25 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Xfire
 
< %SYSTEMDRIVE%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: BEEP.SYS  >
[2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\windows\SysNative\drivers\beep.sys
[2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys
 
< MD5 for: EXPLORER.EXE  >
[2011-08-14 13:35:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-08-14 13:35:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011-08-14 13:35:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-08-14 13:35:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-11-21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-08-14 13:35:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011-08-14 13:35:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010-11-21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: NTFS.SYS  >
[2010-11-21 04:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2011-08-14 13:36:04 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[2011-08-14 13:36:04 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys
[2012-08-31 18:57:17 | 001,687,408 | ---- | M] (Microsoft Corporation) MD5=B2746D84DDF68D09B41B72DF745CCBA6 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_052b7b9d4ca0cf8b\ntfs.sys
[2012-08-31 19:19:35 | 001,659,760 | ---- | M] (Microsoft Corporation) MD5=E453ACF4E7D44E5530B5D5F2B9CA8563 -- C:\windows\SysNative\drivers\ntfs.sys
[2012-08-31 19:19:35 | 001,659,760 | ---- | M] (Microsoft Corporation) MD5=E453ACF4E7D44E5530B5D5F2B9CA8563 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_0477c74a33a2859a\ntfs.sys
 
< MD5 for: SVCHOST.EXE  >
[2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013-04-04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009-07-14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009-07-14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010-11-21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010-11-21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010-11-21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010-11-21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013-04-04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2010-11-21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\windows\system32\ws2_32.dll
[3 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
< %systemroot%\system32\kernel32.dll /md5 >
[2012-11-30 05:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=AC0B6F41882FC6ED186962D770EBF1D2 -- C:\windows\system32\kernel32.dll
[3 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
< %systemroot%\system32\user32.dll /md5 >
[2010-11-21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\windows\system32\user32.dll
[3 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.* /lockedfiles >
[2013-09-27 23:04:08 | 000,032,604 | ---- | M] () Unable to obtain MD5 -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Restore Points Found ==========
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Users\All Users] ->  -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\Users\All Users\Temp:373E1720
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 118 bytes -> C:\Users\All Users\Temp:D1B5B4F1
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:D1B5B4F1
 

< End of report >[/log]

[log]OTL Extras logfile created on: 2013-12-25 10:37:43 - Run 1

 

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LENOVO\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,95 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 56,66% Memory free
7,89 Gb Paging File | 5,96 Gb Available in Paging File | 75,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,20 Gb Total Space | 85,87 Gb Free Space | 12,55% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 26,11 Gb Free Space | 89,14% Space Free | Partition Type: NTFS
Drive F: | 5,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 1,84 Gb Total Space | 1,43 Gb Free Space | 77,63% Space Free | Partition Type: FAT
 
Computer Name: LENOVO-KOMPUTER | User Name: LENOVO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00284394-2116-4149-BB35-2CF5B9BA8CF0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{015E5DC5-50C2-477B-B905-593FED13FEB1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{01609325-7311-4A00-BD86-B534D5FC2305}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{05AB83EB-106E-4EFF-868A-5AAED1E9D2A4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{074DBF41-6A20-4F0D-AEE2-AF5AA2D48773}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{08AB2D4A-E1E4-4C4D-B70C-F767DC3E160E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{0C02F7C2-8898-426C-B1A0-C5270FA52C93}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{0D0E1ABC-C63E-4300-89FE-A396F55BFD07}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0EA7551E-791E-4799-AAED-40FA925A0A5A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{0FA1652D-EA08-487A-83C3-71A9789B6D51}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{1132620B-DC85-483C-BB0C-757D652640B3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{13D95EE3-7292-42EE-90EB-117EAE0A059B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{144321A8-AFDE-4759-A1A1-9E7576414BA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{16421530-85BD-4F7B-8966-C0904A62F71D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{183988D9-8B39-4428-B7FC-BEF0B7B92920}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{1DAA1024-5FD2-4DF3-B033-8B107DDE30F6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{20CD04E5-8C83-4F30-A393-4C7CBF16F9F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{22839C91-349E-48FA-93B1-F2FCD79A4C2F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{247D7930-E24E-4B12-82E9-53646FAAA258}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{27CEA744-5515-4E5D-A040-1E10385E0E94}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{280883F2-7D9B-4CDC-9538-CBAAC44527CE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{2D5B442F-F175-4DB0-A87D-4595BAA16E31}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{2E3B9F3F-FE32-4F5B-A504-0F54CBE74549}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{31F61F4D-5A00-4D03-9A50-53FE793BCB91}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service | 
"{3540B676-94B2-436F-A328-6D6BFA31BED4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{3B5A7193-9809-4607-92A1-1CEFA8974780}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{4287E584-6B9C-4A2C-99EE-2EE8F5C29188}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{45FCE0AF-EE5C-4D16-9760-7A0A60043E44}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{4653F749-669C-4DC6-8736-936CFDF16C34}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{48136FDB-FB28-4DD4-96C0-F6282D01300F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4D003921-65D9-45F7-B951-E521ED614E6C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{4E43BFE1-B5A3-47F7-BA9E-075B87DFBDEF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{4F539E57-23A5-4AF4-951A-F62F6BC9E587}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{506C2E0E-16C3-41EF-BB76-BF078046CEDE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{5172EA81-FD00-42A6-8D30-A714BE3133A8}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{554F8E52-C483-4FA6-8A04-77CB2A2FFD57}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{576234EA-1F18-4784-B09B-422628E3F037}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{5CF89D47-BF0B-458F-8912-E84963FB2DAC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{604B00FA-4961-4BA1-A89E-75DC936F6ABC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{61BD374A-8DA2-4988-8AB3-C85451F3C542}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{639E2D5E-F77B-43B3-87A1-1B31998B6B94}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{65F96DE0-574E-4B96-ACC3-97E2A2E630E4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{66A21133-F135-4367-8250-06559E4A041E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{6C1298ED-6617-42F9-BC6B-EA2C7975DD22}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{71B48B80-1EBB-4E11-A0C8-979CBD106113}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{73EF1FDF-56BC-498C-9746-B294F821A43C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{76044B5F-73EA-4F94-8EF1-B75335ED96EB}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{79AFAD96-388F-49AE-A99B-1E4F2835E57F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7CC6E6AB-7133-4D91-9C89-146E51FBB371}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7CCA8B86-4CD8-4767-8D6B-1A35423D46F0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7E28139E-0ADE-4191-9E2E-17A325010FC2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{858303E6-E258-41E7-B9BD-EED388AF58F9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8608DD88-D79C-4A4B-BC42-ECCBC8F948B4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{867C26E7-884A-4B45-A8B5-CCDFE3B16763}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{86A5B6D2-3757-4827-803E-8888E2E1C08B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{876434D2-B4D6-4EAE-8323-5F74DB7EEE71}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{87E5BC75-74DA-48AF-92B7-38DF84AA4094}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{89C631A9-2324-429D-A85D-10B938EDAB74}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8A3C14D9-595D-4312-A3E8-1C173963F74A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8B004AA5-2712-4F63-83DF-17DFE06C176E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8E8987E3-5476-4BD6-B3DA-ED5718B5850D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{912D528E-CDC0-4417-9BA6-B4E5B65B294A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{9274D888-2035-48B4-A5F6-2EFA737B6904}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{93F86853-FC62-4E6D-B0DB-3CFFFD38A9AA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{943FFEE9-C40F-4CB4-A902-9DC255CB8534}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{9503F94A-6FE1-44D3-8905-C314556B57CC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{965882FD-D2CF-49B6-AB4F-8F853A2936E5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{96FA16BB-A150-4497-BE63-232CB12AA369}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{9715BCA0-CDCA-4B10-B4BD-C32FD4039B90}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9797DF38-4960-43BC-BFF1-F6071CB23E33}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9869D7A2-0327-4217-B36C-1A3052E91209}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{AA974880-E81C-4766-B83C-9DE7A10694F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{AABE4538-9A09-498F-8B5E-6837C9DF2E9E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{AB4CB067-8A3D-4846-82F0-167E5BF32340}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B15A3BE8-BB85-47D5-9810-BABB825E8EE7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B21C54DC-3F0A-44AB-ADB7-7E3D3F27153D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B2B1589C-BF5C-4275-9341-29369DB7C0EA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B3EA4841-6A2E-45CB-AC9A-4C5149C53136}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B50AF6D4-43E5-4F86-AEF0-A91A136F336C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B761C800-2629-4B66-85AA-FB20ECEBCE03}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B76BE707-0A26-42B0-978B-4FEB39B4DAD9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{BA654490-A946-48F2-8333-AF8CD96A8649}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C0213AEB-E58A-4FB3-8B01-A405DB4036F8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C8C2AAA5-8353-4AC3-8951-9E47E218C4A4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C9E94E0E-0068-4AEF-B378-A1225C1E06F6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{CA448C3C-647D-4D82-A3DD-57CB22853178}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{CB14571B-B445-4F5A-924F-3435FAFF02D3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CB3C92CF-C905-4E04-939C-FEF136CA30D3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CB96D694-20AB-4EE4-A5D5-0D7DFA76200B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{CBB1E01D-D692-434F-AEA3-B1065D82D23D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CC11EEBD-F0E9-43C3-B787-7DCFCA0EF60C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{CE649C20-A7C4-418D-9080-74990C500A0C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{CF87B366-A025-4873-A369-86C561B5FDEC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{CFB13FC5-287F-4D9D-A7CF-9D2DB6456F95}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{D347674C-5A5B-495F-BA4A-04CB3462232C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D3828CAF-C145-43E7-868D-0A75E2969C27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D57BF949-AE76-40B5-9484-369E0A7FAE9F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{DDAB8F5C-B2E2-4F73-902B-C173D5A25187}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{DDB1E0FC-12A4-42AB-8A54-9A2CEE7EB00A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E0B163F4-EA2B-488B-8784-BF5364A39CC8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E12AFDC4-D861-4383-9B9B-B1DEF5A21E63}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E60FE32E-2F06-4604-8CD6-63E50DEBC7D1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E669D472-2764-4616-843F-F2B9389154BF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E739A004-0345-4610-A08F-DC5F4A72D50B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E76D0ED4-2F99-46FF-93BD-92B56E1EE9F4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{EAA95423-383A-41C3-B7B1-AAAFDB0E2D20}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{EB7F0179-80D7-4E83-A7EE-882D1380DAEC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EBA68078-EBD1-4405-BE3C-5DCF67A74080}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{EBDAF1F6-AD79-4723-9BE5-00BE64A13FFF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{EC0B0327-457B-4755-BB7E-6FFEB9FB149A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{ECB547D9-ABF8-4351-B5CA-E56081CC8F20}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{ECB87683-4BD0-45F0-80D6-54D09041E7AB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{F6CDAF9F-7D6F-4F26-9023-8A5BCF85A2E8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{F72F6D7D-7702-486B-AC84-EA5A222B1628}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{F790E314-FF3E-479B-B9ED-E0507EE9564A}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{F87B333A-CEC1-4E67-88E6-717BF831AD1B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{FA206C15-30DB-4529-B26E-D71AA749D3A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB37109D-772D-44D0-ABE4-83F675DEF834}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{FB5A1A88-8DBC-40C0-B916-B0446F28236C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{FBEAF515-083C-44F0-8C15-58625D8B22EA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0236D2F0-6D40-4128-A3D7-47E034C15A70}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{07749E15-EBC1-431D-969E-22CF277557AD}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\backgammon.exe | 
"{09087FA3-5B42-49E2-8B67-2BFC15EA7365}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{0D4807B4-DB09-47A7-AD6B-CC7389CF67A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0DC91BAD-B173-4529-919D-ADFD360D1CBB}" = dir=in | app=en_conquer2.0_5672_p2p.exe | 
"{0E6A9C3B-76C8-4026-AE57-B51C9EBAED2A}" = protocol=6 | dir=out | app=system | 
"{11FA61C2-D568-4BE8-A7C7-D095A497BCBD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{150F8C5C-8B6C-4F08-AF7B-3A9FC93A690E}" = protocol=6 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | 
"{1EAAA9FA-02AA-4C94-B8B0-EB1B7D4A75FF}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe | 
"{1FCC02C6-F754-4B24-BB49-42D97A0E9206}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe | 
"{2AE31A33-F389-46EC-BEED-5185B5A91A3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2B61A2C8-94EF-4662-8185-F7C0CF49B80C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{2EBE009E-72DA-448C-A66E-2EC2B93A1048}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2F6634D1-6564-4E45-8315-A0B199D82399}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{2FCE2662-3ED3-476C-8AC5-6D397E5EB7CB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{314529B9-794B-4E0F-8274-3854EF161A15}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{3223B7E9-E198-4FC4-854C-1D1A17CFCC45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{33CA2EAC-AFF5-4986-9337-6FD52A135A53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{341D414B-6419-4715-85BF-96E69070C9BE}" = protocol=6 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | 
"{3604235A-FD4D-42AB-9899-0BE9FE7D31C8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3F2CA85C-B710-417B-A8E2-FD145E80EC69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3FF5B906-2C86-4570-A7D4-56E792D3949F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4270301A-647D-4E4D-BB31-3C0DC4969E4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4692770B-E033-4D5E-8462-A8FC45C05DDA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{46C72F9F-517B-4941-8618-9DD8AF17285C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{46FBA5CB-FE67-4858-9871-11C8C66F2488}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\checkers.exe | 
"{47BDB793-C6B1-462C-BF3B-554FC51F7B1F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{47DA8A68-CF15-4170-91BC-6C6AAB9BCEDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{50F3C4D2-DD29-4F09-82D3-1D9A0D9B5E38}" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\wurmclient.jnlp | 
"{51001564-9174-4F47-B9D7-9EF825CCA686}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{514E1FC2-7CF9-44F5-BA3E-53168DEDE48F}" = protocol=6 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | 
"{543EC40F-2251-40F0-AC42-0B954E581C16}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{5777879E-3C04-4DD4-AD12-4EE5CF00797F}" = protocol=6 | dir=in | app=c:\users\lenovo\downloads\leagueoflegends (1).exe | 
"{5B7643FE-C568-4D71-B9C9-DD884CCD090C}" = protocol=17 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | 
"{5F20E8F7-3C82-4435-822C-36642980F570}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{60177FEF-4981-4DB6-823E-452DFE688882}" = protocol=17 | dir=in | app=c:\program files (x86)\gameshadow\gameshadow.exe | 
"{61C9B95C-BD6A-43E9-910B-DF4A3D8EA3E3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{65B7588A-B2C7-4EE6-83AC-25A73A47A217}" = protocol=6 | dir=in | app=c:\program files (x86)\gameshadow\gsdownload.exe | 
"{68EC2B4F-5786-404A-8A7D-074C62F77541}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\seabattle.exe | 
"{6F8A3786-B3EA-4ECA-93B1-484D20DA4E0E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6FA5A6E4-2F6C-4B17-8C05-5DA66BC9CF7A}" = protocol=17 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | 
"{709906C2-BE20-4A53-BD72-32AFF4E3B75C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{72894430-DD36-4AC5-BF73-927F26AE98E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{72F22D0F-47E1-4F34-AC5C-BA86CD24DAEB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{79DA61A5-D08D-468C-8115-60073C7CA22C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7BA53642-DB52-4C37-8AE1-D14DBD45777D}" = dir=in | app=c:\users\lenovo\documents\the war z\infestation.exe | 
"{7CF3CCAF-9B42-4911-9ABF-C04965CC14C3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{816699FB-6D9C-4EC0-9FB7-584989A28E80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{832FEB0B-703D-4FF3-B2FE-F8E0B1DEC0DE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{86949F07-CA66-4B5C-827B-D2B0EB3E9E82}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{90DC654D-E98C-4C59-A870-49D5139D700A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{93D8D874-ACA4-48CC-BF68-143F92E5608A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{944C1815-88E5-4143-ADD9-84145A92E49C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{99CC8BC0-5C1D-4ED0-91C4-37698F2F11E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B75429B-676D-437D-8B5C-D0000C2DA97D}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\easychat.exe | 
"{9E20D3AC-47F4-4ECB-BB52-1DECAEFBDD78}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{9E76E761-B500-4C50-8A66-F25B9BDD8E9F}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe | 
"{A3EA0028-9016-46B4-A8AE-C355CF0407A7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A3FF718A-2168-4C2E-969C-46971B888618}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A853715F-E5B9-4C88-9307-E732C39EA4E9}" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\wurmclient.jnlp | 
"{AE5209E6-2A24-40E3-9A76-5F1F905B502B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B02508A6-1CEB-41B0-9B8D-7E96C2A78F13}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{B3E6D370-54F6-40D6-98BA-3D89D71AD74A}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\tictactoe.exe | 
"{B9D691E2-A07E-44EE-AB47-405BD25867A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BAA0AC06-A2AC-42CB-AAFF-49661DF08D14}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BB485344-D3A6-4029-B0A3-CA8930EEDDAF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C0F3113E-AE20-4C84-AC9B-A7286F6A22C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C624451E-5DCB-40C4-815B-AEDF7E314F85}" = protocol=17 | dir=in | app=c:\program files (x86)\gameshadow\gsdownload.exe | 
"{CC2751C3-5CF6-4F87-9358-694267571473}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\chess.exe | 
"{D20EE982-9D73-4101-823E-AEF2BC1C1456}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D2115566-301E-405D-ADDB-EED6FB6B7DA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D871BE7D-5CA8-4CE3-8A37-50C7609660B3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{DE49FCFC-4DC4-4EF9-923A-3A20CA15458F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{E08DC02B-19C2-48C1-8E94-E7C6160AA60A}" = protocol=17 | dir=in | app=c:\program files (x86)\search results toolbar\datamngr\srtool~1\dtuser.exe | 
"{E1D7AA0C-4C60-45E1-8FB0-3B8F97D672BF}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | 
"{E40692C0-2544-43E0-B5C1-B505C1507E77}" = protocol=6 | dir=in | app=c:\program files (x86)\gameshadow\gameshadow.exe | 
"{EA1F64C2-8D25-439D-9706-F1C6FF0D664A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{ED655BCC-BF1C-4995-891B-A7CA0E2764A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{EE0CF172-8D20-47F9-A1B6-8E2870FDBE40}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F31E212D-3FE4-47EF-8FC0-7EE6BA26E3FC}" = protocol=17 | dir=in | app=c:\users\lenovo\downloads\leagueoflegends (1).exe | 
"{F78BCE7A-2BA6-4F63-A16F-F545B44DF7AD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{FA749B5E-722F-4FF6-8E09-B2281368313B}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe | 
"{FE51F0E4-4DBE-464B-98FA-2230363C1E2B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{10C9A020-2F34-4484-B30A-14FE28F801D2}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
"TCP Query User{1F52B65F-D708-4C5C-881B-256C70001007}C:\program files (x86)\xfire2\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe | 
"TCP Query User{3FAE5A84-012A-4C39-9084-64356C4AD1E5}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe | 
"TCP Query User{4B51905D-FD8C-40A5-8653-DF9E9C23F675}C:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe" = protocol=6 | dir=in | app=c:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe | 
"TCP Query User{53740572-F87D-4CEB-B5C5-B5A229E82EC3}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
"TCP Query User{56C97260-924D-49A4-8C61-D881679E621E}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{58F3D8DE-BD77-4A24-B2F7-AED72C670861}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"TCP Query User{6055B389-B673-4EC9-8747-4CAB6C9AF35D}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{70E77753-182D-4AB3-8E37-6C971101C4F7}C:\program files (x86)\payday 2\payday2_win32_release.exe" = protocol=6 | dir=in | app=c:\program files (x86)\payday 2\payday2_win32_release.exe | 
"TCP Query User{7A6F41C2-53C0-43F2-A510-FD7AEC7CB812}C:\games\panzar\start.exe" = protocol=6 | dir=in | app=c:\games\panzar\start.exe | 
"TCP Query User{92ACB85B-21A1-43AF-BFCA-94EFB257EE1D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{A4E5788C-0DF2-4CC2-A5D1-4251921C32CE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{B84A213E-FFBD-46CA-9427-76E36AE9F853}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{BAE7D4A4-D742-451A-8084-842B3B1B3030}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe | 
"TCP Query User{CF2325C4-D324-4B57-9A2B-B413B4B69331}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{0E576E0A-C59C-496A-ADA0-445B5CA81EDC}C:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe" = protocol=17 | dir=in | app=c:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe | 
"UDP Query User{491DBB90-9D2A-4DAE-8E6A-9307D3FED337}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"UDP Query User{5B630CB1-4E4E-4C07-B07C-5CC62628FC6E}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
"UDP Query User{5F825AF1-3788-49C5-B924-B66095259CE0}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
"UDP Query User{615A6871-23B9-4057-98AC-F4EBE0D37A46}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe | 
"UDP Query User{6188F97A-A74E-4FCB-81EF-18EFFD1FB05B}C:\program files (x86)\payday 2\payday2_win32_release.exe" = protocol=17 | dir=in | app=c:\program files (x86)\payday 2\payday2_win32_release.exe | 
"UDP Query User{7521A588-CD8D-47AE-B586-1919AD3FEB6C}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe | 
"UDP Query User{9810CA24-F82D-4D7F-9B9B-B7F78802F7FF}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{A3759242-E424-4F85-AEF8-914878F57EB8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{BEF32B76-B9CD-49DD-9760-56D027630C4A}C:\program files (x86)\xfire2\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe | 
"UDP Query User{E3175780-AA0B-4A12-A0B7-FB23019B6BDB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{EE9969C7-5005-4EFC-B74C-66FF538FF797}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{F24270A3-604C-48B8-B33B-5CF6693DE566}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{F7416C9C-BF49-4F50-A91C-16532D0D092C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{FF0B1C03-70E2-45E5-99D9-6E6655B41882}C:\games\panzar\start.exe" = protocol=17 | dir=in | app=c:\games\panzar\start.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{31ABA3F2-0000-1033-0102-111D43815377}" = Autodesk ReCap
"{31ABA3F2-0010-1033-0102-111D43815377}" = Autodesk ReCap Language Pack-English
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Oprogramowanie Intel® PROSet/Wireless WiFi
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}" = Autodesk 360
"{5783F2D7-D001-0000-0102-0060B0CE6BBA}" = AutoCAD 2014 - English
"{5783F2D7-D001-0409-1102-0060B0CE6BBA}" = AutoCAD 2014 Language Pack - English
"{5783F2D7-D001-0409-2102-0060B0CE6BBA}" = AutoCAD 2014 - English
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum obsługi urządzeń z systemem Windows Mobile
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7811654C-9701-4347-B9DD-7DDB6B47F56A}" = STATISTICA PL 10 (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
"{90140000-006D-0415-1000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 RC
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E1A1B8F4-DB8E-4999-AB0E-CE929A040CDB}" = calibre 64bit
"{E6F5B546-C708-3CB3-953D-20AA7C6DD48C}" = Microsoft .NET Framework 4.5 RC
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Control Panel
"AutoCAD 2014 - English" = Autodesk AutoCAD 2014 - English
"Autodesk ReCap" = Autodesk ReCap
"CCleaner" = CCleaner
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"GIMP-2_is1" = GIMP 2.8.6
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.3.0 (64-bit)
"Lenovo R.I.C. (Robust Intelligent Companion)" = Lenovo R.I.C. (Robust Intelligent Companion)
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{263CB489-274B-4312-B931-0039A7A4443C}" = Unified Remote
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java™ 6 Update 45
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{387A7BC7-577B-4FC9-8337-4DB8F7D34E55}" = MotoGP™13
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1" = Xfire 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4B784CE7-7CDB-4AF1-B636-2DC3EA51EA87}" = MotoGP™13
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4FF82163-423A-43CE-898D-3B60D19A5E8F}_is1" = Panzar
"{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644E9589-F73A-49A4-AC61-A953B9DE5669}" = SketchUp Import for AutoCAD 2014
"{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C1804BC-094F-431A-BEA5-37A837958029}" = Rome - Total War - Alexander
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0415-1000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0415-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Polski
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEBE760-F2D0-11DD-6784-0195548618BE}" = GameShadow V3.1
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B810D852-DFD6-FC3-89A5-CC4D47756DAF}_is1" = FarCry 3 version 5.1
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version 1.0
"{BEBC66FC-1EF2-4823-B212-3EAB99161098}_is1" = Knight Elite
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C070121A-C8C5-4D52-9A7D-D240631BD433}" = Autodesk App Manager
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{DCB46B42-723F-350E-B18A-449BC6C21636}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.269
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F732FEDA-7713-4428-934B-EF83B8DD65D0}" = Autodesk Featured Apps
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Autodesk Content Service" = Autodesk Content Service
"Better Surf Plus" = Better Surf Plus
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dll-Files Fixer_is1" = Dll-Files Fixer
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer wersja 2.7.72.2024
"Driver Updater" = Carambis Driver Updater
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Google Chrome" = Google Chrome
"Hitman Absolution_is1" = Hitman Absolution
"ilividtoolbarguid" = Search-Results Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.3.0
"LastFM_is1" = Last.fm Scrobbler 2.1.36
"Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC_is1" = Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Maxima-5.28.0-2_is1" = Maxima 5.28.0-2
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.7.8
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox 21.0 (x86 pl)" = Mozilla Firefox 21.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3 Knife_is1" = Mp3 Knife 3.4
"NapiProjekt_is1" = NapiProjekt (2.1.0.2287)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"OpenAL" = OpenAL
"Pajączek 5 NxG STD_is1" = Pajączek 5 NxG STD - Deinstalacja
"PAYDAY 2_is1" = PAYDAY 2
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"Q2FsbG9mSnVhcmV6R3Vuc2xpbmdlcg==_is1" = Call of Juarez Gunslinger © Ubisoft version 1
"RealPlayer 16.0" = RealPlayer
"RegClean Pro_is1" = RegClean Pro
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.1
"SP_8e4eb48d" = Search Assistant MocaFlix 1.66
"SP_a8235b05" = Search Assistant SoftQuick 1.66
"Spotydl_is1" = Spotydl 0.9.32.0
"State of Decay_R.G. Mechanics_is1" = State of Decay
"Steam App 218230" = PlanetSide 2
"Steam App 42910" = Magicka
"Steam App 550" = Left 4 Dead 2
"TmNationsForever_is1" = TmNationsForever
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"Webexp Enhanced" = Webexp Enhanced
"Winamp" = Winamp
"WinLiveSuite" = Podstawowe programy Windows Live
"XfireCodec" = Xfire Codec (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"lollipop" = Lollipop
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
"Wurm Online" = Wurm Online
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2013-12-24 09:19:35 | Computer Name = LENOVO-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Smite.exe, wersja: 0.1.1888.2, sygnatura
 czasowa: 0x52b35505  Nazwa modułu powodującego błąd: Smite.exe, wersja: 0.1.1888.2,
 sygnatura czasowa: 0x52b35505  Kod wyjątku: 0xc0000005  Przesunięcie błędu: 0x0020cdd6
Identyfikator
 procesu powodującego błąd: 0x1008  Godzina uruchomienia aplikacji powodującej błąd:
 0x01cf00aa77ea9674  Ścieżka aplikacji powodującej błąd: C:\Program Files (x86)\Hi-Rez
 Studios\HiRezGames\smite\binaries\Win32\Smite.exe  Ścieżka modułu powodującego błąd:
 C:\Program Files (x86)\Hi-Rez Studios\HiRezGames\smite\binaries\Win32\Smite.exe
Identyfikator
 raportu: 07a4196d-6c9e-11e3-8da1-402cf452c667
 
Error - 2013-12-24 09:35:17 | Computer Name = LENOVO-Komputer | Source = WinMgmt | ID = 10
Description = 
 
Error - 2013-12-24 09:35:33 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 2013-12-24 09:35:33 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 2013-12-25 04:52:42 | Computer Name = LENOVO-Komputer | Source = WinMgmt | ID = 10
Description = 
 
Error - 2013-12-25 04:52:57 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 2013-12-25 04:52:57 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 2013-12-25 05:09:20 | Computer Name = LENOVO-Komputer | Source = WinMgmt | ID = 10
Description = 
 
Error - 2013-12-25 05:09:25 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 2013-12-25 05:09:25 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073
Description = 
 
[ OSession Events ]
Error - 2013-02-25 07:00:14 | Computer Name = LENOVO-Komputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 170376
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 2013-12-20 11:45:32 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2.
 
Error - 2013-12-20 11:45:32 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2.
 
Error - 2013-12-20 11:45:33 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2.
 
Error - 2013-12-22 07:51:54 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
 z usługą Hi-Rez Studios Authenticate and Update Service.
 
Error - 2013-12-22 11:47:42 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2.
 
Error - 2013-12-22 11:47:43 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2.
 
Error - 2013-12-22 11:47:43 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2.
 
Error - 2013-12-22 11:47:44 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2.
 
Error - 2013-12-23 12:46:26 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
 z usługą Hi-Rez Studios Authenticate and Update Service.
 
Error - 2013-12-25 04:52:26 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
 z usługą Hi-Rez Studios Authenticate and Update Service.
 
 

< End of report >[/log]

RSIT

[log]info.txt logfile of random's system information tool 1.09 2013-12-25 11:13:36

 

 
======Uninstall list======
 
-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
-->"C:\Program Files (x86)\InstallShield Installation Information\{6BDF9B4F-779F-4FC1-A2F2-ABA93C42BC75}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->MsiExec /X{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 10 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil10q_Plugin.exe -maintain plugin
Adobe Reader X (10.1.8)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Adobe Shockwave Player 11.6-->"C:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe"
Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {04E205D6-88B1-4652-B162-42DF2C3B1228}
Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}
Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {128A36ED-21BE-4547-9FFE-5B85AEC735DD}
Aktualizacje NVIDIA 9.3.21-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{26EEF62D-2BC5-4581-B10F-4FCC1FF42E5A}\NVI2.DLL",UninstallPackage Display.Update
AutoCAD 2014 - English-->C:\Program Files\Autodesk\AutoCAD 2014\Setup\en-us\Setup\Setup.exe /P {5783F2D7-D001-0000-0102-0060B0CE6BBA} /M ACAD /language en-US
Autodesk 360-->MsiExec.exe /X{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}
Autodesk App Manager-->MsiExec.exe /X{C070121A-C8C5-4D52-9A7D-D240631BD433}
Autodesk AutoCAD 2014 - English-->C:\Program Files\Autodesk\AutoCAD 2014\Setup\en-us\Setup\Setup.exe /P {5783F2D7-D001-0000-0102-0060B0CE6BBA} /M ACAD /language en-US
Autodesk Content Service Language Pack-->MsiExec.exe /X{62F029AB-85F2-0001-866A-9FC0DD99DDBC}
Autodesk Content Service-->C:\Program Files (x86)\Autodesk\Content Service\Setup\Setup.exe /P {62F029AB-85F2-0000-866A-9FC0DD99DDBC} /M ContentService /LANG en-US
Autodesk Featured Apps-->MsiExec.exe /X{F732FEDA-7713-4428-934B-EF83B8DD65D0}
Autodesk Material Library 2014-->MsiExec.exe /I{644F9B19-A462-499C-BF4D-300ABC2A28B1}
Autodesk Material Library Base Resolution Image Library 2014-->MsiExec.exe /I{51BF3210-B825-4092-8E0D-66D689916E02}
Autodesk ReCap-->C:\Program Files\Autodesk\Autodesk ReCap\Setup\Setup.exe /P {31ABA3F2-0000-1033-0102-111D43815377} /M Autodesk_ReCap /LANG en-US
Better Surf Plus-->C:\Program Files (x86)\BetterSurf\BetterSurfPlus\uninstall.exe
Broadcom InConcert Maestro-->MsiExec.exe /X{57DD35E9-D9BB-4089-BB05-EF933C586CB3}
Broadcom NetLink Controller-->MsiExec.exe /X{C91DCB72-F5BB-410D-A91A-314F5D1B4284}
calibre 64bit-->MsiExec.exe /I{E1A1B8F4-DB8E-4999-AB0E-CE929A040CDB}
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Juarez Gunslinger © Ubisoft version 1-->"C:\Program Files (x86)\Call of Juarez Gunslinger\unins000.exe"
Carambis Driver Updater-->C:\Program Files (x86)\Carambis\Driver Updater\uninstall.exe
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Centrum obsługi urządzeń z systemem Windows Mobile-->MsiExec.exe /X{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
DiRT 3-->MsiExec.exe /I{434D0FA0-1558-4D8E-AC3D-BD1000008200} ARPNOREPAIR="1"
DiRT 3-->MsiExec.exe /X{434D0FA0-1558-4D8E-AC3D-BD1000008200}
Dll-Files Fixer-->"C:\Program Files (x86)\Dll-Files.com Fixer\unins001.exe" /silent
Dll-Files.com Fixer wersja 2.7.72.2024-->"C:\Program Files (x86)\Dll-Files.com Fixer\unins000.exe"
Energy Management-->"C:\Program Files (x86)\InstallShield Installation Information\{D0956C11-0F60-43FE-99AD-524E833471BB}\setup.exe" -runfromtemp -l0x0415 -removeonly
Energy Management-->MsiExec.exe /I{D0956C11-0F60-43FE-99AD-524E833471BB}
Euro Truck Simulator 2-->"C:\Program Files (x86)\Euro Truck Simulator 2\unins000.exe"
Far Cry 3-->\"C:\Program Files (x86)\InstallShield Installation Information\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}\setup.exe\" -runfromtemp -l0x0409  -removeonly
FarCry 3 version 5.1-->"C:\Program Files (x86)\FarCry 3\unins000.exe"
FIFA 13-->"C:\Program Files (x86)\Common Files\EAInstaller\FIFA 13\Cleanup.exe" uninstall_game -autologging -keepMaintenanceLog
Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}
GameShadow V3.1-->C:\Program Files (x86)\GameShadow\Uninst_GameShadow.exe /U "C:\Program Files (x86)\GameShadow\Uninst_GameShadow.log"
GIMP 2.8.6-->"C:\Program Files\GIMP 2\uninst\unins000.exe"
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Earth Plug-in-->MsiExec.exe /X{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Grand Theft Auto: Episodes from Liberty City-->MsiExec.exe /I{5454083B-1308-4485-BF17-111000028701}
Hitman Absolution-->"C:\Program Files (x86)\SQUARE ENIX\Hitman Absolution\unins000.exe"
I Am Alive-->"C:\Program Files (x86)\InstallShield Installation Information\{62952508-8C6F-4D31-9802-099FC67B41C3}\setup.exe" -runfromtemp -l0x0409  -removeonly
I Am Alive-->MsiExec.exe /X{62952508-8C6F-4D31-9802-099FC67B41C3}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
Intel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstall
Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall
Intel® Wireless Display-->MsiExec.exe /X{F84906ED-BB54-4889-B131-FED9C9056FC8}
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
Java™ 6 Update 45-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216045FF}
JMicron Flash Media Controller Driver-->"C:\Program Files (x86)\JMicron\JMCR_DIR\setup.exe" delpkg
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
K-Lite Codec Pack 9.3.0 (64-bit)-->"C:\Program Files\K-Lite Codec Pack x64\unins000.exe"
K-Lite Mega Codec Pack 9.3.0-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Knight Elite-->"C:\Program Files (x86)\ePlaybus.com\Knight Elite\unins000.exe"
Last.fm Scrobbler 2.1.36-->"C:\Program Files (x86)\Last.fm\UninsHs.exe" /u0=LastFM
League of Legends-->"C:\Program Files (x86)\InstallShield Installation Information\{92606477-9366-4D3B-8AE3-6BE4B29727AB}\setup.exe" -runfromtemp -l0x0409  -removeonly
Left 4 Dead 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/550
Lenovo Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo OneKey Recovery-->"C:\Program Files (x86)\InstallShield Installation Information\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}\setup.exe" /z-uninstall
Lenovo R.I.C. (Robust Intelligent Companion)-->C:\Program Files (x86)\Lenovo\RobustIntelligentCompanion\Uninstall.exe
Lenovo YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Lenovo YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC-->"C:\Program Files (x86)\Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC\Uninstall\unins000.exe"
Magicka-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/42910
Malwarebytes Anti-Malware wersja 1.75.0.1300-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Maxima 5.28.0-2-->"C:\Program Files (x86)\Maxima-5.28.0-2\uninst\unins000.exe"
MegaTrainer eXperience V1.1.7.8-->"C:\Program Files (x86)\MegaDev\MD-Trainers\MT-X\unins000.exe"
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{A49402DD-2781-3782-B0CF-52BDA349E3F3}
Microsoft .NET Framework 4 Extended PLK Language Pack-->MsiExec.exe /X{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}
Microsoft .NET Framework 4.5 RC-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5 RC-->MsiExec.exe /X{E6F5B546-C708-3CB3-953D-20AA7C6DD48C}
Microsoft Chart Controls for Microsoft .NET Framework 3.5-->MsiExec.exe /X{41785C66-90F2-40CE-8CB5-1C94BFC97280}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}
Microsoft Games for Windows Marketplace-->MsiExec.exe /X{4CB0307C-565E-4441-86BE-0DF2E4FB828C}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {664655D8-B9BB-455D-8A58-7EAF7B0B2862}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-002A-0415-1000-0000000FF1CE} /uninstall {0C8AB602-A234-45AB-B355-4C863C1D2FA8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0044-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0415-0000-0000000FF1CE} /uninstall {0C8AB602-A234-45AB-B355-4C863C1D2FA8}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00BA-0415-0000-0000000FF1CE} /uninstall {01CC3B2D-70DB-49DC-839A-A923D2A39EA4}
Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (Polish) 2007-->MsiExec.exe /X{90120000-0015-0415-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Polish) 2007-->MsiExec.exe /X{90120000-0016-0415-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Groove MUI (Polish) 2007-->MsiExec.exe /X{90120000-00BA-0415-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Polish) 2007-->MsiExec.exe /X{90120000-0044-0415-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Polish) 2007-->MsiExec.exe /X{90120000-00A1-0415-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Polish) 2007-->MsiExec.exe /X{90120000-001A-0415-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Polish) 2007-->MsiExec.exe /X{90120000-0018-0415-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Polish) 2007-->MsiExec.exe /X{90120000-001F-0415-0000-0000000FF1CE}
Microsoft Office Proofing (Polish) 2007-->MsiExec.exe /X{90120000-002C-0415-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0415-0000-0000000FF1CE} /uninstall {9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}
Microsoft Office Publisher MUI (Polish) 2007-->MsiExec.exe /X{90120000-0019-0415-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Polish) 2007-->MsiExec.exe /X{90120000-002A-0415-1000-0000000FF1CE}
Microsoft Office Shared MUI (Polish) 2007-->MsiExec.exe /X{90120000-006E-0415-0000-0000000FF1CE}
Microsoft Office Starter 2010 - Polski-->C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe /uninstall {90140011-0066-0415-0000-0000000FF1CE}
Microsoft Office Word MUI (Polish) 2007-->MsiExec.exe /X{90120000-001B-0415-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False-->MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3}
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False-->MsiExec.exe /X{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False-->MsiExec.exe /X{DCB46B42-723F-350E-B18A-449BC6C21636}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False-->MsiExec.exe /X{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False-->MsiExec.exe /X{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False-->MsiExec.exe /X{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610-->MsiExec.exe /X{3D6AD258-61EA-35F5-812C-B7A02152996E}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610-->MsiExec.exe /X{E7D4E834-93EB-351F-B8FB-82CDAE623003}
Microsoft XNA Framework Redistributable 4.0-->MsiExec.exe /I{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}
Moduł Szybka instalacja pakietu Microsoft Office 2010-->"C:\PROGRA~2\COMMON~1\MICROS~1\VIRTUA~1\CVHBS.EXE" /removeall
Moduł Szybka instalacja pakietu Microsoft Office 2010-->MsiExec.exe /I{90140000-006D-0415-1000-0000000FF1CE}
MotoGP™13-->"C:\Program Files (x86)\InstallShield Installation Information\{4B784CE7-7CDB-4AF1-B636-2DC3EA51EA87}\setup.exe" -runfromtemp -l0x0409  -removeonly
Mount&Blade Warband-->C:\Program Files (x86)\Mount&Blade Warband\uninstall.exe
Mozilla Firefox 21.0 (x86 pl)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
Mp3 Knife 3.4-->"C:\Program Files (x86)\Mp3 Knife\unins000.exe"
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
NapiProjekt (2.1.0.2287)-->"C:\Program Files (x86)\NapiProjekt\unins000.exe"
NVIDIA 3D Vision Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly
NVIDIA GeForce Experience 1.7.1-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{26EEF62D-2BC5-4581-B10F-4FCC1FF42E5A}\NVI2.DLL",UninstallPackage Display.GFExperience
NVIDIA Oprogramowanie systemu PhysX 9.13.0725-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{318107F8-202D-454E-B794-44FA4F4BF1E5}\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA PhysX-->MsiExec.exe /I{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}
NVIDIA Sterownik graficzny 331.65-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{318107F8-202D-454E-B794-44FA4F4BF1E5}\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA Sterownik kontrolera 3D Vision 331.65-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{318107F8-202D-454E-B794-44FA4F4BF1E5}\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA Virtual Audio 1.2.9-->"C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{26EEF62D-2BC5-4581-B10F-4FCC1FF42E5A}\NVI2.DLL",UninstallPackage VirtualAudio.Driver
Onekey Theater-->"C:\Program Files (x86)\InstallShield Installation Information\{D4B060B9-AD4A-4152-9D99-28B93C615AFE}\setup.exe" -runfromtemp -l0x0415 -removeonly
Onekey Theater-->MsiExec.exe /I{D4B060B9-AD4A-4152-9D99-28B93C615AFE}
OpenAL-->"C:\Program Files (x86)\OpenAL\OpenALwEAX.exe" /U
Oprogramowanie Intel® PROSet/Wireless WiFi-->MsiExec.exe /I{3C41721F-AF0F-4086-AA1C-4C7F29076228}
Pajączek 5 NxG STD - Deinstalacja-->"C:\Program Files (x86)\Cream Software\Pajaczek 5 NxG Standard\unins000.exe"
Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)-->C:\PROGRA~1\DIFX\8C657473004ED4CD\DPInst.exe /u C:\windows\System32\DriverStore\FileRepository\vpc.inf_amd64_neutral_28dd80cc6c82ef03\vpc.inf
Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe
Panzar-->"C:\Games\Panzar\unins000.exe"
Path of Exile-->MsiExec.exe /X{90A4562F-D4A1-4B65-906D-41F236CF6902}
PAYDAY 2-->"C:\Program Files (x86)\PAYDAY 2\unins000.exe"
PC Tools Registry Mechanic 11.1-->"C:\Program Files (x86)\PC Tools Registry Mechanic\unins000.exe" /LOG
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
PlanetSide 2-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/218230
Poczta usługi Windows Live-->MsiExec.exe /I{64376910-1860-4CEF-8B34-AA5D205FC5F1}
Podstawowe programy Windows Live-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383}
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1045 /parameterfolder ClientLP
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /x64 /lcid 1045 /parameterfolder ExtendedLP
Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PunkBuster Services-->.\pbsvc_zombie.exe -u
Rapture3D 2.4.8 Game-->"C:\Program Files (x86)\BRS\unins000.exe"
RealDownloader-->MsiExec.exe /X{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealNetworks - Microsoft Visual C++ 2010 Runtime-->MsiExec.exe /X{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}
RealPlayer-->C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|16.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
RegClean Pro-->"C:\Program Files (x86)\RegClean Pro\unins000.exe" /silent
Rome - Total War - Alexander-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6C1804BC-094F-431A-BEA5-37A837958029}\setup.exe" -l0x9  -removeonly
Samsung Kies-->"C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe" -runfromtemp -l0x0409  -removeonly
Samsung Kies-->MsiExec.exe /I{758C8301-2696-4855-AF45-534B1200980A}
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe
Search Assistant MocaFlix 1.66-->"C:\Program Files (x86)\MocaFlix\uninstall.exe" /FULLPATH="C:\Program Files (x86)\MocaFlix"
Search Assistant SoftQuick 1.66-->"C:\Program Files (x86)\SoftQuick\uninstall.exe" /FULLPATH="C:\Program Files (x86)\SoftQuick"
Search-Results Toolbar-->C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\uninstall.exe
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6997D22-CC93-4ED9-AD8A-02C3F3D2F1F9}
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD3FF90-B302-45B2-A188-C5EA7ACD5D46}
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D33B9EF5-3801-496A-A2D6-B7F4BE972D75}
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B145DBBB-7778-4A5D-9D2B-DA6569F02391}
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E34960DB-2A93-45DB-A208-02650F7AB09C}
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {293FB6BE-D3EB-4162-B522-F9108040B9FE}
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2B3C041A-A7F2-4A24-968D-4BEB6A123D15}
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {43171CAD-DC60-4E7B-9703-B2EC18001B9F}
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3579CE34-B225-4B19-A3AF-DE5F562A212F}
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition -->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {020B65AD-B2ED-4B35-92CA-DB56EFB864A5}
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {020B65AD-B2ED-4B35-92CA-DB56EFB864A5}
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CAB47CC0-A98C-47DD-9FA1-C0416EC96ED5}
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {488F0918-97F9-4CD0-8AD5-8986A46AC962}
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F311D6C-D8DD-4C32-9457-1A129CABD1A5}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {718E87EC-6590-485A-B12D-C01D290EDB12}
SketchUp Import for AutoCAD 2014-->MsiExec.exe /X{644E9589-F73A-49A4-AC61-A953B9DE5669}
Skype™ 6.3-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Smite-->"C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" uninstall=17
Software Version Updater-->C:\Users\LENOVO\AppData\Local\SwvUpdater\Updater.exe /uninstall
Spotydl 0.9.32.0-->"C:\Program Files (x86)\Spotydl\unins000.exe"
SRS Control Panel-->MsiExec.exe /X{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}
State of Decay-->"C:\Users\LENOVO\AppData\Roaming\State of Decay\Uninstall\unins000.exe"
STATISTICA PL 10 (64-bit)-->MsiExec.exe /X{7811654C-9701-4347-B9DD-7DDB6B47F56A}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The War Z version 1.0-->"C:\Users\LENOVO\Documents\The War Z\unins000.exe"
TmNationsForever-->"C:\Program Files (x86)\TmNationsForever\unins000.exe"
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409  -removeonly
Unified Remote-->MsiExec.exe /I{263CB489-274B-4312-B931-0039A7A4443C}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A024FC7B-77DE-45DE-A058-1C049A17BFB3}
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {620E77C0-CDFE-4C14-AAEB-830ABB65864C}
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {525A4A44-8940-40AD-ABA0-14501199D2F0}
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8153EC80-C988-4336-8DAF-6D99C0D26E0C}
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition-->msiexec /package {90120000-001A-0415-0000-0000000FF1CE} /uninstall {840D15BD-72E8-4710-ABDD-8E883B88BD5D}
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F5F9C863-59A7-40CA-8D86-E27D6B1D2617}
VLC media player 2.0.6-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
War Thunder Launcher 1.0.1.269-->"C:\Program Files (x86)\WarThunder\unins000.exe"
Webexp Enhanced-->C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\uninstall.exe
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1B8ABA62-74F0-47ED-B18C-A43128E591B8}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{D07A61E5-A59C-433C-BCBD-22025FA2287B}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mesh-->MsiExec.exe /I{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger-->MsiExec.exe /X{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}
Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe /I{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{26E3C07C-7FF7-4362-9E99-9E49E383CF16}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{E55E0C35-AC3C-4683-BA2F-834348577B80}
WinRAR 4.20 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
Xfire 2.0-->"C:\Program Files (x86)\Xfire2\unins000.exe"
Xfire Codec (remove only)-->"C:\Program Files (x86)\Common Files\Xfire\uninst.exe"
 
======System event log======
 
Computer Name: LENOVO-Komputer
Event Code: 37
Message: Szybkość procesora 1 w grupie 0 jest ograniczana przez systemowe oprogramowanie układowe. Procesor miał ograniczony stan wydajności przez 71 s od ostatniego raportu.
Record Number: 114214
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20130328215531.148753-000
Event Type: Ostrzeżenia
User: ZARZĄDZANIE NT\SYSTEM
 
Computer Name: LENOVO-Komputer
Event Code: 37
Message: Szybkość procesora 0 w grupie 0 jest ograniczana przez systemowe oprogramowanie układowe. Procesor miał ograniczony stan wydajności przez 71 s od ostatniego raportu.
Record Number: 114213
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20130328215531.048747-000
Event Type: Ostrzeżenia
User: ZARZĄDZANIE NT\SYSTEM
 
Computer Name: LENOVO-Komputer
Event Code: 7036
Message: Usługa Instalator modułów systemu Windows weszła w stan zatrzymania.
Record Number: 114212
Source Name: Service Control Manager
Time Written: 20130328215434.398507-000
Event Type: Informacje
User: 
 
Computer Name: LENOVO-Komputer
Event Code: 7040
Message: Typ uruchamiania usługi Instalator modułów systemu Windows został zmieniony z autostart na uruchamianie na żądanie.
Record Number: 114211
Source Name: Service Control Manager
Time Written: 20130328215434.303502-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM
 
Computer Name: LENOVO-Komputer
Event Code: 7040
Message: Typ uruchamiania usługi Instalator modułów systemu Windows został zmieniony z uruchamianie na żądanie na autostart.
Record Number: 114210
Source Name: Service Control Manager
Time Written: 20130328215433.745470-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM
 
=====Application event log=====
 
Computer Name: LENOVO-Komputer
Event Code: 3
Message: 
Record Number: 124362
Source Name: NvStreamSvc
Time Written: 20131120164012.000000-000
Event Type: Informacje
User: 
 
Computer Name: LENOVO-Komputer
Event Code: 3
Message: 
Record Number: 124361
Source Name: NvStreamSvc
Time Written: 20131120164012.000000-000
Event Type: Informacje
User: 
 
Computer Name: LENOVO-Komputer
Event Code: 3
Message: 
Record Number: 124360
Source Name: NvStreamSvc
Time Written: 20131120164012.000000-000
Event Type: Informacje
User: 
 
Computer Name: LENOVO-Komputer
Event Code: 3
Message: 
Record Number: 124359
Source Name: NvStreamSvc
Time Written: 20131120164011.000000-000
Event Type: Informacje
User: 
 
Computer Name: LENOVO-Komputer
Event Code: 3
Message: 
Record Number: 124358
Source Name: NvStreamSvc
Time Written: 20131120164011.000000-000
Event Type: Informacje
User: 
 
=====Security event log=====
 
Computer Name: LENOVO-Komputer
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.
 
Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: LENOVO-KOMPUTER$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7
 
Typ logowania: 5
 
Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}
 
Informacje o procesie:
Identyfikator procesu: 0x2ac
Nazwa procesu: C:\Windows\System32\services.exe
 
Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -
 
Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: Advapi  
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0
 
To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.
 
Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.
 
Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).
 
Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.
 
Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.
 
Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. 
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 4122
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121007082438.319626-000
Event Type: Sukcesy inspekcji
User: 
 
Computer Name: LENOVO-Komputer
Event Code: 5056
Message: Wykonano autotest funkcji kryptograficznej.
 
Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: LENOVO-KOMPUTER$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7
 
Moduł: ncrypt.dll
 
Kod powrotny: 0x0
Record Number: 4121
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121007082437.555624-000
Event Type: Sukcesy inspekcji
User: 
 
Computer Name: LENOVO-Komputer
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.
 
Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7
 
Uprawnienia: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 4120
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121007082436.853623-000
Event Type: Sukcesy inspekcji
User: 
 
Computer Name: LENOVO-Komputer
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.
 
Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: LENOVO-KOMPUTER$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7
 
Typ logowania: 5
 
Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}
 
Informacje o procesie:
Identyfikator procesu: 0x2ac
Nazwa procesu: C:\Windows\System32\services.exe
 
Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -
 
Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: Advapi  
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0
 
To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.
 
Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.
 
Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).
 
Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.
 
Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.
 
Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania. 
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 4119
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121007082436.853623-000
Event Type: Sukcesy inspekcji
User: 
 
Computer Name: LENOVO-Komputer
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.
 
Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7
 
Uprawnienia: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 4118
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20121007082436.838023-000
Event Type: Sukcesy inspekcji
User: 
 
======Environment variables======
 
"ComSpec"=%SystemRoot%\system32\cmd.exe
"configsetroot"=%SystemRoot%\ConfigSetRoot
"FP_NO_HOST_CHECK"=NO
"LenovoTestLogFile"=preload.log
"LenovoTestPath"=C:\prdv10\
"NUMBER_OF_PROCESSORS"=4
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Lenovo\Bluetooth Software\;C:\Program Files\Lenovo\Bluetooth Software\syswow64;C:\Program Files\Broadcom\WHL\;C:\Program Files\Broadcom\WHL\syswow64;C:\Program Files\Broadcom\WHL\SysWow64\;C:\Program Files (x86)\Windows Live\Shared;C\SDK\platform-tools;C:\Program Files\Calibre2\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=2a07
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"windows_tracing_flags"=3
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"CM2014DIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\
"ILBDIR"=C:\Program Files (x86)\Common Files\Autodesk Shared\Materials\
 
-----------------EOF-----------------
[/log]
 
[log]Logfile of random's system information tool 1.09 (written by random/random)

 

Run by LENOVO at 2013-12-25 10:57:09
Microsoft Windows 7 Home Premium  Service Pack 1
System drive C: has 88 GB (13%) free of 701 GB
Total RAM: 4040 MB (44% free)
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:13:35, on 2013-12-25
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\LENOVO.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c..._S0RUNYAB604258
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c..._S0RUNYAB604258
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c..._S0RUNYAB604258
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c..._S0RUNYAB604258
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: BetterSrf - {1824FF90-C98E-48A6-838F-E3B6572B0C77} - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll (file missing)
O2 - BHO: WebexpEnhancedV1alpha872 - {f4b8af81-d6cc-4c27-bbd7-2b22617cdb75} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\ie\WebexpEnhancedV1alpha872.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-21-3429779742-4234798171-2531594576-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3429779742-4234798171-2531594576-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire2\Xfire.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: UsA‚uga DealPly Live (dealplylive) (dealplylive) - DealPly Technologies Ltd - C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
O23 - Service: UsA‚uga DealPly Live (dealplylivem) (dealplylivem) - DealPly Technologies Ltd - C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 12426 bytes
 
======Listing Processes======
 
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
winlogon.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"C:\windows\system32\nvvsvc.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 29171904
\??\C:\windows\system32\conhost.exe "-1579820897-974790045-1759636916399327966-274527425-868844760632487760996075342
C:\windows\System32\spoolsv.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\windows\system32\nvvsvc.exe -session -first
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\windows\system32\Dwm.exe"
"taskhost.exe"
C:\windows\Explorer.EXE
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Windows\System32\igfxtray.exe" 
"C:\Windows\System32\hkcmd.exe" 
"C:\Windows\System32\igfxpers.exe" 
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" 
"C:\windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL mmsys.cpl
"C:\Windows\WindowsMobile\wmdc.exe" 
taskeng.exe {E885D7A9-D874-43DA-BC65-84C78FE7F203}
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe" 
"C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe"
"C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe"
C:\windows\SysWOW64\PnkBstrA.exe
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" 
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe" 
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 
"C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe"  -osboot
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\windows\system32\conhost.exe "1629624446-80977395-2028512911209284486-134452121213019270822006986448948823169
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" 
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\svchost.exe -k WindowsMobile
C:\windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\windows\SysWOW64\RunDll32.exe" "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-460b070d-ef3f-4ecc-8301-cf971d27279e -SystemEventPortName:HostProcess-eeeee851-dc62-47c6-ba3a-d79f59fad46e -IoCancelEventPortName:HostProcess-e051693b-3f8d-4805-aab4-706eae57ccaa -NonStateChangingEventPortName:HostProcess-f5547836-4474-4350-98ae-994b7878eebb -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:843e72d5-0276-4711-8529-9fe956337816 -DeviceGroupId:WpdFsGroup
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe" /c
"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2056
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
"C:\windows\system32\wuauclt.exe"
"taskhost.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://start.qone8.c..._S0RUNYAB604258
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1148.0.649981357\1438699597" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2342 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable2:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="1148.1.138404618\912050116" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/Label=Stable2:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="1148.3.176620270\930791890" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/Label=Stable2:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="1148.10.1308224092\1495504280" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/Label=Stable2:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --disable-accelerated-video-decode --channel="1148.11.203268733\655035462" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=pl --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/Label=Stable2:LocalPredictor=Enabled:SideEffectFreeWhitelist=Enabled:MaxConcurrentPrerenders=3:PrerenderPriorityHalfLifeTimeSeconds=30:PrerenderAlwaysControl=Enabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_55/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --disable-accelerated-video-decode --channel="1148.12.1884089399\352791822" /prefetch:673131151
"C:\Users\LENOVO\Downloads\RSITx64.exe" 
C:\windows\system32\wbem\wmiprvse.exe
taskeng.exe {342B5C48-FFD4-4B7D-8DF4-AEA1654C1FC2}
 
======Scheduled tasks folder======
 
C:\windows\tasks\AmiUpdXp.job
C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\RMAutoUpdate.job
C:\windows\tasks\RMSchedule.job
 
=========Mozilla firefox=========
 
ProfilePath - C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\kd9he9xy.default
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.21.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\windows\SysWOW64\npDeployJava1.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282]
"Description"=RealPlayer™ LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0]
"Description"=RealNetworks™ RealDownloader Chrome Background Extension Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0]
"Description"=RealNetworks™ RealDownloader HTML5VideoShim Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0]
"Description"=RealNetworks™ RealDownloader Peppe rFlash Video Shim Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282]
"Description"=RealPlayer Download Plugin
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@realnetworks.com/npdlplugin;version=1]
"Description"=RealDownloader Plugin
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3]
"Description"=DealPlyLive Update
"Path"=C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9]
"Description"=DealPlyLive Update
"Path"=C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
 
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
 
 
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
qone8.xml
 
C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\kd9he9xy.default\extensions\
firefox@lemurleap.info
{e53a26f5-7199-4a5b-86f5-d2e86854b979}
 
======Registry dump======
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1824FF90-C98E-48A6-838F-E3B6572B0C77}]
Better Surf Plus - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll []
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f4b8af81-d6cc-4c27-bbd7-2b22617cdb75}]
Webexp Enhanced - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\ie\WebexpEnhancedV1alpha872.dll [2013-12-19 87552]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-03-30 167960]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-03-30 391704]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-03-30 418840]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-03-28 11786344]
"IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-05-02 1935120]
"OnekeyStudio"=C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [2011-08-14 789920]
"Windows Mobile Device Center"=C:\windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-11-08 1028384]
"ShadowPlay"=C:\windows\system32\nvspcap64.dll [2013-11-08 1064224]
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2013-05-02 802136]
"Spotify Web Helper"=C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2013-12-08 1168896]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-11-06 3673728]
"Autodesk Sync"=C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [2013-02-05 1081224]
 
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2011-01-12 283160]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2013-01-03 295072]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
 
C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Xfire.lnk - C:\Program Files (x86)\Xfire2\Xfire.exe
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll,c:\windows\system32\nvinitx.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2011-03-26 385024]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
 
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
""=
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.XFR1"=xfcodec64.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
 
======File associations======
 
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
 
======List of files/folders created in the last 1 month======
 
2013-12-25 10:57:09 ----D---- C:\rsit
2013-12-25 10:57:09 ----D---- C:\Program Files\trend micro
2013-12-25 10:02:26 ----D---- C:\Program Files (x86)\Microsoft XNA
2013-12-21 17:01:42 ----D---- C:\Program Files (x86)\WebexpEnhancedV1
2013-12-08 17:56:54 ----D---- C:\Users\LENOVO\AppData\Roaming\Carambis
2013-12-08 17:56:48 ----D---- C:\Program Files (x86)\Carambis
2013-12-08 12:37:23 ----D---- C:\ProgramData\FARO
2013-12-08 12:32:41 ----D---- C:\Program Files\Common Files\Macrovision Shared
2013-12-08 12:27:59 ----D---- C:\Program Files\Common Files\Autodesk Shared
2013-12-08 12:27:59 ----D---- C:\Program Files\Autodesk
2013-12-08 12:27:24 ----D---- C:\Program Files (x86)\Autodesk
2013-12-08 12:20:07 ----D---- C:\Users\LENOVO\AppData\Roaming\Autodesk
2013-12-08 12:20:07 ----D---- C:\ProgramData\Autodesk
2013-12-08 11:37:29 ----D---- C:\Users\LENOVO\AppData\Roaming\Xfire
2013-12-08 11:37:06 ----D---- C:\ProgramData\Xfire
2013-12-08 11:37:06 ----D---- C:\Program Files (x86)\Xfire2
2013-12-08 11:31:53 ----D---- C:\Program Files (x86)\Mobogenie
2013-12-06 08:51:21 ----D---- C:\Intel
 
======List of files/folders modified in the last 1 month======
 
2013-12-25 11:09:00 ----D---- C:\windows\Temp
2013-12-25 10:57:09 ----RD---- C:\Program Files
2013-12-25 10:19:55 ----D---- C:\windows\system32\config
2013-12-25 10:15:22 ----D---- C:\windows\System32
2013-12-25 10:15:22 ----D---- C:\windows\inf
2013-12-25 10:15:22 ----A---- C:\windows\system32\PerfStringBackup.INI
2013-12-25 10:11:52 ----A---- C:\windows\SYSWOW64\log.txt
2013-12-25 10:10:46 ----D---- C:\Users\LENOVO\AppData\Roaming\uTorrent
2013-12-25 10:09:28 ----D---- C:\windows\system32\Tasks
2013-12-25 10:09:08 ----D---- C:\Program Files (x86)\PC Tools Registry Mechanic
2013-12-25 10:02:41 ----SHD---- C:\windows\Installer
2013-12-25 10:02:40 ----RSD---- C:\windows\assembly
2013-12-25 10:02:26 ----D---- C:\Program Files (x86)
2013-12-25 10:02:23 ----SHD---- C:\System Volume Information
2013-12-24 19:56:08 ----AD---- C:\ProgramData\Temp
2013-12-24 19:04:00 ----D---- C:\windows\SysWOW64
2013-12-22 20:07:35 ----D---- C:\Filmy
2013-12-22 20:03:04 ----D---- C:\Users\LENOVO\AppData\Roaming\vlc
2013-12-18 15:47:36 ----D---- C:\windows\Tasks
2013-12-18 11:34:12 ----D---- C:\windows\system32\catroot2
2013-12-17 22:34:22 ----D---- C:\Seriale
2013-12-15 22:22:36 ----D---- C:\Program Files (x86)\Google
2013-12-15 12:03:35 ----D---- C:\Gry
2013-12-11 00:51:59 ----D---- C:\Program Files (x86)\BetterSurf
2013-12-08 19:49:43 ----SD---- C:\Users\LENOVO\AppData\Roaming\Microsoft
2013-12-08 18:44:23 ----D---- C:\Users\LENOVO\AppData\Roaming\Spotify
2013-12-08 18:05:16 ----HD---- C:\ProgramData
2013-12-08 17:42:20 ----D---- C:\Windows
2013-12-08 17:38:49 ----D---- C:\Program Files\Google
2013-12-08 17:38:48 ----RSD---- C:\windows\Fonts
2013-12-08 14:52:15 ----D---- C:\windows\winsxs
2013-12-08 14:42:34 ----D---- C:\Program Files (x86)\Steam
2013-12-08 14:39:04 ----D---- C:\windows\system32\DriverStore
2013-12-08 14:39:04 ----D---- C:\windows\system32\catroot
2013-12-08 14:35:49 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-12-08 14:32:13 ----D---- C:\Program Files (x86)\HLSW
2013-12-08 14:31:43 ----D---- C:\Program Files (x86)\GRID 2
2013-12-08 14:24:34 ----D---- C:\Program Files (x86)\Valve
2013-12-08 14:20:21 ----D---- C:\Program Files (x86)\Bridge Project
2013-12-08 14:17:50 ----D---- C:\Program Files (x86)\Common Files
2013-12-08 14:17:47 ----D---- C:\windows\system32\drivers
2013-12-08 14:16:56 ----D---- C:\Program Files (x86)\Age of Empires II HD
2013-12-08 13:40:13 ----D---- C:\Program Files\Common Files
2013-12-08 13:37:29 ----D---- C:\ProgramData\Firefly Studios
2013-12-08 13:37:10 ----D---- C:\Program Files\TeamSpeak 3 Client
2013-12-08 13:34:25 ----D---- C:\Program Files (x86)\O22y Inc
2013-12-08 13:33:32 ----D---- C:\Program Files (x86)\Lenovo
2013-12-08 13:33:11 ----D---- C:\Games
2013-12-08 13:32:32 ----D---- C:\Program Files (x86)\WRC 4 FIA World Rally Championship
2013-12-08 13:32:10 ----D---- C:\ProgramData\eSafe
2013-12-08 12:36:16 ----D---- C:\windows\Microsoft.NET
2013-12-08 12:34:30 ----D---- C:\windows\Downloaded Program Files
2013-12-08 12:24:48 ----D---- C:\windows\Logs
2013-12-08 12:24:42 ----A---- C:\windows\SYSWOW64\PerfStringBackup.INI
2013-12-08 12:23:19 ----D---- C:\windows\SYSWOW64\pl-PL
2013-12-08 12:23:19 ----D---- C:\windows\system32\pl-PL
2013-12-08 12:18:47 ----D---- C:\Users\LENOVO\AppData\Roaming\DAEMON Tools Lite
2013-12-08 11:33:54 ----D---- C:\ProgramData\DatacardService
2013-12-08 11:32:37 ----RD---- C:\Users
2013-12-06 08:20:38 ----D---- C:\Users\LENOVO\AppData\Roaming\.minecraft
2013-12-06 08:10:50 ----D---- C:\windows\system32\LogFiles
2013-12-04 19:38:31 ----D---- C:\Users\LENOVO\AppData\Roaming\calibre
2013-12-04 16:07:57 ----D---- C:\Users\LENOVO\AppData\Roaming\Media Player Classic
2013-12-03 11:09:49 ----SD---- C:\ProgramData\Microsoft
2013-12-01 10:51:04 ----D---- C:\Users\LENOVO\AppData\Roaming\Winamp
 
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R0 HybridDisk;HybridDisk; C:\windows\System32\DRIVERS\HybridDiskX64.sys [2010-03-02 38496]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-12 439320]
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys [2011-08-14 39008]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2013-10-23 32544]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-06 283200]
R1 hybridcfile;hybridcfile; C:\windows\system32\DRIVERS\HybridCFileX64.sys [2010-03-02 13920]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-14 29792]
R3 BthEnum;Sterownik Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BTHUSB;Sterownik USB odbiornika radiowego Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2011-05-13 437288]
R3 btwaudio;Urz¹dzenie dŸwiêkowe Bluetooth; C:\windows\system32\drivers\btwaudio.sys [2011-05-13 150568]
R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2011-05-13 164392]
R3 BTWDPAN;Bluetooth Personal Area Network; C:\windows\system32\DRIVERS\btwdpan.sys [2011-05-13 89640]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2011-05-13 39976]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2011-05-13 21544]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 DelayMan;ACPI DelayMan Filter Service; C:\windows\system32\DRIVERS\delayman.sys [2011-08-14 20064]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-03-26 12262336]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2011-03-29 2819560]
R3 IntcDAud;Intel® Audio dla ekranów; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2010-12-13 174168]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
R3 MEIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 NETwNs64;___ Sterownik karty Intel® Wireless WiFi Link 5000 Series dla systemu Windows 7 64 Bit; C:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\windows\system32\drivers\nvvad64v.sys [2013-09-28 39200]
R3 RFCOMM;Urządzenie Bluetooth (Protokół TDI RFCOMM); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-03-21 1413168]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 ALSysIO;ALSysIO; \??\C:\Users\LENOVO\AppData\Local\Temp\ALSysIO64.sys []
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\windows\System32\Drivers\ssadadb.sys [2013-04-03 38080]
S3 BthPan;Urządzenie Bluetooth (sieć osobista); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Sterownik portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\windows\system32\DRIVERS\ew_hwusbdev.sys []
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\windows\system32\DRIVERS\ew_usbenumfilter.sys []
S3 huawei_cdcacm;huawei_cdcacm; C:\windows\system32\DRIVERS\ew_jucdcacm.sys []
S3 huawei_cdcecm;huawei_cdcecm; C:\windows\system32\DRIVERS\ew_jucdcecm.sys []
S3 huawei_enumerator;huawei_enumerator; C:\windows\system32\DRIVERS\ew_jubusenum.sys []
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\windows\system32\DRIVERS\ew_juextctrl.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 SPUVCbv;SPUVCb Driver Service; C:\windows\System32\Drivers\usbvideo.sys [2010-11-21 184960]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\windows\system32\DRIVERS\ssadbus.sys [2013-04-03 169288]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\windows\system32\DRIVERS\ssadmdfl.sys [2013-04-03 21320]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\windows\system32\DRIVERS\ssadmdm.sys [2013-04-03 188232]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\windows\system32\DRIVERS\ssadserd.sys [2013-04-03 158024]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
 
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2011-05-12 970016]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-05-02 1517328]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-12-16 9216]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-08 15125280]
R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2013-10-23 922912]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-11-08 1914656]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-08-21 794272]
R2 PnkBstrA;PnkBstrA; C:\windows\syswow64\PnkBstrA.exe [2013-07-07 76888]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\windows\system32\svchost.exe [2009-07-14 27136]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-05-02 844560]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\windows\system32\svchost.exe [2009-07-14 27136]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-04-30 104872]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-04-30 123816]
S2 dealplylive;Usługa DealPly Live (dealplylive); C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-10-23 148000]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 136176]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 aspnet_state;„Usługa stanu ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-04-30 51080]
S3 dealplylivem;Usługa DealPly Live (dealplylivem); C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe [2013-10-23 148000]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-12-08 1471352]
S3 gupdatem;Usługa Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-14 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-06 194032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-11 117144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2012-09-08 1255736]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-04-30 142720]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-04-30 142720]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-04-30 142720]
 
-----------------EOF-----------------[/log]

Z góry dziękuję za pomoc ;)

 

Przepraszam za dublowanie tematów ale niestety coś mi nie działa i gdy pisze nowy temat wywala mi błąd a gdy edytuje i klikasz zapisz zmiany to musze to zrobić chyba z 15 razy żeby w końcu je zatwierdziło. Z stąd zdublowane tematy...

Natsuki Kuga
komentarz
komentarz

robiłem to co kazali w intranecie ale nic nie pomogło.

 

Jakie działania wykonywałeś?

 

 

1. Odinstaluj poprzez Dodaj/usuń programy:Better Surf Plus, Search-Results Toolbar, Lollipop

2. Sprawdź w przeglądarkach, czy posiadasz wymienione dodatki, jeśli są, odinstaluj: DealPly Shopping, DealPlyLive, LemurLeap, Webexp Enhanced, ettersurfplus

3. Wykonaj ten skrypt w OTL (instrukcja: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/#entry1683607 ):


:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c..._S0RUNYAB604258
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c..._S0RUNYAB604258
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.c..._S0RUNYAB604258
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.qone8.c..._S0RUNYAB604258
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://start.qone8.c...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms}
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =http://start.qone8.c..._S0RUNYAB604258
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =http://start.qone8.c..._S0RUNYAB604258
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" =http://www2.delta-se...120695&tsp=5007
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" =http://start.qone8.c...q={searchTerms}
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" =http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" =http://websearch.sof...q={searchTerms}
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\xz123@ya456.com: C:\Program Files (x86)\BetterSurf\ff [2013-11-23 01:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\12x3q@3244516.com: C:\Program Files (x86)\Better-Surf\ff [2013-11-25 22:47:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@bettersurfplus.com: C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [2013-12-11 00:52:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha872.net: C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\ff [2013-12-21 17:01:42 | 000,000,000 | ---D | M]
[2013-10-23 17:33:18 | 000,000,000 | ---D | M] (DealPly  Shopping) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Firefox\Profiles\kd9he9xy.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}
[2013-10-23 17:32:45 | 000,000,000 | ---D | M] (LemurLeap) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Firefox\Profiles\kd9he9xy.default\extensions\firefox@lemurleap.info
[2013-12-21 17:01:42 | 000,000,000 | ---D | M] (Webexp Enhanced) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA872\FF
[2013-10-23 17:33:07 | 000,000,665 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qone8.xml
O2 - BHO: (Better Surf Plus) - {1824FF90-C98E-48A6-838F-E3B6572B0C77} - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ie\BetterSrf.dll File not found
O2 - BHO: (Webexp Enhanced) - {f4b8af81-d6cc-4c27-bbd7-2b22617cdb75} - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha872\ie\WebexpEnhancedV1alpha872.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB File not found
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [Power2GoExpress] NA File not found
O20:64bit: - AppInit_DLLs: (c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll c:\windows\system32\nvinitx.dll) -  File not found

:Files
C:\Program Files (x86)\DealPlyLive
C:\Program Files (x86)\BetterSurf
C:\Program Files (x86)\WebexpEnhancedV1
C:\Program Files (x86)\Mobogenie
C:\Users\LENOVO\AppData\Local\Mobogenie
C:\Users\LENOVO\Documents\Mobogenie
C:\Users\LENOVO\AppData\Local\cache
C:\ProgramData\mtbjfghn.xbe
C:\Users\LENOVO\AppData\Roaming\Dealply
c:\program files (x86)\search results toolbar

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E08DC02B-19C2-48C1-8E94-E7C6160AA60A}"=-

:Services
dealplylivem
dealplylive

:Commands
[emptytemp]

Pokaż raport.

4. Użyj AdwCleaner z opcji Usuń. Pokaż raport.

5. Pokaż zestaw nowych logów z OTL + log z Gmer.

Shimek
komentarz
komentarz (edytowane)

Dziękuję za zainteresowanie :)

Nie wstawiłem więcej logów bo niestety nie dałem rady nie wiem dlaczego.

 

przeinstalowywałem:

Wersje 32-bit
Microsoft Visual C++ 2005
Microsoft Visual C++ 2008
Microsoft Visual C++ 2010
Wersje 64-bit
Microsoft Visual C++ 2005
Microsoft Visual C++ 2008
Microsoft Visual C++ 2010

oraz 

- .NET Framework 4
oraz
- XNA Framework Redistributable 4.0

Ale wiem że przy jednym Visualu i Framework były jakieś problemy przy instalacji. 

 

AdwCleaner

[log]# AdwCleaner v3.016 - Log utworzony 29/12/2013 o 10:43:23

# Aktualizacja 23/12/2013 przez Xplode
# System operacyjny : Windows 7 Home Premium Service Pack 1 (64 bits)
# Użytkownik : LENOVO - LENOVO-KOMPUTER
# Ścieżka : C:\Users\LENOVO\Downloads\adwcleaner.exe
# Opcja : Usuń
 
***** [ Usługi ] *****
 
 
***** [ Pliki / Foldery ] *****
 
Folder Usunięto : C:\ProgramData\Babylon
Folder Usunięto : C:\ProgramData\boost_interprocess
Folder Usunięto : C:\ProgramData\continuetosave
Folder Usunięto : C:\ProgramData\DealPlyLive
Folder Usunięto : C:\ProgramData\DSearchLink
Folder Usunięto : C:\ProgramData\eSafe
Folder Usunięto : C:\ProgramData\Partner
Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
Folder Usunięto : C:\Program Files (x86)\Better-Surf
Folder Usunięto : C:\Program Files (x86)\continuetosave
Folder Usunięto : C:\Program Files (x86)\DealPly
Folder Usunięto : C:\Program Files (x86)\MocaFlix
Folder Usunięto : C:\Program Files (x86)\myfree codec
Folder Usunięto : C:\Program Files (x86)\RegClean Pro
Folder Usunięto : C:\Users\LENOVO\AppData\Local\DealPlyLive
Folder Usunięto : C:\Users\LENOVO\AppData\Local\lollipop
Folder Usunięto : C:\Users\LENOVO\AppData\Local\SwvUpdater
Folder Usunięto : C:\Users\LENOVO\AppData\Local\TempDir
Folder Usunięto : C:\Users\LENOVO\AppData\Roaming\iPumper
Folder Usunięto : C:\Users\LENOVO\AppData\Roaming\registry mechanic
Folder Usunięto : C:\Users\LENOVO\AppData\Roaming\Systweak
Folder Usunięto : C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Usunięto : C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Folder Usunięto : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Folder Usunięto : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Usunięto : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdilakifhjjibbminpkkfjhdkichfikn
Plik Usunięto : C:\END
Plik Usunięto : C:\Users\Public\Desktop\RegClean Pro.lnk
Plik Usunięto : C:\windows\System32\roboot64.exe
Plik Usunięto : C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Plik Usunięto : C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\kd9he9xy.default\invalidprefs.js
Plik Usunięto : C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\kd9he9xy.default\user.js
Plik Usunięto : C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Plik Usunięto : C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage
Plik Usunięto : C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www2.delta-search.com_0.localstorage-journal
Plik Usunięto : C:\windows\Tasks\AmiUpdXp.job
Plik Usunięto : C:\windows\System32\Tasks\AmiUpdXp
 
***** [ Skróty ] *****
 
Skrót Wyleczono : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Skrót Wyleczono : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Skrót Wyleczono : C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Skrót Wyleczono : C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Skrót Wyleczono : C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Skrót Wyleczono : C:\Users\LENOVO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Przeglądarka internetowa.lnk
 
***** [ Rejestr ] *****
 
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Klucz Usunięto : HKLM\SOFTWARE\Google\Chrome\Extensions\bdilakifhjjibbminpkkfjhdkichfikn
Klucz Usunięto : HKCU\Software\Classes\Applications\lollipop.exe
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\dealplylive.exe
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Klucz Usunięto : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickCtrl.9
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLive.OneClickProcessLauncherMachine.1.0
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLive.Update3WebControl.3
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoCreateAsync.1.0
Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.coreclass
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreClass.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.CoreMachineClass.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine
Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.credentialdialogmachine.1.0
Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachine
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0
Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback
Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclassmachinefallback.1.0
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.OnDemandCOMClassSvc
Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.ondemandcomclasssvc.1.0
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.ProcessLauncher.1.0
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService
Klucz Usunięto : HKLM\SOFTWARE\Classes\DealPlyLiveUpdate.Update3COMClassService.1.0
Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine
Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachine.1.0
Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback
Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3webmachinefallback.1.0
Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc
Klucz Usunięto : HKLM\SOFTWARE\Classes\dealplyliveupdate.update3websvc.1.0
Klucz Usunięto : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard
Klucz Usunięto : HKLM\SOFTWARE\Classes\iLividIEHelper.DNSGuard.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Prod.cap
Klucz Usunięto : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Klucz Usunięto : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Klucz Usunięto : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Klucz Usunięto : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Klucz Usunięto : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_a8235b05
Klucz Usunięto : HKCU\Software\5e288d0b46dba49
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_league-of-legends_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_dla_league-of-legends_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_n-v2-0-ninja_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_n-v2-0-ninja_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Klucz Usunięto : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{1E0C9B2A-6447-452C-B012-2314A0C29412}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{34A8CEB6-89BB-49F1-B5E4-0D0D6C21F3B1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{3A4DBD3A-98CC-41CE-AD21-352D42B6F754}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{4F8A50F6-69DE-4BE3-A33A-A1079B9AC0DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{501CB57A-D4E2-4855-96AD-EDB0A9083395}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{6FF2C4DD-77A4-4BB5-BA4C-B42DEFBF9137}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{83ABA270-8390-4CA6-AE48-FC089F55629E}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{8B218A5F-1A3D-4347-94EF-A79575EB8094}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{C536F080-57B7-46D6-8894-C647553F2889}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{FFCC53E6-2655-47FC-A89B-54E8D7F305D1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{0113A098-06EA-4776-A011-D75590778F1E}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E9CE065-B861-B574-E5A2-1535A6FAD97F}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Klucz Usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{462862BE-9A5C-49A5-9CBD-A649EAC63645}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Klucz Usunięto : HKCU\Software\BabSolution
Klucz Usunięto : HKCU\Software\DataMngr
[#] Klucz Usunięto : HKCU\Software\DataMngr_Toolbar
Klucz Usunięto : HKCU\Software\DealPly
Klucz Usunięto : HKCU\Software\DealPlyLive
Klucz Usunięto : HKCU\Software\Escolade
Klucz Usunięto : HKCU\Software\ilivid
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKCU\Software\lollipop
Klucz Usunięto : HKCU\Software\Myfree Codec
Klucz Usunięto : HKCU\Software\Softonic
Klucz Usunięto : HKCU\Software\systweak
Klucz Usunięto : HKCU\Software\AppDataLow\SProtector
Klucz Usunięto : HKLM\Software\DataMngr
Klucz Usunięto : HKLM\Software\DealPly
Klucz Usunięto : HKLM\Software\DealPlyLive
Klucz Usunięto : HKLM\Software\Myfree Codec
Klucz Usunięto : HKLM\Software\qone8Software
Klucz Usunięto : HKLM\Software\SP Global
Klucz Usunięto : HKLM\Software\SProtector
Klucz Usunięto : HKLM\Software\systweak
Klucz Usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Klucz Usunięto : [x64] HKLM\SOFTWARE\DataMngr
 
***** [ Przeglądarki internetowe ] *****
 
-\\ Internet Explorer v9.0.8112.16470
 
 
-\\ Mozilla Firefox v21.0 (pl)
 
[ Plik : C:\Users\LENOVO\AppData\Roaming\Mozilla\Firefox\Profiles\kd9he9xy.default\prefs.js ]
 
Wpis usunięty : user_pref("aol_toolbar.default.homepage.check", false);
Wpis usunięty : user_pref("aol_toolbar.default.search.check", false);
Wpis usunięty : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Wpis usunięty : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Wpis usunięty : user_pref("extensions.delta.admin", false);
Wpis usunięty : user_pref("extensions.delta.aflt", "babsst");
Wpis usunięty : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Wpis usunięty : user_pref("extensions.delta.autoRvrt", "false");
Wpis usunięty : user_pref("extensions.delta.dfltLng", "en");
Wpis usunięty : user_pref("extensions.delta.excTlbr", false);
Wpis usunięty : user_pref("extensions.delta.ffxUnstlRst", true);
Wpis usunięty : user_pref("extensions.delta.id", "54f90af8000000000000402cf452c667");
Wpis usunięty : user_pref("extensions.delta.instlDay", "15964");
Wpis usunięty : user_pref("extensions.delta.instlRef", "sst");
Wpis usunięty : user_pref("extensions.delta.newTab", false);
Wpis usunięty : user_pref("extensions.delta.prdct", "delta");
Wpis usunięty : user_pref("extensions.delta.prtnrId", "delta");
Wpis usunięty : user_pref("extensions.delta.rvrt", "false");
Wpis usunięty : user_pref("extensions.delta.smplGrp", "none");
Wpis usunięty : user_pref("extensions.delta.tlbrId", "base");
Wpis usunięty : user_pref("extensions.delta.tlbrSrchUrl", "");
Wpis usunięty : user_pref("extensions.delta.vrsn", "1.8.24.6");
Wpis usunięty : user_pref("extensions.delta.vrsnTs", "1.8.24.623:04:24");
Wpis usunięty : user_pref("extensions.delta.vrsni", "1.8.24.6");
Wpis usunięty : user_pref("extensions.delta_i.babExt", "");
Wpis usunięty : user_pref("extensions.delta_i.babTrack", "affID=120695&tsp=5007");
Wpis usunięty : user_pref("extensions.delta_i.srcExt", "ss");
Wpis usunięty : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Wpis usunięty : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Wpis usunięty : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Wpis usunięty : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Wpis usunięty : user_pref("sweetim.toolbar.searchguard.enable", "");
 
-\\ Google Chrome v31.0.1650.63
 
[ Plik : C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ Plik : C:\Users\Gość\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [23602 octets] - [29/12/2013 10:38:32]
AdwCleaner[S0].txt - [21083 octets] - [29/12/2013 10:43:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21144 octets] ##########
 

[/log]

 

OTL

[log]OTL Extras logfile created on: 2013-12-29 12:20:08 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LENOVO\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,95 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 45,69% Memory free
7,89 Gb Paging File | 5,49 Gb Available in Paging File | 69,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,20 Gb Total Space | 82,23 Gb Free Space | 12,02% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 26,11 Gb Free Space | 89,14% Space Free | Partition Type: NTFS
Drive F: | 5,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 1,84 Gb Total Space | 1,20 Gb Free Space | 65,16% Space Free | Partition Type: FAT
 
Computer Name: LENOVO-KOMPUTER | User Name: LENOVO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00284394-2116-4149-BB35-2CF5B9BA8CF0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{015E5DC5-50C2-477B-B905-593FED13FEB1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{01609325-7311-4A00-BD86-B534D5FC2305}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{05AB83EB-106E-4EFF-868A-5AAED1E9D2A4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{074DBF41-6A20-4F0D-AEE2-AF5AA2D48773}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{08AB2D4A-E1E4-4C4D-B70C-F767DC3E160E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{0C02F7C2-8898-426C-B1A0-C5270FA52C93}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{0D0E1ABC-C63E-4300-89FE-A396F55BFD07}" = lport=137 | protocol=17 | dir=in | app=system | 
"{0EA7551E-791E-4799-AAED-40FA925A0A5A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{0FA1652D-EA08-487A-83C3-71A9789B6D51}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{1132620B-DC85-483C-BB0C-757D652640B3}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{13D95EE3-7292-42EE-90EB-117EAE0A059B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{144321A8-AFDE-4759-A1A1-9E7576414BA4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{16421530-85BD-4F7B-8966-C0904A62F71D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{183988D9-8B39-4428-B7FC-BEF0B7B92920}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{1DAA1024-5FD2-4DF3-B033-8B107DDE30F6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{20CD04E5-8C83-4F30-A393-4C7CBF16F9F0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{22839C91-349E-48FA-93B1-F2FCD79A4C2F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{247D7930-E24E-4B12-82E9-53646FAAA258}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{27CEA744-5515-4E5D-A040-1E10385E0E94}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{280883F2-7D9B-4CDC-9538-CBAAC44527CE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{2D5B442F-F175-4DB0-A87D-4595BAA16E31}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{2E3B9F3F-FE32-4F5B-A504-0F54CBE74549}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{31F61F4D-5A00-4D03-9A50-53FE793BCB91}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service | 
"{3540B676-94B2-436F-A328-6D6BFA31BED4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{3B5A7193-9809-4607-92A1-1CEFA8974780}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{4287E584-6B9C-4A2C-99EE-2EE8F5C29188}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{45FCE0AF-EE5C-4D16-9760-7A0A60043E44}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{4653F749-669C-4DC6-8736-936CFDF16C34}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{48136FDB-FB28-4DD4-96C0-F6282D01300F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4D003921-65D9-45F7-B951-E521ED614E6C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{4E43BFE1-B5A3-47F7-BA9E-075B87DFBDEF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{4F539E57-23A5-4AF4-951A-F62F6BC9E587}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{506C2E0E-16C3-41EF-BB76-BF078046CEDE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{5172EA81-FD00-42A6-8D30-A714BE3133A8}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{554F8E52-C483-4FA6-8A04-77CB2A2FFD57}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{576234EA-1F18-4784-B09B-422628E3F037}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{5CF89D47-BF0B-458F-8912-E84963FB2DAC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{604B00FA-4961-4BA1-A89E-75DC936F6ABC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{61BD374A-8DA2-4988-8AB3-C85451F3C542}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{639E2D5E-F77B-43B3-87A1-1B31998B6B94}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{65F96DE0-574E-4B96-ACC3-97E2A2E630E4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{66A21133-F135-4367-8250-06559E4A041E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{6C1298ED-6617-42F9-BC6B-EA2C7975DD22}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{71B48B80-1EBB-4E11-A0C8-979CBD106113}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{73EF1FDF-56BC-498C-9746-B294F821A43C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{76044B5F-73EA-4F94-8EF1-B75335ED96EB}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{79AFAD96-388F-49AE-A99B-1E4F2835E57F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7CC6E6AB-7133-4D91-9C89-146E51FBB371}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7CCA8B86-4CD8-4767-8D6B-1A35423D46F0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{7E28139E-0ADE-4191-9E2E-17A325010FC2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{858303E6-E258-41E7-B9BD-EED388AF58F9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8608DD88-D79C-4A4B-BC42-ECCBC8F948B4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{867C26E7-884A-4B45-A8B5-CCDFE3B16763}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{86A5B6D2-3757-4827-803E-8888E2E1C08B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{876434D2-B4D6-4EAE-8323-5F74DB7EEE71}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{87E5BC75-74DA-48AF-92B7-38DF84AA4094}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{89C631A9-2324-429D-A85D-10B938EDAB74}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8A3C14D9-595D-4312-A3E8-1C173963F74A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8B004AA5-2712-4F63-83DF-17DFE06C176E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{8E8987E3-5476-4BD6-B3DA-ED5718B5850D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{912D528E-CDC0-4417-9BA6-B4E5B65B294A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{9274D888-2035-48B4-A5F6-2EFA737B6904}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{93F86853-FC62-4E6D-B0DB-3CFFFD38A9AA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{943FFEE9-C40F-4CB4-A902-9DC255CB8534}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{9503F94A-6FE1-44D3-8905-C314556B57CC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{965882FD-D2CF-49B6-AB4F-8F853A2936E5}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{96FA16BB-A150-4497-BE63-232CB12AA369}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{9715BCA0-CDCA-4B10-B4BD-C32FD4039B90}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9797DF38-4960-43BC-BFF1-F6071CB23E33}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9869D7A2-0327-4217-B36C-1A3052E91209}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{AA974880-E81C-4766-B83C-9DE7A10694F1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{AABE4538-9A09-498F-8B5E-6837C9DF2E9E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{AB4CB067-8A3D-4846-82F0-167E5BF32340}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B15A3BE8-BB85-47D5-9810-BABB825E8EE7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B21C54DC-3F0A-44AB-ADB7-7E3D3F27153D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B2B1589C-BF5C-4275-9341-29369DB7C0EA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B3EA4841-6A2E-45CB-AC9A-4C5149C53136}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B50AF6D4-43E5-4F86-AEF0-A91A136F336C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B761C800-2629-4B66-85AA-FB20ECEBCE03}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{B76BE707-0A26-42B0-978B-4FEB39B4DAD9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{BA654490-A946-48F2-8333-AF8CD96A8649}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C0213AEB-E58A-4FB3-8B01-A405DB4036F8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C8C2AAA5-8353-4AC3-8951-9E47E218C4A4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C9E94E0E-0068-4AEF-B378-A1225C1E06F6}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{CA448C3C-647D-4D82-A3DD-57CB22853178}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{CB14571B-B445-4F5A-924F-3435FAFF02D3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CB3C92CF-C905-4E04-939C-FEF136CA30D3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CB96D694-20AB-4EE4-A5D5-0D7DFA76200B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{CBB1E01D-D692-434F-AEA3-B1065D82D23D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CC11EEBD-F0E9-43C3-B787-7DCFCA0EF60C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{CE649C20-A7C4-418D-9080-74990C500A0C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{CF87B366-A025-4873-A369-86C561B5FDEC}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{CFB13FC5-287F-4D9D-A7CF-9D2DB6456F95}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{D347674C-5A5B-495F-BA4A-04CB3462232C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D3828CAF-C145-43E7-868D-0A75E2969C27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D57BF949-AE76-40B5-9484-369E0A7FAE9F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{DDAB8F5C-B2E2-4F73-902B-C173D5A25187}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{DDB1E0FC-12A4-42AB-8A54-9A2CEE7EB00A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E0B163F4-EA2B-488B-8784-BF5364A39CC8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E12AFDC4-D861-4383-9B9B-B1DEF5A21E63}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E60FE32E-2F06-4604-8CD6-63E50DEBC7D1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{E669D472-2764-4616-843F-F2B9389154BF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E739A004-0345-4610-A08F-DC5F4A72D50B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E76D0ED4-2F99-46FF-93BD-92B56E1EE9F4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{EAA95423-383A-41C3-B7B1-AAAFDB0E2D20}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{EB7F0179-80D7-4E83-A7EE-882D1380DAEC}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EBA68078-EBD1-4405-BE3C-5DCF67A74080}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{EBDAF1F6-AD79-4723-9BE5-00BE64A13FFF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{EC0B0327-457B-4755-BB7E-6FFEB9FB149A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{ECB547D9-ABF8-4351-B5CA-E56081CC8F20}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{ECB87683-4BD0-45F0-80D6-54D09041E7AB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{F6CDAF9F-7D6F-4F26-9023-8A5BCF85A2E8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{F72F6D7D-7702-486B-AC84-EA5A222B1628}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{F790E314-FF3E-479B-B9ED-E0507EE9564A}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{F87B333A-CEC1-4E67-88E6-717BF831AD1B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{FA206C15-30DB-4529-B26E-D71AA749D3A3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB37109D-772D-44D0-ABE4-83F675DEF834}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{FB5A1A88-8DBC-40C0-B916-B0446F28236C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{FBEAF515-083C-44F0-8C15-58625D8B22EA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0236D2F0-6D40-4128-A3D7-47E034C15A70}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{07749E15-EBC1-431D-969E-22CF277557AD}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\backgammon.exe | 
"{09087FA3-5B42-49E2-8B67-2BFC15EA7365}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{0D4807B4-DB09-47A7-AD6B-CC7389CF67A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0DC91BAD-B173-4529-919D-ADFD360D1CBB}" = dir=in | app=en_conquer2.0_5672_p2p.exe | 
"{0E6A9C3B-76C8-4026-AE57-B51C9EBAED2A}" = protocol=6 | dir=out | app=system | 
"{11FA61C2-D568-4BE8-A7C7-D095A497BCBD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{150F8C5C-8B6C-4F08-AF7B-3A9FC93A690E}" = protocol=6 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | 
"{1EAAA9FA-02AA-4C94-B8B0-EB1B7D4A75FF}" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe | 
"{1FCC02C6-F754-4B24-BB49-42D97A0E9206}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe | 
"{2AE31A33-F389-46EC-BEED-5185B5A91A3A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2B61A2C8-94EF-4662-8185-F7C0CF49B80C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{2EBE009E-72DA-448C-A66E-2EC2B93A1048}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2F6634D1-6564-4E45-8315-A0B199D82399}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{2FCE2662-3ED3-476C-8AC5-6D397E5EB7CB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{314529B9-794B-4E0F-8274-3854EF161A15}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{3223B7E9-E198-4FC4-854C-1D1A17CFCC45}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{33CA2EAC-AFF5-4986-9337-6FD52A135A53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{341D414B-6419-4715-85BF-96E69070C9BE}" = protocol=6 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | 
"{3604235A-FD4D-42AB-9899-0BE9FE7D31C8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3F2CA85C-B710-417B-A8E2-FD145E80EC69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3FF5B906-2C86-4570-A7D4-56E792D3949F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4270301A-647D-4E4D-BB31-3C0DC4969E4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4692770B-E033-4D5E-8462-A8FC45C05DDA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{46C72F9F-517B-4941-8618-9DD8AF17285C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{46FBA5CB-FE67-4858-9871-11C8C66F2488}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\checkers.exe | 
"{47BDB793-C6B1-462C-BF3B-554FC51F7B1F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{47DA8A68-CF15-4170-91BC-6C6AAB9BCEDE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{50F3C4D2-DD29-4F09-82D3-1D9A0D9B5E38}" = protocol=6 | dir=in | app=c:\users\lenovo\desktop\wurmclient.jnlp | 
"{51001564-9174-4F47-B9D7-9EF825CCA686}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{543EC40F-2251-40F0-AC42-0B954E581C16}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{5777879E-3C04-4DD4-AD12-4EE5CF00797F}" = protocol=6 | dir=in | app=c:\users\lenovo\downloads\leagueoflegends (1).exe | 
"{5B7643FE-C568-4D71-B9C9-DD884CCD090C}" = protocol=17 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | 
"{5F20E8F7-3C82-4435-822C-36642980F570}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{60177FEF-4981-4DB6-823E-452DFE688882}" = protocol=17 | dir=in | app=c:\program files (x86)\gameshadow\gameshadow.exe | 
"{61C9B95C-BD6A-43E9-910B-DF4A3D8EA3E3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{65B7588A-B2C7-4EE6-83AC-25A73A47A217}" = protocol=6 | dir=in | app=c:\program files (x86)\gameshadow\gsdownload.exe | 
"{68EC2B4F-5786-404A-8A7D-074C62F77541}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\seabattle.exe | 
"{6F8A3786-B3EA-4ECA-93B1-484D20DA4E0E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6FA5A6E4-2F6C-4B17-8C05-5DA66BC9CF7A}" = protocol=17 | dir=in | app=c:\users\lenovo\appdata\roaming\spotify\spotify.exe | 
"{709906C2-BE20-4A53-BD72-32AFF4E3B75C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{72894430-DD36-4AC5-BF73-927F26AE98E0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{72F22D0F-47E1-4F34-AC5C-BA86CD24DAEB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{79DA61A5-D08D-468C-8115-60073C7CA22C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7BA53642-DB52-4C37-8AE1-D14DBD45777D}" = dir=in | app=c:\users\lenovo\documents\the war z\infestation.exe | 
"{7CF3CCAF-9B42-4911-9ABF-C04965CC14C3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{816699FB-6D9C-4EC0-9FB7-584989A28E80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{832FEB0B-703D-4FF3-B2FE-F8E0B1DEC0DE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{86949F07-CA66-4B5C-827B-D2B0EB3E9E82}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{90DC654D-E98C-4C59-A870-49D5139D700A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{93D8D874-ACA4-48CC-BF68-143F92E5608A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{944C1815-88E5-4143-ADD9-84145A92E49C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{99CC8BC0-5C1D-4ED0-91C4-37698F2F11E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B75429B-676D-437D-8B5C-D0000C2DA97D}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\easychat.exe | 
"{9E20D3AC-47F4-4ECB-BB52-1DECAEFBDD78}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{9E76E761-B500-4C50-8A66-F25B9BDD8E9F}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\dirt 3\dirt3_game.exe | 
"{A3EA0028-9016-46B4-A8AE-C355CF0407A7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A3FF718A-2168-4C2E-969C-46971B888618}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A853715F-E5B9-4C88-9307-E732C39EA4E9}" = protocol=17 | dir=in | app=c:\users\lenovo\desktop\wurmclient.jnlp | 
"{AE5209E6-2A24-40E3-9A76-5F1F905B502B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B02508A6-1CEB-41B0-9B8D-7E96C2A78F13}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{B3E6D370-54F6-40D6-98BA-3D89D71AD74A}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\tictactoe.exe | 
"{B9D691E2-A07E-44EE-AB47-405BD25867A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BAA0AC06-A2AC-42CB-AAFF-49661DF08D14}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BB485344-D3A6-4029-B0A3-CA8930EEDDAF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C0F3113E-AE20-4C84-AC9B-A7286F6A22C5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C624451E-5DCB-40C4-815B-AEDF7E314F85}" = protocol=17 | dir=in | app=c:\program files (x86)\gameshadow\gsdownload.exe | 
"{CC2751C3-5CF6-4F87-9358-694267571473}" = dir=in | app=c:\program files\lenovo\bluetooth software\easybits games\chess.exe | 
"{D20EE982-9D73-4101-823E-AEF2BC1C1456}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D2115566-301E-405D-ADDB-EED6FB6B7DA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D871BE7D-5CA8-4CE3-8A37-50C7609660B3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{DE49FCFC-4DC4-4EF9-923A-3A20CA15458F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{E1D7AA0C-4C60-45E1-8FB0-3B8F97D672BF}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | 
"{E40692C0-2544-43E0-B5C1-B505C1507E77}" = protocol=6 | dir=in | app=c:\program files (x86)\gameshadow\gameshadow.exe | 
"{EA1F64C2-8D25-439D-9706-F1C6FF0D664A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{ED655BCC-BF1C-4995-891B-A7CA0E2764A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{EE0CF172-8D20-47F9-A1B6-8E2870FDBE40}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F31E212D-3FE4-47EF-8FC0-7EE6BA26E3FC}" = protocol=17 | dir=in | app=c:\users\lenovo\downloads\leagueoflegends (1).exe | 
"{F78BCE7A-2BA6-4F63-A16F-F545B44DF7AD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{FA749B5E-722F-4FF6-8E09-B2281368313B}" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\launcher.exe | 
"{FE51F0E4-4DBE-464B-98FA-2230363C1E2B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{10C9A020-2F34-4484-B30A-14FE28F801D2}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
"TCP Query User{1F52B65F-D708-4C5C-881B-256C70001007}C:\program files (x86)\xfire2\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe | 
"TCP Query User{3FAE5A84-012A-4C39-9084-64356C4AD1E5}C:\program files (x86)\warthunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warthunder\aces.exe | 
"TCP Query User{4B51905D-FD8C-40A5-8653-DF9E9C23F675}C:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe" = protocol=6 | dir=in | app=c:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe | 
"TCP Query User{53740572-F87D-4CEB-B5C5-B5A229E82EC3}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
"TCP Query User{56C97260-924D-49A4-8C61-D881679E621E}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{58F3D8DE-BD77-4A24-B2F7-AED72C670861}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"TCP Query User{6055B389-B673-4EC9-8747-4CAB6C9AF35D}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"TCP Query User{70E77753-182D-4AB3-8E37-6C971101C4F7}C:\program files (x86)\payday 2\payday2_win32_release.exe" = protocol=6 | dir=in | app=c:\program files (x86)\payday 2\payday2_win32_release.exe | 
"TCP Query User{7A6F41C2-53C0-43F2-A510-FD7AEC7CB812}C:\games\panzar\start.exe" = protocol=6 | dir=in | app=c:\games\panzar\start.exe | 
"TCP Query User{92ACB85B-21A1-43AF-BFCA-94EFB257EE1D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{A4E5788C-0DF2-4CC2-A5D1-4251921C32CE}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{B84A213E-FFBD-46CA-9427-76E36AE9F853}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{BAE7D4A4-D742-451A-8084-842B3B1B3030}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=6 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe | 
"TCP Query User{CF2325C4-D324-4B57-9A2B-B413B4B69331}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{0E576E0A-C59C-496A-ADA0-445B5CA81EDC}C:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe" = protocol=17 | dir=in | app=c:\users\lenovo\downloads\en_conquer2.0_5672_p2p.exe | 
"UDP Query User{491DBB90-9D2A-4DAE-8E6A-9307D3FED337}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe | 
"UDP Query User{5B630CB1-4E4E-4C07-B07C-5CC62628FC6E}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
"UDP Query User{5F825AF1-3788-49C5-B924-B66095259CE0}C:\program files (x86)\farcry 3\bin\farcry3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\farcry 3\bin\farcry3.exe | 
"UDP Query User{615A6871-23B9-4057-98AC-F4EBE0D37A46}C:\program files (x86)\warthunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warthunder\aces.exe | 
"UDP Query User{6188F97A-A74E-4FCB-81EF-18EFFD1FB05B}C:\program files (x86)\payday 2\payday2_win32_release.exe" = protocol=17 | dir=in | app=c:\program files (x86)\payday 2\payday2_win32_release.exe | 
"UDP Query User{7521A588-CD8D-47AE-B586-1919AD3FEB6C}C:\program files (x86)\milestone\motogp13\motogp13.exe" = protocol=17 | dir=in | app=c:\program files (x86)\milestone\motogp13\motogp13.exe | 
"UDP Query User{9810CA24-F82D-4D7F-9B9B-B7F78802F7FF}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{A3759242-E424-4F85-AEF8-914878F57EB8}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{BEF32B76-B9CD-49DD-9760-56D027630C4A}C:\program files (x86)\xfire2\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire2\xfire.exe | 
"UDP Query User{E3175780-AA0B-4A12-A0B7-FB23019B6BDB}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{EE9969C7-5005-4EFC-B74C-66FF538FF797}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\planetside 2\planetside2.exe | 
"UDP Query User{F24270A3-604C-48B8-B33B-5CF6693DE566}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{F7416C9C-BF49-4F50-A91C-16532D0D092C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{FF0B1C03-70E2-45E5-99D9-6E6655B41882}C:\games\panzar\start.exe" = protocol=17 | dir=in | app=c:\games\panzar\start.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{31ABA3F2-0000-1033-0102-111D43815377}" = Autodesk ReCap
"{31ABA3F2-0010-1033-0102-111D43815377}" = Autodesk ReCap Language Pack-English
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Oprogramowanie Intel(R) PROSet/Wireless WiFi
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}" = Autodesk 360
"{5783F2D7-D001-0000-0102-0060B0CE6BBA}" = AutoCAD 2014 - English
"{5783F2D7-D001-0409-1102-0060B0CE6BBA}" = AutoCAD 2014 Language Pack - English
"{5783F2D7-D001-0409-2102-0060B0CE6BBA}" = AutoCAD 2014 - English
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum obsługi urządzeń z systemem Windows Mobile
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{7811654C-9701-4347-B9DD-7DDB6B47F56A}" = STATISTICA PL 10 (64-bit)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0415-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Polish) 2007
"{90140000-006D-0415-1000-0000000FF1CE}" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 RC
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Sterownik kontrolera 3D Vision 331.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E1A1B8F4-DB8E-4999-AB0E-CE929A040CDB}" = calibre 64bit
"{E6F5B546-C708-3CB3-953D-20AA7C6DD48C}" = Microsoft .NET Framework 4.5 RC
"{F3C66EC8-2F33-452D-9CFF-E8C886B3ECC4}" = SRS Control Panel
"AutoCAD 2014 - English" = Autodesk AutoCAD 2014 - English
"Autodesk ReCap" = Autodesk ReCap
"CCleaner" = CCleaner
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"GIMP-2_is1" = GIMP 2.8.6
"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.3.0 (64-bit)
"Lenovo R.I.C. (Robust Intelligent Companion)" = Lenovo R.I.C. (Robust Intelligent Companion)
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{263CB489-274B-4312-B931-0039A7A4443C}" = Unified Remote
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216045FF}" = Java(TM) 6 Update 45
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{387A7BC7-577B-4FC9-8337-4DB8F7D34E55}" = MotoGP(TM)13
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{43ADAE00-A4ED-4379-A76D-A1FF5D9D334A}_is1" = Xfire 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4B784CE7-7CDB-4AF1-B636-2DC3EA51EA87}" = MotoGP(TM)13
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4FF82163-423A-43CE-898D-3B60D19A5E8F}_is1" = Panzar
"{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644E9589-F73A-49A4-AC61-A953B9DE5669}" = SketchUp Import for AutoCAD 2014
"{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C1804BC-094F-431A-BEA5-37A837958029}" = Rome - Total War - Alexander
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2007
"{90120000-0015-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2007
"{90120000-0019-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2007
"{90120000-001A-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_ENTERPRISE_{9CC96D78-9E1D-46E0-AF4D-3EB440CD4619}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0415-1000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2007
"{90120000-0044-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_ENTERPRISE_{0C8AB602-A234-45AB-B355-4C863C1D2FA8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2007
"{90120000-00BA-0415-0000-0000000FF1CE}_ENTERPRISE_{01CC3B2D-70DB-49DC-839A-A923D2A39EA4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0415-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Polski
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DEBE760-F2D0-11DD-6784-0195548618BE}" = GameShadow V3.1
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B810D852-DFD6-FC3-89A5-CC4D47756DAF}_is1" = FarCry 3 version 5.1
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version 1.0
"{BEBC66FC-1EF2-4823-B212-3EAB99161098}_is1" = Knight Elite
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C070121A-C8C5-4D52-9A7D-D240631BD433}" = Autodesk App Manager
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"{DCB46B42-723F-350E-B18A-449BC6C21636}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.269
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F732FEDA-7713-4428-934B-EF83B8DD65D0}" = Autodesk Featured Apps
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Autodesk Content Service" = Autodesk Content Service
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dll-Files Fixer_is1" = Dll-Files Fixer
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer wersja 2.7.72.2024
"Driver Updater" = Carambis Driver Updater
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Google Chrome" = Google Chrome
"Hitman Absolution_is1" = Hitman Absolution
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{62952508-8C6F-4D31-9802-099FC67B41C3}" = I Am Alive
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}" = Onekey Theater
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.3.0
"LastFM_is1" = Last.fm Scrobbler 2.1.36
"Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC_is1" = Mafia 2.Digital Deluxe.v 1.0.0.1u5 + 8 DLC
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.75.0.1300
"Maxima-5.28.0-2_is1" = Maxima 5.28.0-2
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.7.8
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox 21.0 (x86 pl)" = Mozilla Firefox 21.0 (x86 pl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3 Knife_is1" = Mp3 Knife 3.4
"NapiProjekt_is1" = NapiProjekt (2.1.0.2287)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"Office14.Click2Run" = Moduł Szybka instalacja pakietu Microsoft Office 2010
"OpenAL" = OpenAL
"Pajączek 5 NxG STD_is1" = Pajączek 5 NxG STD - Deinstalacja
"PAYDAY 2_is1" = PAYDAY 2
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"PunkBusterSvc" = PunkBuster Services
"Q2FsbG9mSnVhcmV6R3Vuc2xpbmdlcg==_is1" = Call of Juarez Gunslinger (c) Ubisoft version 1
"RealPlayer 16.0" = RealPlayer
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"Spotydl_is1" = Spotydl 0.9.32.0
"State of Decay_R.G. Mechanics_is1" = State of Decay
"Steam App 218230" = PlanetSide 2
"Steam App 42910" = Magicka
"Steam App 550" = Left 4 Dead 2
"TmNationsForever_is1" = TmNationsForever
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
"Webexp Enhanced" = Webexp Enhanced
"Winamp" = Winamp
"WinLiveSuite" = Podstawowe programy Windows Live
"XfireCodec" = Xfire Codec (remove only)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"Wurm Online" = Wurm Online
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2013-12-27 04:26:27 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 2013-12-27 15:22:32 | Computer Name = LENOVO-Komputer | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 2013-12-27 15:22:34 | Computer Name = LENOVO-Komputer | Source = MsiInstaller | ID = 11500
Description = 
 
Error - 2013-12-28 03:56:35 | Computer Name = LENOVO-Komputer | Source = Application Hang | ID = 1002
Description = Program javaw.exe w wersji 6.0.450.6 zatrzymał interakcję z systemem
 Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
 dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
 akcji.    Identyfikator procesu: 250c    Godzina rozpoczęcia: 01cf03a1f85979ad    Godzina zakończenia:
 109    Ścieżka aplikacji: C:\Program Files (x86)\Java\jre6\bin\javaw.exe    Identyfikator
 raportu: 8fef247e-6f95-11e3-8a94-402cf452c667  
 
Error - 2013-12-29 05:30:20 | Computer Name = LENOVO-Komputer | Source = WinMgmt | ID = 10
Description = 
 
Error - 2013-12-29 05:30:38 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 2013-12-29 05:30:38 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 2013-12-29 05:46:52 | Computer Name = LENOVO-Komputer | Source = WinMgmt | ID = 10
Description = 
 
Error - 2013-12-29 05:47:05 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073
Description = 
 
Error - 2013-12-29 05:47:05 | Computer Name = LENOVO-Komputer | Source = NvStreamSvc | ID = 131073
Description = 
 
[ OSession Events ]
Error - 2013-02-25 07:00:14 | Computer Name = LENOVO-Komputer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 170376
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 2013-12-27 15:21:05 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2.
 
Error - 2013-12-27 15:21:05 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2.
 
Error - 2013-12-27 15:21:06 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2.
 
Error - 2013-12-27 15:21:06 | Computer Name = LENOVO-Komputer | Source = Disk | ID = 262155
Description = Sterownik wykrył błąd kontrolera na \Device\Harddisk2\DR2.
 
Error - 2013-12-27 18:40:07 | Computer Name = LENOVO-Komputer | Source = DCOM | ID = 10010
Description = 
 
Error - 2013-12-29 05:25:30 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7034
Description = Usługa Adobe Acrobat Update Service niespodziewanie zakończyła pracę.
 Wystąpiło to razy: 1.
 
Error - 2013-12-29 05:30:20 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Windows Image Acquisition (WIA) zależy od usługi Wykrywanie
 sprzętu powłoki, której nie można uruchomić z powodu następującego błędu:   %%1058
 
Error - 2013-12-29 05:46:11 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7009
Description = Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się
 z usługą Autodesk Content Service.
 
Error - 2013-12-29 05:46:11 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Autodesk Content Service z powodu następującego
 błędu:   %%1053
 
Error - 2013-12-29 05:46:51 | Computer Name = LENOVO-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Windows Image Acquisition (WIA) zależy od usługi Wykrywanie
 sprzętu powłoki, której nie można uruchomić z powodu następującego błędu:   %%1058
 
 
< End of report >
 

[/log]

[log]OTL logfile created on: 2013-12-29 12:20:08 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LENOVO\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,95 Gb Total Physical Memory | 1,80 Gb Available Physical Memory | 45,69% Memory free
7,89 Gb Paging File | 5,49 Gb Available in Paging File | 69,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684,20 Gb Total Space | 82,23 Gb Free Space | 12,02% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 26,11 Gb Free Space | 89,14% Space Free | Partition Type: NTFS
Drive F: | 5,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 1,84 Gb Total Space | 1,20 Gb Free Space | 65,16% Space Free | Partition Type: FAT
 
Computer Name: LENOVO-KOMPUTER | User Name: LENOVO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013-12-25 10:35:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LENOVO\Downloads\OTL.exe
PRC - [2013-12-08 18:08:07 | 001,168,896 | ---- | M] (Spotify Ltd) -- C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013-12-04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013-11-15 09:56:36 | 004,881,624 | ---- | M] (Xfire Inc.) -- C:\Program Files (x86)\Xfire2\Xfire.exe
PRC - [2013-11-08 21:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013-11-08 21:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013-07-07 16:22:50 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013-05-02 09:23:20 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2013-04-04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013-01-03 13:05:36 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012-11-29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2011-10-25 13:44:42 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011-10-25 13:44:42 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011-10-01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011-10-01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011-08-14 22:24:10 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
PRC - [2011-01-29 00:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2011-01-12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011-01-12 19:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010-12-21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-12-21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013-12-04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013-12-04 03:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013-12-04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013-12-04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013-12-04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013-12-04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013-02-13 12:36:16 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013-01-10 18:29:08 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll
MOD - [2013-01-10 18:29:08 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll
MOD - [2013-01-10 09:37:06 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013-01-10 09:36:42 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013-01-10 09:36:33 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013-01-10 09:36:29 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013-01-10 09:36:26 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013-01-10 09:36:26 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013-01-10 09:36:20 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011-08-14 22:24:10 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
MOD - [2011-08-14 13:30:04 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pl_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011-02-16 18:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
MOD - [2011-02-16 18:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
MOD - [2010-11-13 03:37:37 | 000,311,296 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013-12-08 12:32:42 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2013-11-08 21:47:21 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2011-05-12 17:01:46 | 000,970,016 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011-05-02 15:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011-05-02 15:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011-05-02 15:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010-09-22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009-07-14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013-12-16 18:51:22 | 000,009,216 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2013-11-08 21:45:42 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-07-07 16:22:50 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013-05-11 23:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-05-10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013-04-04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-02-28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-12-13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2012-11-29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012-11-19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-04-30 17:17:38 | 000,104,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011-10-25 13:44:42 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011-10-01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011-10-01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011-01-12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010-12-21 03:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-12-21 03:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-06-10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007-05-31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013-10-23 11:30:23 | 000,032,544 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2013-09-28 00:01:44 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013-04-04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-04-03 08:58:08 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2013-04-03 08:58:08 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2013-04-03 08:58:08 | 000,158,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:64bit: - [2013-04-03 08:58:08 | 000,038,080 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2013-04-03 08:58:08 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2013-01-06 17:25:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-03-01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-10-01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011-10-01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011-10-01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011-10-01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011-08-14 22:29:45 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011-08-14 22:29:43 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011-08-14 22:22:35 | 000,020,064 | ---- | M] (Ensurebit Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\delayman.sys -- (DelayMan)
DRV:64bit: - [2011-08-14 22:22:35 | 000,015,456 | ---- | M] (Ensurebit Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\winioex.sys -- (winioex)
DRV:64bit: - [2011-08-14 13:36:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-08-14 13:36:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011-05-13 01:01:36 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011-05-13 01:01:34 | 000,437,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011-05-13 01:01:24 | 000,164,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011-05-13 01:01:24 | 000,150,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011-05-13 01:01:24 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011-05-13 01:01:24 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011-05-09 21:42:14 | 000,425,000 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011-05-01 15:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011-03-26 02:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011-03-21 06:42:52 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011-01-29 00:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011-01-12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010-12-13 04:31:00 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010-12-01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010-11-21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010-10-15 09:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010-03-02 19:50:54 | 000,038,496 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HybridDiskX64.sys -- (HybridDisk)
DRV:64bit: - [2010-03-02 19:50:38 | 000,013,920 | ---- | M] (Lenovo.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\HybridCFileX64.sys -- (hybridcfile)
DRV:64bit: - [2009-07-21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-06-10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013-03-14 13:36:18 | 000,017,160 | ---- | M] (XFire) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Xfire2\XFDriver64.sys -- (XFDriver64)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LENN_plPL500
IE - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013-01-03 13:05:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-01-03 13:05:59 | 000,000,000 | ---D | M]
 
[2013-05-26 22:57:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Extensions
[2013-12-29 10:25:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LENOVO\AppData\Roaming\mozilla\Firefox\Profiles\kd9he9xy.default\extensions
[2013-09-16 22:04:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013-05-26 22:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013-05-26 22:57:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA872\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Wallet = C:\Users\LENOVO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKU\S-1-5-18..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [Spotify Web Helper] C:\Users\LENOVO\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire2\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O7 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3429779742-4234798171-2531594576-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F810A68-84E5-4561-B3D1-DFEC470A3F73}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6F30F37-AD2C-4EDA-B51D-7BDD9EEF212C}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (c:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013-07-31 22:02:08 | 000,227,212 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ]
O32 - AutoRun File - [2012-09-25 00:06:33 | 000,000,040 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{12203ea3-55d2-11e2-bc16-402cf452c667}\Shell - "" = AutoRun
O33 - MountPoints2\{12203ea3-55d2-11e2-bc16-402cf452c667}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg)
O33 - MountPoints2\{7d1ebd69-f80c-11e1-bdd7-402cf452c667}\Shell - "" = AutoRun
O33 - MountPoints2\{7d1ebd69-f80c-11e1-bdd7-402cf452c667}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg)
O33 - MountPoints2\{bded9453-f4f6-11e2-bcee-402cf452c667}\Shell - "" = AutoRun
O33 - MountPoints2\{bded9453-f4f6-11e2-bcee-402cf452c667}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{bded9469-f4f6-11e2-bcee-402cf452c667}\Shell - "" = AutoRun
O33 - MountPoints2\{bded9469-f4f6-11e2-bcee-402cf452c667}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013-12-29 10:38:22 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013-12-29 10:25:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-12-28 08:53:50 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wurm Online
[2013-12-27 20:27:11 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2013-12-27 20:27:06 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2013-12-27 20:27:06 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2013-12-27 20:27:06 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2013-12-27 20:27:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013-12-27 20:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013-12-27 20:24:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013-12-26 19:31:38 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBox210.ocx
[2013-12-26 19:31:38 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBox10.ocx
[2013-12-26 19:31:38 | 000,512,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml.dll
[2013-12-26 19:31:38 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\windows\SysWow64\UniBoxVB12.ocx
[2013-12-26 19:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
[2013-12-26 19:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Registry Mechanic
[2013-12-25 10:57:09 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013-12-25 10:57:09 | 000,000,000 | ---D | C] -- C:\rsit
[2013-12-25 10:35:28 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\Desktop\Raporty
[2013-12-25 10:02:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2013-12-15 22:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013-12-08 17:56:54 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Carambis
[2013-12-08 17:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carambis
[2013-12-08 17:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carambis
[2013-12-08 12:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\FARO
[2013-12-08 12:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2013-12-08 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Local\Autodesk
[2013-12-08 12:28:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Autodesk
[2013-12-08 12:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2013-12-08 12:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2013-12-08 12:27:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2013-12-08 12:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2013-12-08 12:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2013-12-08 12:20:07 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Autodesk
[2013-12-08 12:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2013-12-08 11:37:29 | 000,000,000 | ---D | C] -- C:\Users\LENOVO\AppData\Roaming\Xfire
[2013-12-08 11:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Xfire
[2013-12-08 11:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire2
[2013-12-08 11:37:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire2
[2013-12-08 11:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire
[2013-12-08 11:34:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013-12-06 08:51:21 | 000,000,000 | ---D | C] -- C:\Intel
 
========== Files - Modified Within 30 Days ==========
 
[2013-12-29 12:09:00 | 000,001,062 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-12-29 10:54:23 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-12-29 10:54:23 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-12-29 10:51:07 | 001,676,484 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013-12-29 10:51:07 | 000,743,058 | ---- | M] () -- C:\windows\SysNative\perfh015.dat
[2013-12-29 10:51:07 | 000,656,594 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013-12-29 10:51:07 | 000,156,786 | ---- | M] () -- C:\windows\SysNative\perfc015.dat
[2013-12-29 10:51:07 | 000,122,678 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013-12-29 10:45:58 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-12-29 10:45:39 | 000,000,350 | ---- | M] () -- C:\windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013-12-29 10:45:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013-12-29 10:45:20 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2013-12-28 08:53:50 | 000,002,029 | ---- | M] () -- C:\Users\LENOVO\Desktop\Wurm Online.lnk
[2013-12-27 20:27:02 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaws.exe
[2013-12-27 20:27:02 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\javaw.exe
[2013-12-27 20:27:02 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\java.exe
[2013-12-27 20:27:02 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\windows\SysNative\WindowsAccessBridge-64.dll
[2013-12-26 19:31:38 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2013-12-16 22:12:01 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013-12-16 22:10:59 | 000,064,103 | ---- | M] () -- C:\Users\LENOVO\Desktop\1472119_549260008485895_773149106_n.jpg
[2013-12-08 17:56:54 | 000,001,144 | ---- | M] () -- C:\Users\Public\Desktop\Driver Updater.lnk
[2013-12-08 17:39:25 | 000,509,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013-12-08 17:20:20 | 017,053,578 | ---- | M] () -- C:\Users\LENOVO\Desktop\SIPS.rar
[2013-12-08 12:37:11 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk ReCap.lnk
[2013-12-08 12:36:31 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 360.lnk
[2013-12-08 12:33:23 | 000,000,153 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013-12-08 12:32:02 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk
[2013-12-08 12:24:42 | 001,649,090 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013-12-08 12:14:26 | 000,001,061 | ---- | M] () -- C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2013-12-08 11:37:09 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk
[2013-12-08 11:35:20 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
 
========== Files Created - No Company Name ==========
 
[2013-12-26 19:31:38 | 000,040,408 | ---- | C] () -- C:\windows\SysNative\CleanMFT64.exe
[2013-12-26 19:31:38 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2013-12-16 22:10:58 | 000,064,103 | ---- | C] () -- C:\Users\LENOVO\Desktop\1472119_549260008485895_773149106_n.jpg
[2013-12-08 17:56:54 | 000,001,144 | ---- | C] () -- C:\Users\Public\Desktop\Driver Updater.lnk
[2013-12-08 17:20:19 | 017,053,578 | ---- | C] () -- C:\Users\LENOVO\Desktop\SIPS.rar
[2013-12-08 12:37:11 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk ReCap.lnk
[2013-12-08 12:36:31 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 360.lnk
[2013-12-08 12:33:23 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013-12-08 12:32:02 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk
[2013-12-08 12:14:25 | 000,001,061 | ---- | C] () -- C:\Users\LENOVO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
[2013-12-08 11:37:09 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk
[2013-12-08 11:35:20 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2013-10-16 20:55:56 | 000,000,977 | ---- | C] () -- C:\Users\LENOVO\AppData\Local\recently-used.xbel
[2013-09-21 17:27:26 | 000,007,606 | ---- | C] () -- C:\Users\LENOVO\AppData\Local\Resmon.ResmonCfg
[2013-07-07 15:08:38 | 000,000,331 | ---- | C] () -- C:\windows\game.ini
[2013-02-05 16:52:54 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2013-02-05 16:52:50 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2013-02-05 16:52:50 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2013-02-05 16:52:50 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2013-02-05 16:52:50 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2013-01-02 22:57:03 | 000,000,367 | ---- | C] () -- C:\Program Files (x86)\conquer.ini
[2012-12-28 22:04:22 | 000,036,352 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll
[2012-12-01 17:24:36 | 000,281,688 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012-12-01 17:24:35 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012-10-12 01:50:40 | 000,049,738 | ---- | C] () -- C:\Program Files (x86)\AutoMapa EU.md5
[2012-09-29 23:50:28 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012-09-29 23:50:28 | 000,243,200 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2012-09-29 23:50:28 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\lagarith.dll
[2012-09-29 23:50:28 | 000,178,688 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2012-09-29 23:50:26 | 000,112,640 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012-09-22 12:51:41 | 000,361,096 | ---- | C] () -- C:\windows\SysWow64\lead3dengine.dll
[2012-09-08 23:09:27 | 000,000,243 | ---- | C] () -- C:\Users\LENOVO\AppData\Roaming\GPU Meter_Settings.ini
[2012-09-08 23:08:01 | 000,000,532 | ---- | C] () -- C:\Users\LENOVO\AppData\Roaming\All CPU MeterV3_Settings.ini
 
========== ZeroAccess Check ==========
 
[2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013-12-26 20:12:45 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\.minecraft
[2013-12-08 12:27:59 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Autodesk
[2013-09-19 08:57:58 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Awesomium
[2013-12-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\calibre
[2013-12-08 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Carambis
[2013-03-20 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Cream Software
[2013-12-08 12:18:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\DAEMON Tools Lite
[2012-09-09 10:08:14 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\dll-files.com
[2012-09-22 18:33:52 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\EasyCapture
[2012-09-07 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Hive Cluster
[2012-10-17 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\IrfanView
[2012-09-07 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\LolClient
[2013-11-07 12:33:26 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Milestone
[2012-12-09 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Mount&Blade Warband
[2012-09-22 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\NapiProjekt
[2013-05-20 08:51:00 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Samsung
[2012-11-15 03:25:45 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\SoftGrid Client
[2013-05-18 17:51:44 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Softland
[2013-12-08 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotify
[2013-09-16 22:10:35 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotydl
[2013-11-23 17:55:49 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\State of Decay
[2013-05-18 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\StatSoft
[2012-09-21 18:01:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TP
[2013-09-23 14:03:16 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TS3Client
[2013-09-20 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Unified Remote
[2013-12-29 12:24:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\uTorrent
[2013-03-23 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Wargaming.net
[2013-09-11 09:55:32 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< C:\*.* >
[2013-07-31 22:02:08 | 000,227,212 | ---- | M] () -- C:\AutoMapaSetupLog.txt
[2013-12-08 13:23:15 | 002,384,644 | ---- | M] () -- C:\FaceProv.log
[2013-12-29 10:45:20 | 3177,074,688 | -HS- | M] () -- C:\hiberfil.sys
[2013-12-29 10:45:26 | 4236,099,584 | -HS- | M] () -- C:\pagefile.sys
[2011-08-14 21:59:35 | 000,002,150 | ---- | M] () -- C:\RHDSetup.log
[2013-05-14 07:15:32 | 000,357,814 | ---- | M] () -- C:\SDK Manager.exe
[2009-07-14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2009-07-14 06:08:49 | 000,032,604 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2011-08-14 22:20:05 | 000,001,058 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011-08-14 22:20:05 | 000,001,062 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013-06-03 11:08:43 | 000,000,350 | ---- | C] () -- C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
 
< D:\*.* >
[1 D:\*.tmp files -> D:\*.tmp -> ]
 
< E:\*.* >
 
< F:\*.* >
[2012-09-25 00:06:33 | 000,000,040 | R--- | M] () -- F:\autorun.inf
[2012-09-29 13:15:12 | 000,023,558 | R--- | M] () -- F:\icon.ico
[2012-09-28 18:48:08 | 998,655,488 | R--- | M] () -- F:\setup-1.bin
[2012-09-28 18:57:55 | 1000,000,000 | R--- | M] () -- F:\setup-2.bin
[2012-09-28 19:04:53 | 1000,000,000 | R--- | M] () -- F:\setup-3.bin
[2012-09-28 19:09:14 | 1000,000,000 | R--- | M] () -- F:\setup-4.bin
[2012-09-28 19:15:34 | 1000,000,000 | R--- | M] () -- F:\setup-5.bin
[2012-09-28 19:23:50 | 1000,000,000 | R--- | M] () -- F:\setup-6.bin
[2012-09-28 19:25:09 | 072,691,766 | R--- | M] () -- F:\setup-7.bin
[2012-09-09 04:59:41 | 000,347,407 | R--- | M] (noOrg) -- F:\Setup.exe
 
< G:\*.* >
[2013-11-11 11:11:02 | 000,000,512 | -H-- | M] () -- G:\NIKON001.DSC
[2011-11-21 21:22:42 | 000,022,059 | ---- | M] () -- G:\1.5Sciaga - bramki logiczne (kolos 2).docx
[2011-11-21 21:22:44 | 000,510,432 | ---- | M] () -- G:\1.6Sciaga - klad sterowania silnikiem (kolos 2).docx
[2011-11-21 21:22:44 | 000,054,272 | ---- | M] () -- G:\ciaga - bramki logiczne (kolos 2).doc
[2011-11-21 21:22:46 | 003,208,192 | ---- | M] () -- G:\ciaga - klad sterowania silnikiem (kolos 2).doc
[2013-12-05 13:36:58 | 000,181,078 | ---- | M] () -- G:\sciaga new.docx
[2013-12-08 23:19:06 | 000,385,536 | ---- | M] () -- G:\PID Grupa 3 (1).doc
 
< H:\*.* >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %APPDATA%\*. >
[2013-12-26 20:12:45 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\.minecraft
[2013-03-25 20:34:40 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Adobe
[2013-12-08 12:27:59 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Autodesk
[2013-09-19 08:57:58 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Awesomium
[2013-12-04 19:38:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\calibre
[2013-12-08 17:56:54 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Carambis
[2013-03-20 16:34:57 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Cream Software
[2012-09-06 08:49:25 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\CyberLink
[2013-12-08 12:18:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\DAEMON Tools Lite
[2012-09-09 10:08:14 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\dll-files.com
[2013-10-30 18:37:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\dvdcss
[2012-09-22 18:33:52 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\EasyCapture
[2012-09-06 19:00:32 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Google
[2012-09-07 16:25:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Hive Cluster
[2012-08-20 19:49:21 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Identities
[2012-08-20 19:49:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Intel
[2012-08-20 19:49:40 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Intel Corporation
[2012-10-17 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\IrfanView
[2012-09-07 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\LolClient
[2013-03-18 10:04:55 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Macromedia
[2013-05-20 09:21:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Malwarebytes
[2011-02-22 12:42:06 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Media Center Programs
[2013-12-04 16:07:57 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Media Player Classic
[2013-12-08 19:49:43 | 000,000,000 | --SD | M] -- C:\Users\LENOVO\AppData\Roaming\Microsoft
[2013-11-07 12:33:26 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Milestone
[2012-12-09 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Mount&Blade Warband
[2013-05-26 22:57:34 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Mozilla
[2012-09-22 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\NapiProjekt
[2013-03-17 15:28:55 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\NVIDIA
[2013-03-24 22:11:36 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Real
[2013-01-03 13:06:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\RealNetworks
[2013-05-20 08:51:00 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Samsung
[2012-09-08 07:58:53 | 000,000,000 | RH-D | M] -- C:\Users\LENOVO\AppData\Roaming\SecuROM
[2013-07-14 23:57:44 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Skype
[2012-11-15 03:25:45 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\SoftGrid Client
[2013-05-18 17:51:44 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Softland
[2013-12-08 18:44:23 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotify
[2013-09-16 22:10:35 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Spotydl
[2013-11-23 17:55:49 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\State of Decay
[2013-05-18 17:54:50 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\StatSoft
[2012-09-21 18:01:39 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TP
[2013-09-23 14:03:16 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\TS3Client
[2013-09-20 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Unified Remote
[2013-12-29 12:24:47 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\uTorrent
[2013-12-22 20:03:04 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\vlc
[2013-03-23 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Wargaming.net
[2013-12-01 10:51:04 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Winamp
[2013-09-11 09:55:32 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Windows Live Writer
[2012-09-06 11:53:18 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\WinRAR
[2013-12-29 10:46:58 | 000,000,000 | ---D | M] -- C:\Users\LENOVO\AppData\Roaming\Xfire
 
< %SYSTEMDRIVE%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009-07-14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009-07-14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: BEEP.SYS  >
[2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\windows\SysNative\drivers\beep.sys
[2009-07-14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys
 
< MD5 for: EXPLORER.EXE  >
[2011-08-14 13:35:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-08-14 13:35:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011-08-14 13:35:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-08-14 13:35:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010-11-21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-08-14 13:35:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011-08-14 13:35:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010-11-21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: NTFS.SYS  >
[2010-11-21 04:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2011-08-14 13:36:04 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[2011-08-14 13:36:04 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys
[2012-08-31 18:57:17 | 001,687,408 | ---- | M] (Microsoft Corporation) MD5=B2746D84DDF68D09B41B72DF745CCBA6 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_052b7b9d4ca0cf8b\ntfs.sys
[2012-08-31 19:19:35 | 001,659,760 | ---- | M] (Microsoft Corporation) MD5=E453ACF4E7D44E5530B5D5F2B9CA8563 -- C:\windows\SysNative\drivers\ntfs.sys
[2012-08-31 19:19:35 | 001,659,760 | ---- | M] (Microsoft Corporation) MD5=E453ACF4E7D44E5530B5D5F2B9CA8563 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_0477c74a33a2859a\ntfs.sys
 
< MD5 for: SVCHOST.EXE  >
[2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013-04-04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009-07-14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009-07-14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010-11-21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010-11-21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010-11-21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010-11-21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010-11-21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013-04-04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2010-11-21 04:23:55 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\windows\system32\ws2_32.dll
 
< %systemroot%\system32\kernel32.dll /md5 >
[2012-11-30 05:53:59 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=AC0B6F41882FC6ED186962D770EBF1D2 -- C:\windows\system32\kernel32.dll
 
< %systemroot%\system32\user32.dll /md5 >
[2010-11-21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\windows\system32\user32.dll
 
< %systemroot%\Tasks\*.* /lockedfiles >
[2013-09-27 23:04:08 | 000,032,604 | ---- | M] () Unable to obtain MD5 -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Restore Points Found ==========
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Users\All Users] ->  -> Unknown point type
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\Users\All Users\Temp:D1B5B4F1
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 122 bytes -> C:\Users\All Users\Temp:373E1720
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:373E1720
 
< End of report >
 

[/log]

 

Niestety nie dałem rady użyć SPTD bo wywaliło błąd że platforma nie jest obsługiwana :/

Ale skanowanie zrobilem pomimo to

GMER

[log]GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-12-29 13:08:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.AXM1 728,45GB
Running: ey9i6mux.exe; Driver: C:\Users\LENOVO\AppData\Local\Temp\kfrdapow.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!RegSetValueExW                                         000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!RegQueryValueExW                                       0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!RegDeleteValueW                                        0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                  000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                                0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\kernel32.dll!RegSetValueExA                                         000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                     000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                       000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                          000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                   000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                    000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                  000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\ole32.dll!CoCreateInstance                                          000007fefdf87490 11 bytes JMP 000007fffd5b0228
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                         000007fefdf9bf00 7 bytes JMP 000007fffd5b0260
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!RegSetValueExW                                                                      000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!RegQueryValueExW                                                                    0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!LoadLibraryW                                                                        0000000076816f80 5 bytes JMP 0000000169ff0038
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!RegDeleteValueW                                                                     0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                                               000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                             00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                                             00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                             0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\kernel32.dll!RegSetValueExA                                                                      000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                  000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                    000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                                       000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                                                    000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                 000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                               000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\dxgi.dll!CreateDXGIFactory                                                                       000007fef8b34da4 7 bytes JMP 000007fff8b200d8
.text   C:\windows\system32\Dwm.exe[1200] C:\windows\system32\dxgi.dll!CreateDXGIFactory1                                                                      000007fef8b59af4 7 bytes JMP 000007fff8b20110
.text   C:\windows\system32\taskhost.exe[1372] C:\windows\system32\kernel32.dll!LoadLibraryW                                                                   0000000076816f80 5 bytes JMP 0000000169ff0038
.text   C:\windows\system32\taskhost.exe[1372] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                               000007fefd5c9940 5 bytes JMP 000007fffd5b00b8
.text   C:\windows\system32\taskhost.exe[1372] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                                               000007fefd5cbbb0 5 bytes JMP 000007fffd5b0038
.text   C:\windows\system32\taskhost.exe[1372] C:\windows\system32\ole32.dll!CoCreateInstance                                                                  000007fefdf87490 5 bytes JMP 000007fffd5b0138
.text   C:\windows\system32\taskhost.exe[1372] C:\windows\system32\WINMM.dll!waveOutReset                                                                      000007fefb49a38c 5 bytes JMP 000007fefd5b02b8
.text   C:\windows\system32\taskhost.exe[1372] C:\windows\system32\WINMM.dll!waveOutPause                                                                      000007fefb4b4b60 5 bytes JMP 000007fefd5b0238
.text   C:\windows\system32\taskhost.exe[1372] C:\windows\system32\WINMM.dll!waveOutRestart                                                                    000007fefb4b4ba0 5 bytes JMP 000007fefd5b01b8
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!RegSetValueExW                                                                  000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!RegQueryValueExW                                                                0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!RegDeleteValueW                                                                 0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                                           000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                         00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                                         00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                         0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\kernel32.dll!RegSetValueExA                                                                  000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                              000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                                   000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                            000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                             000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                           000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\ole32.dll!CoCreateInstance                                                                   000007fefdf87490 11 bytes JMP 000007fffd5b0228
.text   C:\windows\system32\taskeng.exe[1784] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                                                  000007fefdf9bf00 7 bytes JMP 000007fffd5b0260
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!RegSetValueExW                                                                 000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!RegQueryValueExW                                                               0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!RegDeleteValueW                                                                0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                                          000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                        00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                                        00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                        0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\kernel32.dll!RegSetValueExA                                                                 000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                             000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                               000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                                  000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                           000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                            000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                          000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\ole32.dll!CoCreateInstance                                                                  000007fefdf87490 11 bytes JMP 000007fffd5b0228
.text   C:\Windows\System32\igfxpers.exe[2184] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                                                 000007fefdf9bf00 7 bytes JMP 000007fffd5b0260
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!RegSetValueExW                                                  000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!RegQueryValueExW                                                0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!RegDeleteValueW                                                 0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                           000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                         00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                         00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                                         0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\kernel32.dll!RegSetValueExA                                                  000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                              000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                   000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                            000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                             000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                           000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\ole32.dll!CoCreateInstance                                                   000007fefdf87490 11 bytes JMP 000007fffd5b0228
.text   C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2196] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                                  000007fefdf9bf00 7 bytes JMP 000007fffd5b0260
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!RegSetValueExW                                  000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!RegQueryValueExW                                0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!LoadLibraryW                                    0000000076816f80 5 bytes JMP 0000000169ff0038
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!RegDeleteValueW                                 0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                           000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                         00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!K32GetModuleInformation                         00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                         0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\kernel32.dll!RegSetValueExA                                  000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                              000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                   000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                            000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\WINMM.dll!waveOutReset                                       000007fefb49a38c 5 bytes JMP 000007fefd5a02b8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\WINMM.dll!waveOutPause                                       000007fefb4b4b60 5 bytes JMP 000007fefd5a0238
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\WINMM.dll!waveOutRestart                                     000007fefb4b4ba0 5 bytes JMP 000007fefd5a01b8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                             000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                           000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\ole32.dll!CoCreateInstance                                   000007fefdf87490 11 bytes JMP 000007fffd5b0228
.text   C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2220] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                  000007fefdf9bf00 7 bytes JMP 000007fffd5b0260
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!RegSetValueExW                                    000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!RegQueryValueExW                                  0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!RegDeleteValueW                                   0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                             000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                           00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!K32GetModuleInformation                           00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                           0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\kernel32.dll!RegSetValueExA                                    000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                  000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                     000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                              000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                               000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe[2252] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                             000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!RegSetValueExW                                                                000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!RegQueryValueExW                                                              0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!LoadLibraryW                                                                  0000000076816f80 5 bytes JMP 0000000169ff0038
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!RegDeleteValueW                                                               0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                                         000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                       00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                                       00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                       0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\kernel32.dll!RegSetValueExA                                                                000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                            000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                              000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                                 000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                          000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                                              000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                           000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                         000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\ole32.dll!CoCreateInstance                                                                 000007fefdf87490 11 bytes JMP 000007fffd5b0228
.text   C:\Windows\WindowsMobile\wmdc.exe[2364] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                                                000007fefdf9bf00 7 bytes JMP 000007fffd5b0260
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000074ca1465 2 bytes [CA, 74]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2476] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 0000000074ca14bb 2 bytes [CA, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files (x86)\uTorrent\uTorrent.exe[2544] C:\windows\syswow64\kernel32.dll!LoadLibraryExA                                                     0000000074aa48fb 5 bytes JMP 0000000110002710
.text   C:\Program Files (x86)\uTorrent\uTorrent.exe[2544] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                       0000000074aa4913 5 bytes JMP 00000001100027f0
.text   C:\Program Files (x86)\uTorrent\uTorrent.exe[2544] C:\windows\syswow64\kernel32.dll!LoadLibraryExW                                                     0000000074aa4945 5 bytes JMP 0000000110002780
.text   C:\Program Files (x86)\uTorrent\uTorrent.exe[2544] C:\windows\syswow64\ole32.dll!CoCreateInstance                                                      0000000074979d0b 5 bytes JMP 0000000110002850
.text   C:\Program Files (x86)\uTorrent\uTorrent.exe[2544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                             0000000074ca1465 2 bytes [CA, 74]
.text   C:\Program Files (x86)\uTorrent\uTorrent.exe[2544] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                            0000000074ca14bb 2 bytes [CA, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!RegSetValueExW                                           000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!RegQueryValueExW                                         0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!LoadLibraryW                                             0000000076816f80 5 bytes JMP 0000000169ff0038
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!RegDeleteValueW                                          0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                    000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                  00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                  00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                                  0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\kernel32.dll!RegSetValueExA                                           000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                       000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                         000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                            000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                     000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                         000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                      000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                    000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\WINMM.dll!waveOutReset                                                000007fefb49a38c 5 bytes JMP 000007fefd5a02b8
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\WINMM.dll!waveOutPause                                                000007fefb4b4b60 5 bytes JMP 000007fefd5a0238
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2956] C:\windows\system32\WINMM.dll!waveOutRestart                                              000007fefb4b4ba0 5 bytes JMP 000007fefd5a01b8
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!RegSetValueExW                                            000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!RegQueryValueExW                                          0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!LoadLibraryW                                              0000000076816f80 5 bytes JMP 0000000169ff0038
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!RegDeleteValueW                                           0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                     000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                   00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                   00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                                   0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\kernel32.dll!RegSetValueExA                                            000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                        000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                          000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                             000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                      000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                          000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                       000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                     000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\ole32.dll!CoCreateInstance                                             000007fefdf87490 11 bytes JMP 000007fffd5b0228
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                            000007fefdf9bf00 7 bytes JMP 000007fffd5b0260
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\WINMM.dll!waveOutReset                                                 000007fefb49a38c 5 bytes JMP 000007fefd5a02b8
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\WINMM.dll!waveOutPause                                                 000007fefb4b4b60 5 bytes JMP 000007fefd5a0238
.text   C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe[2976] C:\windows\system32\WINMM.dll!waveOutRestart                                               000007fefb4b4ba0 5 bytes JMP 000007fefd5a01b8
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2916] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExA                    0000000074aa48fb 5 bytes JMP 0000000110002710
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2916] C:\windows\syswow64\KERNEL32.dll!LoadLibraryW                      0000000074aa4913 5 bytes JMP 00000001100027f0
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2916] C:\windows\syswow64\KERNEL32.dll!LoadLibraryExW                    0000000074aa4945 5 bytes JMP 0000000110002780
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2916] C:\windows\syswow64\ole32.dll!CoCreateInstance                     0000000074979d0b 5 bytes JMP 0000000110002850
.text   C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe[2792] C:\windows\syswow64\kernel32.dll!LoadLibraryExA                             0000000074aa48fb 5 bytes JMP 0000000110002710
.text   C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe[2792] C:\windows\syswow64\kernel32.dll!LoadLibraryW                               0000000074aa4913 5 bytes JMP 00000001100027f0
.text   C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe[2792] C:\windows\syswow64\kernel32.dll!LoadLibraryExW                             0000000074aa4945 5 bytes JMP 0000000110002780
.text   C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2284] C:\windows\syswow64\kernel32.dll!LoadLibraryExA                                               0000000074aa48fb 5 bytes JMP 0000000110002710
.text   C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2284] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                 0000000074aa4913 5 bytes JMP 00000001100027f0
.text   C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2284] C:\windows\syswow64\kernel32.dll!LoadLibraryExW                                               0000000074aa4945 5 bytes JMP 0000000110002780
.text   C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe[2284] C:\windows\syswow64\ole32.dll!CoCreateInstance                                                0000000074979d0b 5 bytes JMP 0000000110002850
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000074ca1465 2 bytes [CA, 74]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3692] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000074ca14bb 2 bytes [CA, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                00000000709b1a22 2 bytes [9B, 70]
.text   C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                00000000709b1ad0 2 bytes [9B, 70]
.text   C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                00000000709b1b08 2 bytes [9B, 70]
.text   C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                00000000709b1bba 2 bytes [9B, 70]
.text   C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                00000000709b1bda 2 bytes [9B, 70]
.text   C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         0000000074ca1465 2 bytes [CA, 74]
.text   C:\windows\SysWOW64\PnkBstrA.exe[3932] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        0000000074ca14bb 2 bytes [CA, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\windows\SysWOW64\RunDll32.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         0000000074ca1465 2 bytes [CA, 74]
.text   C:\windows\SysWOW64\RunDll32.exe[3668] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        0000000074ca14bb 2 bytes [CA, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!RegSetValueExW                                     000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!RegQueryValueExW                                   0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!LoadLibraryW                                       0000000076816f80 5 bytes JMP 0000000169ff0038
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!RegDeleteValueW                                    0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                              000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                            00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!K32GetModuleInformation                            00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                            0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\kernel32.dll!RegSetValueExA                                     000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                 000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                   000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                      000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                               000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                   000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                              000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\ole32.dll!CoCreateInstance                                      000007fefdf87490 11 bytes JMP 000007fffd5b0228
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                     000007fefdf9bf00 7 bytes JMP 000007fffd5b0260
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\WINMM.dll!waveOutReset                                          000007fefb49a38c 5 bytes JMP 000007fefd5a02b8
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\WINMM.dll!waveOutPause                                          000007fefb4b4b60 5 bytes JMP 000007fefd5a0238
.text   C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe[3892] C:\windows\system32\WINMM.dll!waveOutRestart                                        000007fefb4b4ba0 5 bytes JMP 000007fefd5a01b8
?       C:\windows\system32\mssprxy.dll [3568] entry point in ".rdata" section                                                                                 00000000718a71e6
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!RegSetValueExW                                                            000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!RegQueryValueExW                                                          0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!LoadLibraryW                                                              0000000076816f80 5 bytes JMP 0000000169ff0038
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!RegDeleteValueW                                                           0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                                     000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                   00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                                   00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                   0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\kernel32.dll!RegSetValueExA                                                            000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                        000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                          000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                             000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                      000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                                          000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\ole32.dll!CoCreateInstance                                                             000007fefdf87490 11 bytes JMP 000007fffd5b0228
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                                            000007fefdf9bf00 7 bytes JMP 000007fffd5b0260
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                       000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\windows\system32\wbem\unsecapp.exe[3760] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                     000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4104] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074ca1465 2 bytes [CA, 74]
.text   C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[4104] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074ca14bb 2 bytes [CA, 74]
.text   ...                                                                                                                                                    * 2
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!RegSetValueExW                                  000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!RegQueryValueExW                                0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!RegDeleteValueW                                 0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                           000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                         00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!K32GetModuleInformation                         00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                         0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\kernel32.dll!RegSetValueExA                                  000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                              000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                   000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                            000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                             000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                           000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\d3d9.dll!Direct3DCreate9Ex                                   000007fef23c2460 5 bytes JMP 000007fefd5b02d0
.text   C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[4356] C:\windows\system32\d3d9.dll!Direct3DCreate9                                     000007fef23f96b0 6 bytes JMP 000007fefd5b0298
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!RegSetValueExW                                                                  000000007680af40 7 bytes JMP 000000016fff0260
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!RegQueryValueExW                                                                0000000076814a60 5 bytes JMP 000000016fff01b8
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!LoadLibraryW                                                                    0000000076816f80 5 bytes JMP 0000000169ff0038
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!RegDeleteValueW                                                                 0000000076832990 5 bytes JMP 000000016fff01f0
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!K32GetMappedFileNameW                                                           000000007683efe0 5 bytes JMP 000000016fff0148
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                         00000000768699b0 7 bytes JMP 000000016fff00d8
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!K32GetModuleInformation                                                         00000000768794d0 5 bytes JMP 000000016fff0180
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                         0000000076879640 5 bytes JMP 000000016fff0110
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\kernel32.dll!RegSetValueExA                                                                  000000007689a500 7 bytes JMP 000000016fff0228
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\KERNELBASE.dll!GetModuleHandleW                                                              000007fefd5c3460 7 bytes JMP 000007fffd5b00d8
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                000007fefd5c9940 6 bytes JMP 000007fffd5b0148
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\KERNELBASE.dll!FreeLibrary                                                                   000007fefd5c9fb0 5 bytes JMP 000007fffd5b0180
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                            000007fefd5ca150 5 bytes JMP 000007fffd5b0110
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA                                                                000007fefd5cbbb0 5 bytes JMP 000007fffd5a0038
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\ole32.dll!CoCreateInstance                                                                   000007fefdf87490 11 bytes JMP 000007fffd5b0228
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\ole32.dll!CoSetProxyBlanket                                                                  000007fefdf9bf00 7 bytes JMP 000007fffd5b0260
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                             000007fefef889e0 8 bytes JMP 000007fffd5b01f0
.text   C:\windows\system32\wuauclt.exe[1840] C:\windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                           000007fefef8be40 8 bytes JMP 000007fffd5b01b8
.text   C:\Users\LENOVO\Downloads\ey9i6mux.exe[7324] C:\windows\syswow64\kernel32.dll!LoadLibraryExA                                                           0000000074aa48fb 5 bytes JMP 0000000110002710
.text   C:\Users\LENOVO\Downloads\ey9i6mux.exe[7324] C:\windows\syswow64\kernel32.dll!LoadLibraryW                                                             0000000074aa4913 5 bytes JMP 00000001100027f0
.text   C:\Users\LENOVO\Downloads\ey9i6mux.exe[7324] C:\windows\syswow64\kernel32.dll!LoadLibraryExW                                                           0000000074aa4945 5 bytes JMP 0000000110002780
.text   C:\Users\LENOVO\Downloads\ey9i6mux.exe[7324] C:\windows\syswow64\ole32.dll!CoCreateInstance                                                            0000000074979d0b 5 bytes JMP 0000000110002850
.text   C:\Users\LENOVO\Downloads\ey9i6mux.exe[7324] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                   0000000074ca1465 2 bytes [CA, 74]
.text   C:\Users\LENOVO\Downloads\ey9i6mux.exe[7324] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                  0000000074ca14bb 2 bytes [CA, 74]
.text   ...                                                                                                                                                    * 2
 
---- Threads - GMER 2.1 ----
 
Thread  C:\windows\SysWOW64\ntdll.dll [2992:2996]                                                                                                              0000000000f00440
Thread  C:\windows\SysWOW64\ntdll.dll [2992:3092]                                                                                                              0000000071dcc59c
Thread  C:\windows\SysWOW64\ntdll.dll [2992:3096]                                                                                                              0000000071dcc59c
Thread  C:\windows\SysWOW64\ntdll.dll [2992:3100]                                                                                                              0000000071dcc59c
Thread  C:\windows\SysWOW64\ntdll.dll [2992:3104]                                                                                                              00000000739b62ee
Thread  C:\windows\SysWOW64\ntdll.dll [2992:3260]                                                                                                              0000000071dcc59c
Thread  C:\windows\SysWOW64\ntdll.dll [2992:3264]                                                                                                              0000000071dcc59c
Thread  C:\windows\SysWOW64\ntdll.dll [2992:3344]                                                                                                              0000000071dcc59c
Thread  C:\windows\SysWOW64\ntdll.dll [2992:3384]                                                                                                              0000000071dcc59c
Thread  C:\windows\SysWOW64\ntdll.dll [2992:3508]                                                                                                              0000000000d76a20
Thread  C:\windows\SysWOW64\ntdll.dll [2992:3512]                                                                                                              0000000000d76bb0
Thread  C:\windows\SysWOW64\ntdll.dll [2992:3636]                                                                                                              0000000071dcc59c
Thread  C:\windows\SysWOW64\ntdll.dll [2992:3632]                                                                                                              0000000071dcc59c
Thread  C:\windows\SysWOW64\ntdll.dll [2992:3772]                                                                                                              000000007072a3e0
Thread  C:\windows\SysWOW64\ntdll.dll [2992:4672]                                                                                                              0000000072f232fb
Thread  C:\windows\SysWOW64\ntdll.dll [2992:4704]                                                                                                              00000000707227c1
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5488:5788]                                                                                         000007fefb9b2a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5488:5352]                                                                                         000007feecc7d618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5488:6004]                                                                                         000007fef25c5124
Thread  C:\windows\System32\svchost.exe [5716:1336]                                                                                                            000007feee099688
 
---- Registry - GMER 2.1 ----
 
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf452c667                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf452c667@d0c1b132993e                                                               0x1E 0xEE 0x1D 0xFE ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\402cf452c667@50e8000b95db                                                               0xAD 0x58 0x2C 0x90 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                    C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                    0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                    0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                 0xA5 0x12 0x78 0x5F ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                              
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                           0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                        0xA7 0x3C 0x1B 0xE9 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                   0xA2 0x88 0x22 0x31 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)                                                        
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf452c667 (not active ControlSet)                                                        
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf452c667@d0c1b132993e                                                                   0x1E 0xEE 0x1D 0xFE ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\402cf452c667@50e8000b95db                                                                   0xAD 0x58 0x2C 0x90 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                   
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                        C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                        0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                        0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                     0xA5 0x12 0x78 0x5F ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                          
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                               0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                            0xA7 0x3C 0x1B 0xE9 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                     
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                       0xA2 0x88 0x22 0x31 ...
 
---- EOF - GMER 2.1 ----
 

[/log]

 

Czy któreś z aplikacji jeszcze są nie potrzebne chodzi mi o te od producenta Lenovo

Natsuki Kuga
komentarz
komentarz

Czy któreś z aplikacji jeszcze są nie potrzebne chodzi mi o te od producenta Lenovo

 

Ja ich tu zbyt wiele nie widzę, myślę, że z nich korzystasz. ;)

 

Nie wstawiłem więcej logów bo niestety nie dałem rady nie wiem dlaczego.

Możesz się posiłkować stroną wklej.org :)

 

Tak przy okazji patrząc jeszcze w dzienniki zdarzeń:

Error - 2013-12-28 03:56:35 | Computer Name = LENOVO-Komputer | Source = Application Hang | ID = 1002
Description = Program javaw.exe w wersji 6.0.450.6 zatrzymał interakcję z systemem
 Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji
 dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum
 akcji.    Identyfikator procesu: 250c    Godzina rozpoczęcia: 01cf03a1f85979ad    Godzina zakończenia:
 109    Ścieżka aplikacji: C:\Program Files (x86)\Java\jre6\bin\javaw.exe    Identyfikator
 raportu: 8fef247e-6f95-11e3-8a94-402cf452c667  
 

 Ta java jest już mocno przestarzała i tylko powoduje konflikty. Jeśli w ogóle z niej nie korzystasz, to odinstaluj wersję 6 i zostaw tę Javę 7, którą już masz.

 

 

Pokaż jeszcze screen z DiskCrystalInfo: http://crystalmark.info/software/CrystalDiskInfo/index-e.html

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.