OTL logfile created on: 2014-04-06 14:48:44 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oem\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16521) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,48 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 45,19% Memory free 6,96 Gb Paging File | 4,70 Gb Available in Paging File | 67,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 390,53 Gb Total Space | 201,81 Gb Free Space | 51,68% Space Free | Partition Type: NTFS Drive D: | 540,89 Gb Total Space | 430,28 Gb Free Space | 79,55% Space Free | Partition Type: NTFS Computer Name: OEM-KOMPUTER | User Name: oem | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-04-06 14:12:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\oem\Downloads\OTL.exe PRC - [2014-03-11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2014-03-11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2014-03-11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2014-01-30 16:05:24 | 021,822,128 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe PRC - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-08-15 14:11:32 | 000,483,328 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2013-08-15 14:10:46 | 000,209,408 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012-11-23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012-09-28 09:25:56 | 000,586,904 | ---- | M] (PandoraTV) -- C:\Program Files\PANDORA.TV\PanService\PanProcess.exe PRC - [2012-09-28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe PRC - [2011-07-12 15:29:00 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-09-03 14:52:48 | 000,606,208 | ---- | M] () -- C:\Program Files\ScreenShooter\screenshooter.exe PRC - [2008-06-24 16:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007-02-12 14:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe PRC - [2006-10-10 14:11:08 | 000,827,392 | ---- | M] () -- C:\Windows\vsnp325.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-04-06 14:02:09 | 001,157,120 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\_ssl.pyd MOD - [2014-04-06 14:02:09 | 000,805,888 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\wx._gdi_.pyd MOD - [2014-04-06 14:02:09 | 000,110,080 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\pywintypes27.dll MOD - [2014-04-06 14:02:09 | 000,026,624 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\_multiprocessing.pyd MOD - [2014-04-06 14:02:08 | 001,175,040 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\wx._core_.pyd MOD - [2014-04-06 14:02:08 | 001,062,400 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\wx._controls_.pyd MOD - [2014-04-06 14:02:08 | 000,811,008 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\wx._windows_.pyd MOD - [2014-04-06 14:02:08 | 000,735,232 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\wx._misc_.pyd MOD - [2014-04-06 14:02:08 | 000,712,192 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\_hashlib.pyd MOD - [2014-04-06 14:02:08 | 000,686,080 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\unicodedata.pyd MOD - [2014-04-06 14:02:08 | 000,557,056 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\pysqlite2._sqlite.pyd MOD - [2014-04-06 14:02:08 | 000,525,640 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\windows._lib_cacheinvalidation.pyd MOD - [2014-04-06 14:02:08 | 000,364,544 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\pythoncom27.dll MOD - [2014-04-06 14:02:08 | 000,320,512 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\win32com.shell.shell.pyd MOD - [2014-04-06 14:02:08 | 000,128,512 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\_elementtree.pyd MOD - [2014-04-06 14:02:08 | 000,127,488 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\pyexpat.pyd MOD - [2014-04-06 14:02:08 | 000,122,368 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\wx._wizard.pyd MOD - [2014-04-06 14:02:08 | 000,119,808 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\win32file.pyd MOD - [2014-04-06 14:02:08 | 000,108,544 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\win32security.pyd MOD - [2014-04-06 14:02:08 | 000,098,816 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\win32api.pyd MOD - [2014-04-06 14:02:08 | 000,087,040 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\_ctypes.pyd MOD - [2014-04-06 14:02:08 | 000,070,656 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\wx._html2.pyd MOD - [2014-04-06 14:02:08 | 000,044,032 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\_socket.pyd MOD - [2014-04-06 14:02:08 | 000,038,912 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\win32inet.pyd MOD - [2014-04-06 14:02:08 | 000,035,840 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\win32process.pyd MOD - [2014-04-06 14:02:08 | 000,025,600 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\win32pdh.pyd MOD - [2014-04-06 14:02:08 | 000,024,064 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\win32pipe.pyd MOD - [2014-04-06 14:02:08 | 000,022,528 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\win32ts.pyd MOD - [2014-04-06 14:02:08 | 000,018,432 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\win32event.pyd MOD - [2014-04-06 14:02:08 | 000,017,408 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\win32profile.pyd MOD - [2014-04-06 14:02:08 | 000,011,264 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\win32crypt.pyd MOD - [2014-04-06 14:02:08 | 000,010,240 | ---- | M] () -- C:\Users\oem\AppData\Local\Temp\_MEI40442\select.pyd MOD - [2014-03-15 02:50:40 | 000,394,568 | ---- | M] () -- C:\Users\oem\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll MOD - [2014-03-15 02:50:38 | 004,061,000 | ---- | M] () -- C:\Users\oem\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll MOD - [2014-03-15 02:50:35 | 000,716,616 | ---- | M] () -- C:\Users\oem\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll MOD - [2014-03-15 02:50:34 | 000,100,168 | ---- | M] () -- C:\Users\oem\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll MOD - [2014-03-15 02:50:32 | 001,647,432 | ---- | M] () -- C:\Users\oem\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll MOD - [2014-03-15 02:50:30 | 000,051,016 | ---- | M] () -- C:\Users\oem\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll MOD - [2014-02-27 15:25:32 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll MOD - [2014-02-27 15:25:17 | 000,230,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ResourceMan446ca0e5#\33988fb4390d8019577165b8b7e9cd31\ResourceManagement.Foundation.Implementation.ni.dll MOD - [2014-02-27 15:25:16 | 000,318,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MOM.Implementation\513f1e135e0bd3c30c48bf30bc5158f7\MOM.Implementation.ni.dll MOD - [2014-02-27 15:25:15 | 000,227,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundat03490438#\005129f9561a403e8049a436fdda2440\LOG.Foundation.Implementation.ni.dll MOD - [2014-02-27 15:25:15 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MOM\da85a98972df6395fca1a7fc73250854\MOM.ni.exe MOD - [2014-02-27 15:25:11 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0812\60d818e0d4ed8f1d94f5f4e7d91b8fbe\DEM.Graphics.I0812.ni.dll MOD - [2014-02-27 15:25:11 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0805\1c870907d55a41d0e14a46896d8f5444\DEM.Graphics.I0805.ni.dll MOD - [2014-02-27 15:25:10 | 000,050,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundat60cdf5df#\7fbc63091bf320cac9ea22fa77b1bd98\CLI.Foundation.XManifest.ni.dll MOD - [2014-02-27 15:25:09 | 000,797,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone26c9c557#\904c28b689a291cf9c00adb50e0fbf2d\CLI.Component.Systemtray.ni.dll MOD - [2014-02-27 15:25:08 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.73911eb5#\03a06129404d4e1c7ccbd913b84ee7f8\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll MOD - [2014-02-27 15:25:07 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone6692ca50#\bef20e97f1f52ef0ceadb0ae25d0cca5\CLI.Component.Runtime.ni.dll MOD - [2014-02-27 15:25:07 | 000,095,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ATICCCom\8210c2e7a96f58fcb0238d17b2d08e63\ATICCCom.ni.dll MOD - [2014-02-27 15:25:07 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componeb4d0485c#\5aee5739dfe8722d747c4f264259339f\CLI.Component.Runtime.Extension.EEU.ni.dll MOD - [2014-02-27 15:25:04 | 000,150,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone29e547cc#\d0cc028deb4470406cfd0dded5935b03\CLI.Component.Dashboard.ProfileManager2.ni.dll MOD - [2014-02-27 15:25:03 | 000,760,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone6bf88b08#\f13da03a208d74c1c71031ed054b0c57\CLI.Component.Dashboard.ni.dll MOD - [2014-02-27 15:25:01 | 000,765,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Combine7332395e#\2c462fa6b4691ba6f43a2f7134b062fe\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll MOD - [2014-02-27 15:25:01 | 000,038,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.382a3def#\a9765fb51fc1041d96a34fcacf228c3e\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll MOD - [2014-02-27 15:25:01 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0703\bc2533895dbfd6f5423d8ce63a3fe014\DEM.Graphics.I0703.ni.dll MOD - [2014-02-27 15:25:00 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Combine0616f305#\375ac679094487a7669594959d8c3122\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll MOD - [2014-02-27 15:24:56 | 000,038,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Pdb36d56e#\19a41b774c32aa9fca1783d9ec4682e2\CLI.Caste.Platform.Runtime.ni.dll MOD - [2014-02-27 15:24:56 | 000,026,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Pac40511b#\796177a2635fd397ca724e3c799e91ce\CLI.Caste.Platform.Shared.ni.dll MOD - [2014-02-27 15:24:56 | 000,023,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Pfeefa2b6#\5a0800b16b839050ad5606afb183e600\CLI.Caste.Platform.Dashboard.ni.dll MOD - [2014-02-27 15:24:55 | 000,040,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.H18c99613#\5281bb61a1f1c569254b3bd12d68f5b1\CLI.Caste.HydraVision.Runtime.ni.dll MOD - [2014-02-27 15:24:55 | 000,026,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.H92ba4e46#\82284d6aa0cef9c776fb9bc86d203c0d\CLI.Caste.HydraVision.Shared.ni.dll MOD - [2014-02-27 15:24:54 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I1010\3a88b9ed73f7415cc54004af89002cf8\DEM.Graphics.I1010.ni.dll MOD - [2014-02-27 15:24:54 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Hbb906c0b#\333bad956e2a124d13b1d2d372c83e2e\CLI.Caste.HydraVision.Dashboard.ni.dll MOD - [2014-02-27 15:24:54 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0906\d3b8d75bb334afa0a2019c4d0139f562\DEM.Graphics.I0906.ni.dll MOD - [2014-02-27 15:24:53 | 002,188,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.G962aa464#\e828a0a24bc4f30acd26277ea8b5b4b7\CLI.Caste.Graphics.Runtime.ni.dll MOD - [2014-02-27 15:24:51 | 000,033,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Fuel.Foundation\a83ecd977db117170900b0e5468e1ad4\Fuel.Foundation.ni.dll MOD - [2014-02-27 15:24:50 | 000,239,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.F36b07a2b#\4315a5c0fbf40f23c2a72d8e80c26be8\CLI.Caste.Fuel.Runtime.ni.dll MOD - [2014-02-27 15:24:50 | 000,026,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Ff3085433#\f74c2aafb82dfa9fb0b06457d5aba900\CLI.Caste.Fuel.Dashboard.ni.dll MOD - [2014-02-27 15:24:49 | 000,047,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.A4.Runtime\885b29e03948b168045fad40a7f8f9cd\CLI.Caste.A4.Runtime.ni.dll MOD - [2014-02-27 15:24:49 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Af820fedc#\c14546c267e3dff368b146ff2702bf37\CLI.Caste.A4.Dashboard.ni.dll MOD - [2014-02-27 15:24:45 | 000,041,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.ef3eaa4d#\c99c11c98f3aca83f78428f04c3d1b5a\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll MOD - [2014-02-27 15:24:44 | 000,090,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.3a6f1658#\685cf692720bc9b613d0d57644e0b013\CLI.Aspect.TransCode.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:44 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.4bbb0755#\9e63961843293efa679dbed16caf9b27\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll MOD - [2014-02-27 15:24:42 | 000,572,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.8d333b6b#\557955166d404a20cd1bbd2e207c8cd7\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:41 | 003,148,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.e9fd7406#\80e65934b4074e5a85befddbb63c6165\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll MOD - [2014-02-27 15:24:36 | 000,253,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.c7aaa0f8#\9107e0fffdb7ae10bc2d0fb673da0258\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:35 | 000,219,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.87ad5c75#\789cad39c4966783337353a9f7155371\CLI.Aspect.OverDrive5.Graphics.Dashboard.ni.dll MOD - [2014-02-27 15:24:34 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.abe74207#\13d264d53c9bc04287f20f49cbc2bebf\CLI.Aspect.MultiVPU2.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:33 | 000,553,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.846fa813#\f44aeb0a1a3a12ef16a0a002292a0bad\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll MOD - [2014-02-27 15:24:32 | 000,212,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.e8635fc7#\0e627b6dddbf9e4e5f017dfa1b66161f\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll MOD - [2014-02-27 15:24:28 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0709\7c8ab23afe178b7a954d57f51307fd8c\DEM.Graphics.I0709.ni.dll MOD - [2014-02-27 15:24:28 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.G60338cc0#\ca3da033d32e9ebbe146ab2b8ace7cf3\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll MOD - [2014-02-27 15:24:26 | 000,072,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.ae5e117c#\c61168fadec3c308717e4ecf993c2580\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:26 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.b0a7c1fb#\7467f14dcbaf80494de00b1001923cc7\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll MOD - [2014-02-27 15:24:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0804\60cead97feee056d6e0a233d89bf00a9\DEM.Graphics.I0804.ni.dll MOD - [2014-02-27 15:24:26 | 000,012,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0712\70b451b9b94bdfa942ba0b3fc34b9402\DEM.Graphics.I0712.ni.dll MOD - [2014-02-27 15:24:25 | 000,246,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.9b707b25#\e725f9b4dfcd6f5afd3c66703a605eff\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll MOD - [2014-02-27 15:24:25 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0912\59f894040c7818787d36bd03cfc62c54\DEM.Graphics.I0912.ni.dll MOD - [2014-02-27 15:24:25 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0706\b66e32cba5cbf7c2677b9cfd349c1e64\DEM.Graphics.I0706.ni.dll MOD - [2014-02-27 15:24:24 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.aa59351a#\87d9fcdaa2315ae7e63901f48b30c9b2\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll MOD - [2014-02-27 15:24:24 | 000,654,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.e6d9f3a8#\5395f419843c5ff66a65cba55707d357\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll MOD - [2014-02-27 15:24:24 | 000,195,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.eda8935e#\0531c4de90158845dc731df1a2c4f4d7\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:21 | 000,439,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.8e996306#\b8b12a4a81f109ab64343899c9436a17\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll MOD - [2014-02-27 15:24:21 | 000,017,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.c854b457#\f251db450cd5fc8b1ee5c6f8685bfc5a\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:20 | 000,115,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.a0ae52bc#\1ed086fab451c33d4185f59cd5eafac3\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:20 | 000,038,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.F24de14fe#\db58164ea5ecfa329a2e6dcb5c6c6cd3\CLI.Caste.Fuel.Shared.ni.dll MOD - [2014-02-27 15:24:20 | 000,024,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.37d3d968#\010a1c2b43eec905e8de61bdc2b0c689\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:19 | 000,387,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Gee7d2dbc#\d3f795e776c9ccb41c9ca29f1d2cef46\CLI.Caste.Graphics.Dashboard.ni.dll MOD - [2014-02-27 15:24:19 | 000,364,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.acb9d930#\985f65e38dc93a981b0740c249051c4b\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:19 | 000,230,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.7ec2db45#\7172769340a788e793b50072766b27a7\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:19 | 000,166,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.4542c692#\11cbc416fd26b6dc897927be02f64f6c\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:18 | 001,456,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Gd9d9b43b#\a88c7650b345a74d311fbb76fe722c10\CLI.Caste.Graphics.Dashboard.Shared.ni.dll MOD - [2014-02-27 15:24:18 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.3399d0ec#\16be1996dca8196895afb8a85dc0a83a\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:18 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.ec8786e5#\9020e0fde85dcc1945df1ecc29582195\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll MOD - [2014-02-27 15:24:17 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone59f353b4#\6f7c66eb78c5ab14b5878cee4a3ebdf1\CLI.Component.Runtime.Shared.Private.ni.dll MOD - [2014-02-27 15:24:16 | 001,953,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wfbf9373c#\a1e0c6bbb68657b2c1a69697a7ae219e\Microsoft.WindowsAPICodePack.Shell.ni.dll MOD - [2014-02-27 15:24:16 | 000,038,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.A4.Shared\f57d1854bf8de55ed6f0677d596c90fb\CLI.Caste.A4.Shared.ni.dll MOD - [2014-02-27 15:24:15 | 000,270,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W8090224c#\38333c42b6c04fc0f1825d19f6ccbffb\Microsoft.WindowsAPICodePack.ni.dll MOD - [2014-02-27 15:24:14 | 000,769,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundatd3771151#\f445d63e944a931700bf8d52c5f463c2\CLI.Foundation.Client.ni.dll MOD - [2014-02-27 15:24:14 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll MOD - [2014-02-27 15:24:13 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone168638d1#\88459a17d54de0afadeff2a27d8a451a\CLI.Component.Client.Shared.Private.ni.dll MOD - [2014-02-27 15:24:13 | 000,071,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componef4cf054f#\a5e6fa714c2b664bafaa358ee79798f8\CLI.Component.Dashboard.Shared.ni.dll MOD - [2014-02-27 15:24:13 | 000,023,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ResourceManf163905a#\5a461d3ee554c2153dac74008c78ee2e\ResourceManagement.Foundation.Private.ni.dll MOD - [2014-02-27 15:24:13 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componef1fd67b2#\644ee2488b44da370651b03fc9cfb418\CLI.Component.Client.Shared.ni.dll MOD - [2014-02-27 15:24:08 | 001,566,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componec89c3bec#\03f953e38ec2345249516f4aa14e9aa4\CLI.Component.Dashboard.Shared.Private.ni.dll MOD - [2014-02-27 15:24:05 | 000,155,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CCC.Implementation\ea80635ca0096d09aa81c4f92de603fe\CCC.Implementation.ni.dll MOD - [2014-02-27 15:24:05 | 000,065,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundatcaafa75b#\ea2b7f34c4086339686724a13b66cc40\LOG.Foundation.Implementation.Private.ni.dll MOD - [2014-02-27 15:24:05 | 000,012,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MOM.Foundation\b8f912fff3c787ec878f6a88363789e5\MOM.Foundation.ni.dll MOD - [2014-02-27 15:24:04 | 001,765,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.G60a7b4d1#\586413c4f6e86528b793949095d82825\CLI.Caste.Graphics.Shared.ni.dll MOD - [2014-02-27 15:24:04 | 000,018,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CCC\d8ae649364dd4f9813b3ac8234310e0f\CCC.ni.exe MOD - [2014-02-27 15:24:03 | 000,910,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Localizatio01dbc1c0#\0c8b9bb9391d9e242f00e32df7bd14dc\Localization.Foundation.Private.ni.dll MOD - [2014-02-27 15:24:02 | 000,208,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\APM.Server\129e1ac5033b29f21b0e9ac34a963d1c\APM.Server.ni.dll MOD - [2014-02-27 15:24:02 | 000,076,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundat3d5d3945#\4afd141f6753b53c8cb7af52c4bc4b85\CLI.Foundation.Private.ni.dll MOD - [2014-02-27 15:24:02 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\APM.Foundation\568a9450e5b7c34c9bb1a47694c04b0e\APM.Foundation.ni.dll MOD - [2014-02-27 15:24:01 | 000,199,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Server\31ecb2b11030b3bb4ab42ddb3d9a4234\AEM.Server.ni.dll MOD - [2014-02-27 15:24:00 | 000,243,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundation\a301e7e786f5c47eca7fd9a49c541da1\CLI.Foundation.ni.dll MOD - [2014-02-27 15:24:00 | 000,070,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundat619559bd#\ace6f145edc5af131d1ce48469f44fdb\CLI.Foundation.CoreAudioAPI.ni.dll MOD - [2014-02-27 15:24:00 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.674d2b8a#\cf1e6561465d384ade30df15628552b1\AEM.Plugin.WinMessages.Shared.ni.dll MOD - [2014-02-27 15:24:00 | 000,012,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone1b4a8c97#\9ca95d01f896b30295f5c9fe37cce1a2\CLI.Component.Runtime.Shared.ni.dll MOD - [2014-02-27 15:23:59 | 000,224,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.5d945b6b#\400bbfd0cb113ab637ffaf300f38d7b9\AEM.Plugin.Source.Kit.Server.ni.dll MOD - [2014-02-27 15:23:59 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics\da9edb4b7b551b741906c719e9b513ab\DEM.Graphics.ni.dll MOD - [2014-02-27 15:23:58 | 000,091,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0601\1075b957552826cb33fe8f6faa682031\DEM.Graphics.I0601.ni.dll MOD - [2014-02-27 15:23:58 | 000,021,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Foundation\487fb81cb4402f312d5d45f064aed646\DEM.Foundation.ni.dll MOD - [2014-02-27 15:23:58 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Server.Shared\ca203d621be069039e223f2ed6d5d7e1\AEM.Server.Shared.ni.dll MOD - [2014-02-27 15:23:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.2b6a6775#\cca1b6ae3b7bfdac4fe3aa7d2583d25e\AEM.Plugin.Hotkeys.Shared.ni.dll MOD - [2014-02-27 15:23:57 | 000,012,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.88aba5d2#\8ca3e0d73c8ca6077dd35c6115376a15\AEM.Plugin.REG.Shared.ni.dll MOD - [2014-02-27 15:23:56 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\NEWAEM.Foundation\b40ee1c337f8b589fec78081e70414dc\NEWAEM.Foundation.ni.dll MOD - [2014-02-27 15:23:56 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Actions5dc83b46#\1052a984178c718de83bb8849f366aea\AEM.Actions.CCAA.Shared.ni.dll MOD - [2014-02-27 15:23:56 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.0a1309f7#\c28fc1910a545fb12baa6d007a570184\AEM.Plugin.EEU.Shared.ni.dll MOD - [2014-02-27 15:23:56 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.GD.Shared\38adbe67b5bb39979954f436d019ad4d\AEM.Plugin.GD.Shared.ni.dll MOD - [2014-02-27 15:23:55 | 000,626,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ADL.Foundation\f0080b25f9d9bde870968dd3835b91db\ADL.Foundation.ni.dll MOD - [2014-02-27 15:23:54 | 000,117,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundat5023f8e7#\1183a2ad2cbedbc26c4ec8cdb790d992\LOG.Foundation.Private.ni.dll MOD - [2014-02-27 15:23:54 | 000,098,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundation\732c000c81bced11cb31b0fff6a2517a\LOG.Foundation.ni.dll MOD - [2014-02-27 15:23:54 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\A4.Foundation\4ca6ff5be6c865c468a3d20b4a0a5729\A4.Foundation.ni.dll MOD - [2014-02-26 19:19:44 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll MOD - [2014-02-26 19:19:43 | 013,620,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\921861ef36355e6f12a981a188f99b8a\System.Web.ni.dll MOD - [2014-02-26 19:19:37 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll MOD - [2014-02-26 19:19:36 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\966f64a25064fe74936295dc06ec586e\System.Runtime.Remoting.ni.dll MOD - [2014-02-26 19:19:35 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll MOD - [2014-02-26 19:19:31 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll MOD - [2014-02-26 19:19:28 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll MOD - [2014-02-26 19:19:25 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll MOD - [2014-02-26 19:19:24 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll MOD - [2014-02-26 19:19:22 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll MOD - [2014-02-26 19:19:21 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll MOD - [2014-02-26 19:19:20 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll MOD - [2014-02-26 19:19:19 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll MOD - [2014-02-26 19:19:15 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll MOD - [2010-09-03 14:52:48 | 000,606,208 | ---- | M] () -- C:\Program Files\ScreenShooter\screenshooter.exe MOD - [2010-09-03 14:50:48 | 002,537,472 | ---- | M] () -- C:\Program Files\ScreenShooter\QtCore4.dll MOD - [2010-08-31 15:36:06 | 000,287,232 | ---- | M] () -- C:\Program Files\ScreenShooter\imageformats\qjpeg4.dll MOD - [2010-08-31 11:49:22 | 009,812,992 | ---- | M] () -- C:\Program Files\ScreenShooter\QtGui4.dll MOD - [2010-08-31 11:15:32 | 001,140,224 | ---- | M] () -- C:\Program Files\ScreenShooter\QtNetwork4.dll MOD - [2010-06-22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files\ROCCAT\Kone[+] Mouse\hiddriver.dll MOD - [2009-06-22 20:42:42 | 000,043,008 | ---- | M] () -- C:\Program Files\ScreenShooter\libgcc_s_dw2-1.dll MOD - [2009-01-10 12:32:40 | 000,011,362 | ---- | M] () -- C:\Program Files\ScreenShooter\mingwm10.dll MOD - [2007-02-12 14:50:40 | 000,020,480 | ---- | M] () -- C:\Windows\FixCamera.exe MOD - [2006-10-10 14:11:08 | 000,827,392 | ---- | M] () -- C:\Windows\vsnp325.exe [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2014-03-15 15:26:23 | 001,074,480 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe -- (FlexNet Licensing Service) SRV - [2014-03-12 09:27:18 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-03-11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2014-03-11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2014-03-01 05:38:23 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2014-02-25 23:57:46 | 000,568,512 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-08-15 14:10:46 | 000,209,408 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013-05-27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-02-04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012-12-14 02:02:14 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs) SRV - [2012-10-03 11:29:20 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012-09-28 09:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\oem\AppData\Local\Temp\uxriqpow.sys -- (uxriqpow) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm) DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\nvhda32v.sys -- (NVHDA) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2014-04-06 14:01:52 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{62FC97CC-A917-4594-A1C6-49ED65B4EF03}\MpKslf1e5c4b0.sys -- (MpKslf1e5c4b0) DRV - [2014-04-06 13:56:16 | 000,320,120 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2014-03-11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2013-08-15 15:07:54 | 011,037,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2013-08-15 13:38:44 | 000,495,104 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2013-07-05 10:40:32 | 000,078,848 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2013-06-04 12:49:27 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2013-06-04 12:49:27 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2012-10-04 18:16:49 | 000,083,872 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2012-10-04 18:16:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2012-08-23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012-08-23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011-09-16 09:12:58 | 000,027,752 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan620.sys -- (RTVLANPT) DRV - [2011-06-15 15:11:20 | 000,050,280 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM) DRV - [2011-06-15 15:11:20 | 000,050,280 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT) DRV - [2011-06-15 15:11:20 | 000,027,648 | ---- | M] (Realtek ) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60) DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-10-19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) DRV - [2010-01-05 19:20:10 | 001,500,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008-10-21 11:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008-10-21 11:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008-10-21 11:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008-10-21 11:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008-10-21 11:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008-10-21 11:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008-10-21 11:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2007-03-07 16:58:30 | 010,260,864 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp325.sys -- (SNP325) DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-348518381-1321380691-2008726651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE - HKU\S-1-5-21-348518381-1321380691-2008726651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com IE - HKU\S-1-5-21-348518381-1321380691-2008726651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-348518381-1321380691-2008726651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-348518381-1321380691-2008726651-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.bing.com IE - HKU\S-1-5-21-348518381-1321380691-2008726651-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ IE - HKU\S-1-5-21-348518381-1321380691-2008726651-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com IE - HKU\S-1-5-21-348518381-1321380691-2008726651-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com IE - HKU\S-1-5-21-348518381-1321380691-2008726651-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com IE - HKU\S-1-5-21-348518381-1321380691-2008726651-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com IE - HKU\S-1-5-21-348518381-1321380691-2008726651-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-348518381-1321380691-2008726651-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKU\S-1-5-21-348518381-1321380691-2008726651-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\oem\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\oem\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\oem\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\oem\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () [2013-06-07 19:16:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\oem\AppData\Roaming\mozilla\Extensions [2013-05-22 08:40:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\oem\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\oem\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\oem\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll CHR - plugin: Uplay PC (Enabled) = C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll CHR - plugin: Power Challenge Loader (Enabled) = C:\Users\oem\AppData\LocalLow\POWERC~1\nppowerloader.dll CHR - plugin: Unity Player (Enabled) = C:\Users\oem\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\oem\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: Dysk Google = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Photo Zoom for Facebook = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_0\ CHR - Extension: AdBlock = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\ CHR - Extension: Cut the Rope = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0\ CHR - Extension: Thor 2 Theme [FVD] = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\joojeogmgmedneedbmilkmpbjnomodcp\2.0_0\ CHR - Extension: Google Wallet = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\ CHR - Extension: Google Wallet = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Checker Plus for Gmail™ = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\16.1_0\ CHR - Extension: Checker Plus for Gmail™ = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\16.4.1_0\ CHR - Extension: Checker Plus for Gmail™ = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\16.4_0\ CHR - Extension: Checker Plus for Gmail™ = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\16.6.3_0\ CHR - Extension: Checker Plus for Gmail™ = C:\Users\oem\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\16.6_0\ O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\No1 Video Converter\msdxm.ocx (Microsoft Corporation) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe () O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RoccatKone+] C:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH) O4 - HKLM..\Run: [snp325] C:\Windows\vsnp325.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-348518381-1321380691-2008726651-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-348518381-1321380691-2008726651-1000..\Run: [Hoolapp Android] "C:\Users\oem\AppData\Roaming\HOOLAP~2\Hoolapp.exe" /Minimized File not found O4 - HKU\S-1-5-21-348518381-1321380691-2008726651-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-348518381-1321380691-2008726651-1000..\Run: [screenshooter] C:\Program Files\ScreenShooter\screenshooter.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E397BD6-F395-45CC-A38C-17D81F68CBFD}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9F1E130-6C13-4030-AA75-FF7F2A321151}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\No1 Video Converter\msdxm.ocx (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{a551ef2a-6aae-11e2-891c-902b34066f1f}\Shell - "" = AutoRun O33 - MountPoints2\{a551ef2a-6aae-11e2-891c-902b34066f1f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-04-06 13:56:15 | 000,320,120 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys [2014-04-06 12:33:46 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-04-06 12:28:17 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2014-04-06 12:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014-04-06 12:27:31 | 000,073,432 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys [2014-04-06 12:27:30 | 000,051,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys [2014-04-06 12:27:30 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2014-04-06 12:27:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware [2014-04-06 12:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014-03-31 17:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2014-03-31 16:52:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends [2014-03-31 16:35:01 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Riot Games [2014-03-31 12:24:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2014-03-31 12:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2014-03-31 12:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs [2014-03-28 10:27:11 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\DropboxMaster [2014-03-28 10:27:03 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2014-03-28 09:37:45 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\Dropbox [2014-03-25 12:26:40 | 000,000,000 | R--D | C] -- C:\Users\oem\Desktop\tato [2014-03-25 12:25:04 | 000,000,000 | R--D | C] -- C:\Users\oem\Dysk Google [2014-03-25 12:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive [2014-03-25 12:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2014-03-24 18:12:52 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\Skype [2014-03-24 18:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2014-03-24 18:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2014-03-24 18:12:38 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2014-03-24 09:37:06 | 000,000,000 | ---D | C] -- C:\Windows\jumpshot.com [2014-03-15 15:35:43 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Roaming\ESRI [2014-03-15 15:35:43 | 000,000,000 | ---D | C] -- C:\Users\oem\Documents\ArcGIS [2014-03-15 15:35:36 | 000,000,000 | ---D | C] -- C:\Users\oem\AppData\Local\ESRI [2014-03-15 15:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2014-03-15 15:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared [2014-03-15 15:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS [2014-03-15 15:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 4.0 [2014-03-15 15:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Data Dynamics [2014-03-15 15:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Tom Sawyer Software [2014-03-15 15:18:17 | 000,000,000 | ---D | C] -- C:\Python27 [2014-03-15 15:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcGIS [2014-03-12 14:29:20 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe [2014-03-12 14:29:20 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll [2014-03-12 14:29:20 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014-03-12 14:29:20 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2014-03-12 14:29:19 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2014-03-12 14:29:19 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2014-03-12 14:29:19 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll [2014-03-12 14:29:19 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014-03-12 14:29:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll [2014-03-12 14:29:18 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014-03-12 14:29:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014-03-12 14:29:16 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014-03-12 14:29:16 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014-03-12 14:29:16 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014-03-12 14:29:16 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2014-03-12 14:29:16 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2014-03-12 14:29:16 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2014-03-12 14:28:01 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2014-03-12 14:27:58 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014-03-12 14:26:28 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-04-06 14:47:47 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-348518381-1321380691-2008726651-1000UA.job [2014-04-06 14:32:55 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-04-06 14:27:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-04-06 14:08:52 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-04-06 14:08:52 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-04-06 14:06:35 | 000,743,676 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2014-04-06 14:06:35 | 000,657,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014-04-06 14:06:35 | 000,157,290 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2014-04-06 14:06:35 | 000,123,008 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014-04-06 14:01:55 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-04-06 14:01:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-04-06 14:01:20 | 2802,974,720 | -HS- | M] () -- C:\hiberfil.sys [2014-04-06 13:46:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-348518381-1321380691-2008726651-1000Core.job [2014-04-06 12:33:57 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-04-06 12:15:38 | 000,000,068 | ---- | M] () -- C:\Users\oem\AppData\Roaming\WB.CFG [2014-04-04 13:02:23 | 000,002,097 | ---- | M] () -- C:\Users\oem\Desktop\Skype.lnk [2014-04-03 12:57:03 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2014-04-03 09:51:14 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys [2014-04-03 09:51:00 | 000,073,432 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys [2014-04-03 09:50:56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2014-04-02 11:50:42 | 000,183,020 | ---- | M] () -- C:\Users\oem\Desktop\wyklad_1(1).pdf [2014-03-31 18:25:11 | 000,007,597 | ---- | M] () -- C:\Users\oem\AppData\Local\resmon.resmoncfg [2014-03-31 16:52:21 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2014-03-27 18:01:55 | 000,010,158 | ---- | M] () -- C:\Users\oem\.recently-used.xbel [2014-03-25 15:28:08 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2014-03-24 09:43:03 | 000,227,877 | ---- | M] () -- C:\Users\oem\Desktop\wyklad_4(1).pdf [2014-03-24 09:42:30 | 000,229,334 | ---- | M] () -- C:\Users\oem\Desktop\wyklad_3(1).pdf [2014-03-24 09:42:22 | 000,232,289 | ---- | M] () -- C:\Users\oem\Desktop\wyklad_2(1).pdf [2014-03-24 09:41:23 | 000,063,263 | ---- | M] () -- C:\Users\oem\Desktop\wyklad_5(1).pdf [2014-03-16 09:20:21 | 000,415,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014-03-12 09:27:18 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014-03-12 09:27:18 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014-03-11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\NisDrvWFP.sys [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-04-04 13:02:23 | 000,002,097 | ---- | C] () -- C:\Users\oem\Desktop\Skype.lnk [2014-04-02 11:50:26 | 000,183,020 | ---- | C] () -- C:\Users\oem\Desktop\wyklad_1(1).pdf [2014-03-31 17:14:26 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2014-03-31 17:14:20 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2014-03-31 16:52:21 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2014-03-27 18:01:55 | 000,010,158 | ---- | C] () -- C:\Users\oem\.recently-used.xbel [2014-03-25 12:22:18 | 000,001,030 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-03-25 12:22:17 | 000,001,026 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-03-24 09:43:03 | 000,227,877 | ---- | C] () -- C:\Users\oem\Desktop\wyklad_4(1).pdf [2014-03-24 09:42:28 | 000,229,334 | ---- | C] () -- C:\Users\oem\Desktop\wyklad_3(1).pdf [2014-03-24 09:42:21 | 000,232,289 | ---- | C] () -- C:\Users\oem\Desktop\wyklad_2(1).pdf [2014-03-24 09:41:23 | 000,063,263 | ---- | C] () -- C:\Users\oem\Desktop\wyklad_5(1).pdf [2014-01-15 19:59:10 | 000,000,464 | ---- | C] () -- C:\Users\oem\AppData\Roaming\AutoGK.ini [2013-12-31 11:40:08 | 000,000,005 | ---- | C] () -- C:\Users\oem\AppData\Roaming\WBPU-Q5-TTL.DAT [2013-12-15 16:04:21 | 000,004,096 | -H-- | C] () -- C:\Users\oem\AppData\Local\keyfile3.drm [2013-12-10 22:40:12 | 836,726,154 | ---- | C] () -- C:\Users\oem\Media1.cab [2013-12-10 22:40:12 | 790,346,380 | ---- | C] () -- C:\Users\oem\Media6.cab.partial [2013-12-10 22:40:12 | 753,053,721 | ---- | C] () -- C:\Users\oem\Media4.cab [2013-12-10 22:40:12 | 721,602,684 | ---- | C] () -- C:\Users\oem\Media3.cab [2013-12-10 22:40:12 | 714,573,128 | ---- | C] () -- C:\Users\oem\Media2.cab [2013-12-10 22:40:12 | 624,169,518 | ---- | C] () -- C:\Users\oem\Media5.cab [2013-12-10 22:40:12 | 596,778,756 | ---- | C] () -- C:\Users\oem\Media.cab [2013-12-10 22:40:12 | 001,502,720 | ---- | C] () -- C:\Users\oem\RagnarokOnline2-Installer.msi.partial [2013-10-09 16:35:09 | 000,139,720 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013-10-09 16:35:09 | 000,139,152 | ---- | C] () -- C:\Users\oem\AppData\Roaming\PnkBstrK.sys [2013-10-09 16:34:58 | 000,291,944 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2013-10-09 16:34:56 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2013-08-20 21:32:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013-08-15 14:55:12 | 000,200,704 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2013-08-15 09:01:18 | 000,038,912 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2013-07-27 09:40:03 | 000,000,068 | ---- | C] () -- C:\Users\oem\AppData\Roaming\WB.CFG [2013-07-18 17:47:16 | 000,231,856 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat [2013-07-18 17:38:38 | 000,233,396 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat [2013-07-15 18:29:22 | 000,082,944 | ---- | C] () -- C:\Windows\System32\ativce02.dat [2013-06-27 22:51:59 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum [2013-06-27 08:05:56 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum [2013-06-27 08:05:56 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum [2013-06-15 10:40:11 | 000,000,005 | ---- | C] () -- C:\Users\oem\AppData\Roaming\WBPU-TTL.DAT [2013-06-07 15:49:17 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2013-06-07 15:46:45 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2013-04-12 10:42:09 | 000,000,429 | ---- | C] () -- C:\Users\oem\efaktura.properties [2013-04-10 17:34:24 | 000,662,785 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2013-03-29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\System32\amdocl_ld32.exe [2013-03-29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\System32\amdocl_as32.exe [2013-03-29 03:24:06 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2013-03-29 03:24:06 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2013-03-15 20:11:20 | 000,005,120 | ---- | C] () -- C:\Users\oem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-03-15 20:08:16 | 000,000,066 | ---- | C] () -- C:\Windows\#1 Video Converter.INI [2013-03-15 19:37:39 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2013-03-15 19:29:55 | 000,000,107 | ---- | C] () -- C:\Windows\VobEdit.INI [2012-12-14 02:02:20 | 000,963,452 | ---- | C] () -- C:\Windows\System32\igcodeckrng600.bin [2012-12-14 02:02:20 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2012-12-14 02:02:20 | 000,064,512 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2012-12-14 02:02:20 | 000,009,728 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012-12-14 02:02:20 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2012-12-14 02:02:16 | 000,272,928 | ---- | C] () -- C:\Windows\System32\igvpkrng600.bin [2012-11-21 15:10:20 | 003,123,272 | R--- | C] () -- C:\Windows\System32\pbsvc.exe [2012-11-13 13:01:56 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2012-10-21 15:05:38 | 000,093,670 | ---- | C] () -- C:\Users\oem\AppData\Roaming\Uninstal.exe [2012-10-18 16:33:47 | 000,007,597 | ---- | C] () -- C:\Users\oem\AppData\Local\resmon.resmoncfg [2012-10-04 18:12:34 | 000,083,872 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2012-10-04 18:12:33 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2012-10-04 17:20:29 | 000,000,412 | ---- | C] () -- C:\Windows\ODBC.INI [2012-10-04 17:07:09 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2012-10-04 17:07:08 | 000,827,392 | ---- | C] () -- C:\Windows\vsnp325.exe [2012-10-04 17:07:08 | 000,015,498 | ---- | C] () -- C:\Windows\snp325.ini [2012-10-04 17:07:07 | 000,147,456 | ---- | C] ( ) -- C:\Windows\System32\rsnp325.dll [2012-10-04 17:07:07 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnp325.dll [2012-10-04 17:07:07 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp325.dll [2012-10-04 09:09:05 | 000,704,512 | ---- | C] () -- C:\Windows\System32\mfcl31d.dll [2012-10-03 12:07:08 | 000,001,024 | ---- | C] () -- C:\Users\oem\.rnd [2012-10-03 11:54:02 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2012-10-03 10:12:10 | 000,293,889 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012-10-03 09:58:07 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012-10-03 09:58:07 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012-10-03 09:58:06 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2014-04-06 10:54:45 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\.minecraft [2014-01-06 13:05:21 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\.minecraftzyczu [2014-02-19 18:56:44 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\.spoutcraft [2014-04-04 14:27:34 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\AIMP3 [2014-03-31 12:35:05 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\DAEMON Tools Lite [2014-03-28 10:27:16 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Dropbox [2014-03-28 10:27:16 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\DropboxMaster [2013-02-15 15:09:27 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\efile.epity2012 [2014-03-15 15:35:43 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\ESRI [2014-04-06 14:28:22 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\GG [2013-01-30 10:18:46 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\GHISLER [2014-03-27 18:01:55 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\gtk-2.0 [2013-05-22 08:40:51 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Hoolapp Packages [2013-06-07 16:01:29 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\HoolappForAndroid [2012-10-04 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\LolClient [2013-02-11 21:59:23 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Minecraft Version Changer [2013-04-10 16:26:16 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\mkvtoolnix [2013-03-09 22:57:42 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\NapiProjekt [2012-10-03 15:50:42 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Nowe Gadu-Gadu [2012-10-03 15:56:45 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Opera [2014-02-08 16:45:04 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Opera Software [2013-09-22 14:33:19 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Origin [2014-01-29 19:27:00 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Podatnik.info [2014-03-31 16:53:48 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Riot Games [2013-01-07 14:25:46 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\runic games [2013-06-07 15:49:50 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Samsung [2013-06-19 10:59:09 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Sony [2013-10-22 13:41:52 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Theta [2013-09-16 12:11:00 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Trine2 [2014-04-02 11:49:12 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\TS3Client [2013-05-06 20:57:10 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Unity [2014-03-31 20:02:35 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\uTorrent [2013-12-10 22:44:57 | 000,000,000 | ---D | M] -- C:\Users\oem\AppData\Roaming\Warner Bros. Interactive Entertainment [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 24 bytes -> C:\Windows:40E81AA6A3C03BD4 < End of report >