OTL logfile created on: 2014-10-30 18:10:17 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DG\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17358) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2,24 Gb Total Physical Memory | 0,76 Gb Available Physical Memory | 33,93% Memory free 4,48 Gb Paging File | 2,22 Gb Available in Paging File | 49,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 312,51 Gb Total Space | 164,65 Gb Free Space | 52,69% Space Free | Partition Type: NTFS Drive M: | 153,15 Gb Total Space | 43,17 Gb Free Space | 28,19% Space Free | Partition Type: NTFS Computer Name: M | User Name: DG | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-10-30 18:02:09 | 000,380,416 | ---- | M] () -- C:\Users\DG\Downloads\h1dt6t9q.exe PRC - [2014-10-30 18:01:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DG\Downloads\OTL.exe PRC - [2014-10-29 07:13:10 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2014-10-23 15:15:18 | 002,881,888 | ---- | M] () -- C:\Program Files\SpyShelter Personal Free\SpyShelter.exe PRC - [2014-10-17 15:08:32 | 000,389,744 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe PRC - [2014-10-14 07:38:37 | 004,816,568 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe PRC - [2014-10-14 07:38:33 | 004,873,248 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2guard.exe PRC - [2014-09-18 16:32:30 | 003,791,864 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2014-09-15 23:03:20 | 000,513,536 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2014-09-15 23:03:16 | 000,208,896 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2014-09-15 18:13:10 | 000,276,992 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe PRC - [2014-07-26 19:34:29 | 001,876,816 | ---- | M] (SurfRight B.V.) -- C:\Program Files\HitmanPro.Alert\hmpalert.exe PRC - [2014-06-12 17:02:10 | 000,064,624 | ---- | M] (CyberGhost S.R.L) -- C:\Program Files\CyberGhost 5\Service.exe PRC - [2014-06-11 00:51:56 | 000,508,232 | ---- | M] (QFX Software Corporation) -- C:\Program Files\KeyScrambler\KeyScrambler.exe PRC - [2014-04-11 19:17:18 | 000,650,816 | ---- | M] (MyCity) -- C:\Program Files\MCShield\MCShieldRTM.exe PRC - [2013-10-11 02:40:20 | 007,558,464 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oaui.exe PRC - [2013-10-11 02:40:20 | 004,457,688 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oasrv.exe PRC - [2013-10-11 02:40:16 | 003,976,672 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oahlp.exe PRC - [2013-10-11 02:40:14 | 000,584,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe PRC - [2013-10-08 22:07:44 | 000,885,096 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe PRC - [2013-08-02 01:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2013-03-26 17:33:50 | 007,092,312 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe PRC - [2013-02-15 11:59:48 | 000,830,376 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012-09-22 03:32:40 | 000,655,744 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe PRC - [2011-10-14 07:47:00 | 001,571,432 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe PRC - [2011-03-14 16:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe PRC - [2011-03-14 16:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe PRC - [2011-02-25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-07-10 06:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-10-30 18:02:09 | 000,380,416 | ---- | M] () -- C:\Users\DG\Downloads\h1dt6t9q.exe MOD - [2014-10-30 08:02:50 | 016,832,176 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_15_0_0_189.dll MOD - [2014-10-29 16:45:20 | 000,230,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ResourceMan446ca0e5#\58d65109c116cea1f27d87ad824f2441\ResourceManagement.Foundation.Implementation.ni.dll MOD - [2014-10-29 16:45:18 | 000,318,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MOM.Implementation\89d78e4f53e47f95ab31be0782b1024e\MOM.Implementation.ni.dll MOD - [2014-10-29 16:45:17 | 000,018,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MOM\0260ad3d37be86d484b43dfe8ba85ae8\MOM.ni.exe MOD - [2014-10-29 16:45:15 | 000,227,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundat03490438#\eb06618d1b0a216c5323de81b9d68ac6\LOG.Foundation.Implementation.ni.dll MOD - [2014-10-29 16:45:08 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0812\549420fb67df19545655ee62fad5b13e\DEM.Graphics.I0812.ni.dll MOD - [2014-10-29 16:45:08 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0805\dbeae6fd525d25ed9e6a18cdc18ea68c\DEM.Graphics.I0805.ni.dll MOD - [2014-10-29 16:45:05 | 000,050,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundat60cdf5df#\355e5c17b987361e71207aebdb2418ca\CLI.Foundation.XManifest.ni.dll MOD - [2014-10-29 16:45:03 | 000,797,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone26c9c557#\58ede35aeaf51da76fe70e6b5c9d9ef3\CLI.Component.Systemtray.ni.dll MOD - [2014-10-29 16:45:01 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.73911eb5#\e8e622688689a60dc87dec2297b35399\CLI.Aspect.WirelessDisplay.Graphics.Shared.ni.dll MOD - [2014-10-29 16:44:58 | 000,095,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ATICCCom\3d84b5d9a4e365e2313877f967169c73\ATICCCom.ni.dll MOD - [2014-10-29 16:44:58 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componeb4d0485c#\fd0b047d3318dd3c51641ee8e0e61c09\CLI.Component.Runtime.Extension.EEU.ni.dll MOD - [2014-10-29 16:44:57 | 000,190,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone6692ca50#\035941fe693ec370dee04f54e4dd4b67\CLI.Component.Runtime.ni.dll MOD - [2014-10-29 16:44:50 | 000,150,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone29e547cc#\79d6fcb7a1ce315971a086ab47678777\CLI.Component.Dashboard.ProfileManager2.ni.dll MOD - [2014-10-29 16:44:48 | 000,785,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone6bf88b08#\f6c1ce05267ddf048b37f6862353e99f\CLI.Component.Dashboard.ni.dll MOD - [2014-10-29 16:44:45 | 000,145,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Combine930f827b#\1467146200ba8eee45440c428adfcba5\CLI.Combined.HydraVision.Aspects.Runtime.ni.dll MOD - [2014-10-29 16:44:44 | 000,891,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Combine7332395e#\a8623523a2e6ef5e24004a0113d47f9e\CLI.Combined.Graphics.Aspects2.Runtime.ni.dll MOD - [2014-10-29 16:44:44 | 000,038,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.382a3def#\ce95b5f0ae5f7e7cf64632c54e1e5aaa\CLI.Aspect.AMDOverDrive.Platform.Shared.ni.dll MOD - [2014-10-29 16:44:41 | 002,300,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Combine0616f305#\2699529ca50d4a02450fcddaf0b76bc5\CLI.Combined.Graphics.Aspects1.Dashboard.ni.dll MOD - [2014-10-29 16:44:39 | 000,284,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Combinee84f0351#\a7e40edbf87bc110127882377e6bde5f\CLI.Combined.Fusion.Aspects.Runtime.ni.dll MOD - [2014-10-29 16:44:37 | 000,038,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Pdb36d56e#\250110d5fd04088b94dfde563be204c8\CLI.Caste.Platform.Runtime.ni.dll MOD - [2014-10-29 16:44:37 | 000,026,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Pac40511b#\f6bedaa6bbd7a839e389c03f4b0e899e\CLI.Caste.Platform.Shared.ni.dll MOD - [2014-10-29 16:44:36 | 000,023,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Pfeefa2b6#\f3d3d3856589d6ff66f2bccdf1dc18c0\CLI.Caste.Platform.Dashboard.ni.dll MOD - [2014-10-29 16:44:35 | 000,040,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.H18c99613#\15a26ba7391aa5bf789a83d87ba61aee\CLI.Caste.HydraVision.Runtime.ni.dll MOD - [2014-10-29 16:44:34 | 000,026,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.H92ba4e46#\ea347aead02493ef70a91d7a2e946bf1\CLI.Caste.HydraVision.Shared.ni.dll MOD - [2014-10-29 16:44:34 | 000,025,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Hbb906c0b#\502d14c65a7f8675b14294d6e875a5f9\CLI.Caste.HydraVision.Dashboard.ni.dll MOD - [2014-10-29 16:44:32 | 002,526,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.G962aa464#\6ddcad87200b356096f6a011997208a7\CLI.Caste.Graphics.Runtime.ni.dll MOD - [2014-10-29 16:44:32 | 000,027,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I1010\79f9ea618499a6bedff6326faa886fde\DEM.Graphics.I1010.ni.dll MOD - [2014-10-29 16:44:32 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0906\fcfc4df50c95f540eb61167451a8e04d\DEM.Graphics.I0906.ni.dll MOD - [2014-10-29 16:44:26 | 000,239,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.F36b07a2b#\c6b92244d985d14811e220eb55308c0c\CLI.Caste.Fuel.Runtime.ni.dll MOD - [2014-10-29 16:44:26 | 000,033,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Fuel.Foundation\572a407853384ae4873646e3e1e394c8\Fuel.Foundation.ni.dll MOD - [2014-10-29 16:44:25 | 000,026,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Ff3085433#\258427dcb89b41173508c0af7d7294f3\CLI.Caste.Fuel.Dashboard.ni.dll MOD - [2014-10-29 16:44:24 | 000,047,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.A4.Runtime\8ea1e1d9b8b645b45681990f8a290be6\CLI.Caste.A4.Runtime.ni.dll MOD - [2014-10-29 16:44:23 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Af820fedc#\8ac65774f62638af1e815c07ff6fad02\CLI.Caste.A4.Dashboard.ni.dll MOD - [2014-10-29 16:44:19 | 000,021,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.c2a2b491#\85387b56904e65b398fbac4a2c58c534\CLI.Aspect.WiFi.Fuel.Shared.ni.dll MOD - [2014-10-29 16:44:18 | 000,064,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.648b65fc#\8e08fba92669dafe65ef7277c038de87\CLI.Aspect.WiFi.Fuel.Dashboard.ni.dll MOD - [2014-10-29 16:44:17 | 001,306,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.d7e090dc#\97c3184e7ab8dac539ae41ae1d2338fc\CLI.Aspect.User.Fuel.Dashboard.ni.dll MOD - [2014-10-29 16:44:15 | 000,057,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.8350f5c6#\5e8093f36ca5dcafa724c12be4dc3d3a\CLI.Aspect.UpdateNotification.Graphics.Runtime.ni.dll MOD - [2014-10-29 16:44:14 | 000,074,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.a765109e#\edb7d92ed5c7efee2dfbd9501460b2e1\CLI.Aspect.UpdateNotification.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:44:14 | 000,041,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.f480a2f3#\cbe0900a45eb232f129d8d816b8da0a9\CLI.Aspect.UpdateNotification.Graphics.Shared.ni.dll MOD - [2014-10-29 16:44:11 | 000,042,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.ef3eaa4d#\2f441651363bb0c69dd18dbb1f1d0287\CLI.Aspect.TransCode.Graphics.Runtime.ni.dll MOD - [2014-10-29 16:44:10 | 000,090,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.3a6f1658#\a58c2d8a9d4a126bbe29800800789a25\CLI.Aspect.TransCode.Graphics.Shared.ni.dll MOD - [2014-10-29 16:44:10 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.4bbb0755#\2ca944a8172aecff39f4dc4729cc4c6b\CLI.Aspect.TransCode.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:44:09 | 000,048,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.fdcb645d#\7da71c53715f6c7c3eed8ee72496f07d\CLI.Aspect.Settings.HydraVision.Shared.ni.dll MOD - [2014-10-29 16:44:05 | 000,572,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.8d333b6b#\6a95c6516288d327d7be4b0bf5982c3c\CLI.Aspect.Radeon3D.Graphics.Shared.ni.dll MOD - [2014-10-29 16:44:04 | 003,147,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.e9fd7406#\adcb0aebdde66c21d122ba7ef02754ba\CLI.Aspect.Radeon3D.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:44:01 | 000,618,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.79734f7a#\213ec398d42b4c9075a4ded1e47cfb78\CLI.Aspect.PowerXpress.Graphics.Runtime.ni.dll MOD - [2014-10-29 16:44:01 | 000,012,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0702\4a381c6a0c36262595b85d18af7b79e5\DEM.Graphics.I0702.ni.dll MOD - [2014-10-29 16:44:01 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0901\df48ccadc9ac8ffcb587312bf616574c\DEM.Graphics.I0901.ni.dll MOD - [2014-10-29 16:44:01 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0710\089d49629af303b780278d7a42998c5c\DEM.Graphics.I0710.ni.dll MOD - [2014-10-29 16:43:59 | 000,515,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.d4846ba2#\2594af045f196d2f0307baab13604cfb\CLI.Aspect.PowerXpress.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:43:57 | 000,112,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.46819220#\ae554f339e331c09e69e6d6db83a840f\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.ni.dll MOD - [2014-10-29 16:43:56 | 000,136,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.21d2ac78#\54fbb2edbbf5289ceb3417bd39d3f8db\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:43:56 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.59a12d95#\1ed2a4a3c2d0c3ccad999f4d60556bb9\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.ni.dll MOD - [2014-10-29 16:43:54 | 000,275,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.c7aaa0f8#\2781ece1172d345a297c16729bf0ec96\CLI.Aspect.OverDrive5.Graphics.Shared.ni.dll MOD - [2014-10-29 16:43:50 | 000,520,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.7ed14a2a#\782dcbf404c68074068b3e93659bbf6d\CLI.Aspect.MultiVPU2.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:43:50 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.abe74207#\d2a5692a3ed0c1625bb54fbda2a61042\CLI.Aspect.MultiVPU2.Graphics.Shared.ni.dll MOD - [2014-10-29 16:43:48 | 000,568,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.846fa813#\35e3386cc18953ae29f77b8135895b3e\CLI.Aspect.MMVideo.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:43:48 | 000,044,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.dd2ab3e8#\90dc7fee7acd76afff563bdb068497ff\CLI.Aspect.MultiDesk.HydraVision.Shared.ni.dll MOD - [2014-10-29 16:43:46 | 000,035,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.5432938c#\e39cabf54b132f7bdef584530ddc4b0a\CLI.Aspect.MDProp.HydraVision.Shared.ni.dll MOD - [2014-10-29 16:43:45 | 000,215,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.e8635fc7#\cd97bbdb3d444dad6210486c1ce47df8\CLI.Aspect.InfoCentre.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:43:44 | 000,034,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.bdcffe00#\3aeb9eaf6e6029146776a0c2f753e5b1\CLI.Aspect.Grid.HydraVision.Shared.ni.dll MOD - [2014-10-29 16:43:38 | 000,087,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.5a772e69#\88b8db9026551440254cd41edd3242d6\CLI.Aspect.Fets.Fuel.Dashboard.ni.dll MOD - [2014-10-29 16:43:38 | 000,065,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.caa5cc64#\d8fb876b5ed77c5bcfc296e2c6b4eb10\CLI.Aspect.Fets.Fuel.Shared.ni.dll MOD - [2014-10-29 16:43:36 | 000,083,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0709\accb789889f08ca39f7d0d40f8e7eba4\DEM.Graphics.I0709.ni.dll MOD - [2014-10-29 16:43:36 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.G60338cc0#\72e68ad7ad31025556258ed62bd86cd3\CLI.Caste.Graphics.Runtime.Shared.Private.ni.dll MOD - [2014-10-29 16:43:32 | 000,134,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.4ede500c#\a52fed5ef3f4fe56f9fcd5d9c80033d1\CLI.Aspect.DPPE.Fuel.Dashboard.ni.dll MOD - [2014-10-29 16:43:32 | 000,049,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.f45bd021#\d3b235f63a0894c60f0f666182b0e26e\CLI.Aspect.DPPE.Fuel.Shared.ni.dll MOD - [2014-10-29 16:43:31 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.b0a7c1fb#\e477807753058bdc69e2b162ba2f00e4\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:43:30 | 000,072,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.ae5e117c#\4d8cf649d23863fa943892447499777f\CLI.Aspect.DisplaysColour2.Graphics.Shared.ni.dll MOD - [2014-10-29 16:43:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0804\45b4add2b63638ee58ec3010f9a71a7b\DEM.Graphics.I0804.ni.dll MOD - [2014-10-29 16:43:28 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0912\1ea3b19eaffd5368f56d8b8a41e47c60\DEM.Graphics.I0912.ni.dll MOD - [2014-10-29 16:43:28 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0712\d101ec5959f90bd1f77a3de48b71a4b7\DEM.Graphics.I0712.ni.dll MOD - [2014-10-29 16:43:28 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0706\b7f3e220193e2eab1577b34cee832a5e\DEM.Graphics.I0706.ni.dll MOD - [2014-10-29 16:43:27 | 000,246,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.9b707b25#\905340f9dc197a294a849fe8907abb62\CLI.Aspect.DeviceProperty.Graphics.Runtime.ni.dll MOD - [2014-10-29 16:43:25 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.aa59351a#\3e55de3a4b9c71ec8fb83caaaeb295bd\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.ni.dll MOD - [2014-10-29 16:43:25 | 000,195,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.eda8935e#\7a4dc10e1a7be2bd8b646228ab2c74ec\CLI.Aspect.MMVideo.Graphics.Shared.ni.dll MOD - [2014-10-29 16:43:24 | 006,427,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.e6d9f3a8#\47310d4f2379b3511f3b668f97e9c1f2\CLI.Aspect.DeviceDFP.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:43:21 | 000,041,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.20568423#\3db18b96d1b7c08d25ee46fed58645e9\CLI.Aspect.DeskMan.HydraVision.Shared.ni.dll MOD - [2014-10-29 16:43:20 | 000,279,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.b3da5a8f#\73683e225553e86395f8e66106a8e7dd\CLI.Aspect.PowerXpress.Graphics.Shared.ni.dll MOD - [2014-10-29 16:43:19 | 000,088,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.d4f2f79c#\93ed8c8beb9efc4c511ba53395607517\CLI.Aspect.CrossFireX.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:43:18 | 000,439,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.8e996306#\339d80b8c9268f74056bd5dd426f4e22\CLI.Aspect.CrossDisplay.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:43:18 | 000,017,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.c854b457#\b5b6ed6895f2cf72a1999ffaa83e11cc\CLI.Aspect.HotkeysHandling.Graphics.Shared.ni.dll MOD - [2014-10-29 16:43:16 | 000,129,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.2042675f#\5e6f91c6e569bf552e773c6c0ac4a850\CLI.Aspect.CPUPStates.Fuel.Dashboard.ni.dll MOD - [2014-10-29 16:43:16 | 000,058,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.efd83192#\5f898d94c9400c2c038728ff86e6c6cb\CLI.Aspect.CPUPStates.Fuel.Shared.ni.dll MOD - [2014-10-29 16:43:16 | 000,038,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.F24de14fe#\c05b838a4c4ba4ddae48532924b80b8d\CLI.Caste.Fuel.Shared.ni.dll MOD - [2014-10-29 16:43:14 | 000,115,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.a0ae52bc#\1514965d608e36a2fb6a2e3acb98ad97\CLI.Aspect.DeviceLCD.Graphics.Shared.ni.dll MOD - [2014-10-29 16:43:14 | 000,024,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.37d3d968#\918a6d59c8826e27da542394c88d5b74\CLI.Aspect.AMDHome.Graphics.Shared.ni.dll MOD - [2014-10-29 16:43:13 | 000,478,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Gee7d2dbc#\2a6bcc2b7548d29c390b85f43dc63188\CLI.Caste.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:43:13 | 000,166,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.4542c692#\32af9ccf73224cc260add301554ad2b3\CLI.Aspect.DeviceCRT.Graphics.Shared.ni.dll MOD - [2014-10-29 16:43:12 | 000,364,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.acb9d930#\c0e03a2b1bb588bdb7821011ab84ce54\CLI.Aspect.DeviceProperty.Graphics.Shared.ni.dll MOD - [2014-10-29 16:43:11 | 000,279,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.7ec2db45#\8ada0684d5a37589a4f5ef41816f2aee\CLI.Aspect.DeviceDFP.Graphics.Shared.ni.dll MOD - [2014-10-29 16:43:11 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.3399d0ec#\44dc0f6fc3b4197c2878203ec92eab53\CLI.Aspect.CustomFormats.Graphics.Shared.ni.dll MOD - [2014-10-29 16:43:10 | 001,463,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.Gd9d9b43b#\3d9dabadf4a933cfca86297d8ddbd494\CLI.Caste.Graphics.Dashboard.Shared.ni.dll MOD - [2014-10-29 16:43:10 | 000,082,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Aspect.ec8786e5#\3794066bcf9dcd5e81b6e5e1a60ebf75\CLI.Aspect.AMDHome.Graphics.Dashboard.ni.dll MOD - [2014-10-29 16:43:08 | 000,128,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone59f353b4#\45a6ea5fc04c10bb282928038b96d656\CLI.Component.Runtime.Shared.Private.ni.dll MOD - [2014-10-29 16:43:07 | 000,038,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.A4.Shared\86a46d9e4ff4bdbae7c1ea962c344ecf\CLI.Caste.A4.Shared.ni.dll MOD - [2014-10-29 16:43:06 | 001,953,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Wfbf9373c#\498ca20529243da505f3ebb4fa1b3f50\Microsoft.WindowsAPICodePack.Shell.ni.dll MOD - [2014-10-29 16:43:04 | 000,866,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundatd3771151#\5d3b53ae0e0814446b8f255c79b0f86b\CLI.Foundation.Client.ni.dll MOD - [2014-10-29 16:43:04 | 000,270,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.W8090224c#\e95ce659090bb447a11f935e5642c7d6\Microsoft.WindowsAPICodePack.ni.dll MOD - [2014-10-29 16:43:02 | 000,072,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componef4cf054f#\3e2cbea9667815138dd24fa72728134f\CLI.Component.Dashboard.Shared.ni.dll MOD - [2014-10-29 16:43:02 | 000,023,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ResourceManf163905a#\7b595f60bcdee46cd3d1dcc134216a50\ResourceManagement.Foundation.Private.ni.dll MOD - [2014-10-29 16:43:01 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone168638d1#\82c6e9f70f15743964559e68587b5c83\CLI.Component.Client.Shared.Private.ni.dll MOD - [2014-10-29 16:43:01 | 000,019,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componef1fd67b2#\48f87119822064613618cb6a0bd1ec82\CLI.Component.Client.Shared.ni.dll MOD - [2014-10-29 16:43:00 | 001,572,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Componec89c3bec#\cb90179e0c359e266e8a023a2657427d\CLI.Component.Dashboard.Shared.Private.ni.dll MOD - [2014-10-29 16:42:57 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundatcaafa75b#\47d3e3c0cc0b24a9cf90190a9b2df351\LOG.Foundation.Implementation.Private.ni.dll MOD - [2014-10-29 16:42:56 | 000,155,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CCC.Implementation\2d3d643d8de2810cd68f6f2cb4cec804\CCC.Implementation.ni.dll MOD - [2014-10-29 16:42:56 | 000,012,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MOM.Foundation\98cd3a20ae1b45fe50bed5bb79c3a09c\MOM.Foundation.ni.dll MOD - [2014-10-29 16:42:55 | 002,168,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Caste.G60a7b4d1#\a1fd15624d3f29fe044558f182cc79f5\CLI.Caste.Graphics.Shared.ni.dll MOD - [2014-10-29 16:42:55 | 000,018,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CCC\9bc8f4d7786ceaf4893aea901e2409e8\CCC.ni.exe MOD - [2014-10-29 16:42:52 | 000,968,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Localizatio01dbc1c0#\5c5656d882ed0565a2fd7c3841dbc9cb\Localization.Foundation.Private.ni.dll MOD - [2014-10-29 16:42:52 | 000,076,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundat3d5d3945#\033cecdba3a60cf60f4bbae730bbcd10\CLI.Foundation.Private.ni.dll MOD - [2014-10-29 16:42:51 | 000,212,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\APM.Server\6b1f994b3553e61587f8f1e70ef1331c\APM.Server.ni.dll MOD - [2014-10-29 16:42:50 | 000,047,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\APM.Foundation\dd451fc12c79d2f3c76fbd0b2ee1b11e\APM.Foundation.ni.dll MOD - [2014-10-29 16:42:48 | 000,199,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Server\59baa474fdc41bf8c672bbd69a58e6fd\AEM.Server.ni.dll MOD - [2014-10-29 16:42:46 | 000,243,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundation\6271d57eefdc2855b7e985d920dd4945\CLI.Foundation.ni.dll MOD - [2014-10-29 16:42:46 | 000,012,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Compone1b4a8c97#\11cd7c6d203b2446a3dc8c4f70de5ffc\CLI.Component.Runtime.Shared.ni.dll MOD - [2014-10-29 16:42:45 | 000,224,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.5d945b6b#\f9c5c4d11bf3376a4ce9acf78a06ac9e\AEM.Plugin.Source.Kit.Server.ni.dll MOD - [2014-10-29 16:42:45 | 000,071,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CLI.Foundat619559bd#\5271fe92a3cc6213c87bf92b5d10b053\CLI.Foundation.CoreAudioAPI.ni.dll MOD - [2014-10-29 16:42:45 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.674d2b8a#\78418c1c6ab78675e099884389882b13\AEM.Plugin.WinMessages.Shared.ni.dll MOD - [2014-10-29 16:42:43 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics\0453fd89f8b5b619a16856d93e78ae1d\DEM.Graphics.ni.dll MOD - [2014-10-29 16:42:42 | 000,092,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Graphics.I0601\b94fdd10af6638e0712a828453b9ca6a\DEM.Graphics.I0601.ni.dll MOD - [2014-10-29 16:42:42 | 000,022,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DEM.Foundation\aa89ebb2d6af7d4570343f46522a6220\DEM.Foundation.ni.dll MOD - [2014-10-29 16:42:41 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Server.Shared\ee6b7e4de329744b895138eff8751ab6\AEM.Server.Shared.ni.dll MOD - [2014-10-29 16:42:39 | 000,012,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.88aba5d2#\03f0029b06c91f930b7f491cf8e70b37\AEM.Plugin.REG.Shared.ni.dll MOD - [2014-10-29 16:42:38 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.2b6a6775#\1feb6624ce0b6329f72f9b8846c85190\AEM.Plugin.Hotkeys.Shared.ni.dll MOD - [2014-10-29 16:42:38 | 000,011,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.GD.Shared\c98cf62c003aa6e4cc927a686f87d9c2\AEM.Plugin.GD.Shared.ni.dll MOD - [2014-10-29 16:42:37 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.54d8abe3#\e6ae9c85ba90426f344418c2baace790\AEM.Plugin.DPPE.Shared.ni.dll MOD - [2014-10-29 16:42:37 | 000,012,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Plugin.0a1309f7#\19e1ba152635bdbd274bfafcdd844ee0\AEM.Plugin.EEU.Shared.ni.dll MOD - [2014-10-29 16:42:36 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\NEWAEM.Foundation\ca28a54e949bbc3268956cbeb7d2a04d\NEWAEM.Foundation.ni.dll MOD - [2014-10-29 16:42:36 | 000,019,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AEM.Actions5dc83b46#\bf3e20c088cf3891d8d2bd8ced882356\AEM.Actions.CCAA.Shared.ni.dll MOD - [2014-10-29 16:42:35 | 000,780,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ADL.Foundation\d6820458339d1caf82f60435d20bcbcb\ADL.Foundation.ni.dll MOD - [2014-10-29 16:42:34 | 000,117,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundat5023f8e7#\44086dfe431825cb60793fd44f77355b\LOG.Foundation.Private.ni.dll MOD - [2014-10-29 16:42:34 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\LOG.Foundation\b69d65134bbf4df0fdfe29ded8f02a0e\LOG.Foundation.ni.dll MOD - [2014-10-29 16:42:33 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\A4.Foundation\2ea2ea2488cb20859fffffdc580f2d82\A4.Foundation.ni.dll MOD - [2014-10-29 07:13:08 | 003,649,648 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2014-10-23 15:15:28 | 000,312,832 | ---- | M] () -- C:\Program Files\SpyShelter Personal Free\klhelper.dll MOD - [2014-10-23 15:15:18 | 002,881,888 | ---- | M] () -- C:\Program Files\SpyShelter Personal Free\SpyShelter.exe MOD - [2014-10-17 16:04:27 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll MOD - [2014-10-17 16:03:10 | 013,643,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\d12ecb88500237067aa30b40081d51b7\System.Web.ni.dll MOD - [2014-10-17 16:01:09 | 000,394,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\ca4c249f93c83f6ba34a23a1c95f9ce8\System.Dynamic.ni.dll MOD - [2014-10-17 16:01:08 | 001,632,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\65d775712d5410b4af3c5b243a4f2c29\Microsoft.CSharp.ni.dll MOD - [2014-10-17 15:59:52 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\446bc9f0c3b5824fab519cb5fec5af1b\WindowsFormsIntegration.ni.dll MOD - [2014-10-17 15:08:33 | 003,339,376 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll MOD - [2014-10-17 15:08:33 | 000,158,832 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldap32v60.dll MOD - [2014-10-17 15:08:33 | 000,023,152 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\nsldappr32v60.dll MOD - [2014-10-15 18:40:26 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll MOD - [2014-10-15 18:40:10 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll MOD - [2014-10-15 18:40:08 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll MOD - [2014-10-15 18:40:05 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll MOD - [2014-10-15 18:40:05 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\54565a827b0e5a6f78e93e2ae06dd0e4\System.Runtime.Remoting.ni.dll MOD - [2014-10-15 18:40:04 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll MOD - [2014-10-15 18:40:00 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll MOD - [2014-10-15 18:39:59 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll MOD - [2014-10-15 18:39:58 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll MOD - [2014-10-15 18:39:54 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll MOD - [2014-10-15 18:39:52 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll MOD - [2014-10-15 18:39:50 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll MOD - [2014-09-15 18:13:16 | 000,095,744 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll MOD - [2014-09-14 01:55:59 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll MOD - [2014-08-17 00:02:18 | 000,008,704 | ---- | M] () -- C:\Users\DG\AppData\Roaming\Thunderbird\Profiles\bgzt46xj.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll MOD - [2014-08-16 23:55:06 | 000,008,704 | ---- | M] () -- C:\Users\DG\AppData\Roaming\Mozilla\Firefox\Profiles\oldx53dy.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2014-10-30 08:02:50 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-10-29 07:13:08 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-10-21 20:22:40 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2014-10-14 07:38:37 | 004,816,568 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2014-09-19 01:50:15 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2014-09-18 16:32:30 | 003,791,864 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2014-09-15 23:03:16 | 000,208,896 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2014-09-15 18:13:10 | 000,276,992 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2014-07-26 19:34:29 | 001,876,816 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro.Alert\hmpalert.exe -- (hmpalertsvc) SRV - [2014-06-12 17:02:10 | 000,064,624 | ---- | M] (CyberGhost S.R.L) [Auto | Running] -- C:\Program Files\CyberGhost 5\Service.exe -- (CGVPNCliService) SRV - [2013-10-11 02:40:20 | 004,457,688 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2013-10-11 02:40:14 | 000,584,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat) SRV - [2013-10-08 22:07:44 | 000,885,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe -- (WO_LiveService) SRV - [2013-05-27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-03-26 17:33:50 | 007,092,312 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2013-02-15 11:59:48 | 000,830,376 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2012-09-22 03:32:40 | 000,655,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc) SRV - [2011-03-14 16:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe) SRV - [2009-12-15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\DG\AppData\Local\Temp\pxldypow.sys -- (pxldypow) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\amdiox86.sys -- (amdiox86) DRV - [2014-10-23 15:15:56 | 000,382,304 | ---- | M] (SpyShelter) [Kernel | System | Running] -- C:\Program Files\SpyShelter Personal Free\SpyShelter.sys -- (Spyshelter) DRV - [2014-09-18 16:32:32 | 000,234,752 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2014-09-18 16:32:27 | 000,130,488 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tib_mounter.sys -- (tib_mounter) DRV - [2014-09-18 16:32:26 | 000,736,192 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tib.sys -- (tib) DRV - [2014-09-18 16:32:25 | 000,888,640 | ---- | M] (Acronis International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman) DRV - [2014-09-18 16:32:09 | 000,116,000 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr) DRV - [2014-09-18 16:31:37 | 000,085,280 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vidsflt.sys -- (vidsflt) DRV - [2014-09-18 16:31:32 | 000,158,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman) DRV - [2014-09-18 16:30:29 | 000,081,184 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\fltsrv.sys -- (fltsrv) DRV - [2014-09-15 23:25:30 | 014,798,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2014-09-15 22:59:00 | 000,463,360 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2014-09-13 23:32:03 | 000,075,640 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hmpalert.sys -- (hmpalert) DRV - [2014-06-21 18:00:20 | 000,077,824 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2014-05-12 17:43:58 | 000,058,200 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2014-05-12 17:43:56 | 000,018,552 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util) DRV - [2014-02-11 12:33:30 | 000,050,400 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys -- (AODDriver4.3) DRV - [2013-12-04 18:23:36 | 000,050,200 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys -- (cleanhlp) DRV - [2013-10-11 02:41:04 | 000,044,984 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX) DRV - [2013-10-11 02:40:50 | 000,034,856 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon) DRV - [2013-10-11 02:40:50 | 000,031,760 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet) DRV - [2013-10-11 02:40:48 | 000,210,360 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice) DRV - [2013-10-02 01:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2013-09-30 17:23:02 | 000,038,248 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver) DRV - [2013-08-22 13:40:22 | 000,035,288 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2013-05-31 15:53:18 | 000,209,016 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler) DRV - [2013-03-28 18:03:02 | 000,022,056 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2013-03-07 08:49:20 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2013-03-07 08:49:20 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2012-12-29 21:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan) DRV - [2012-09-14 02:26:18 | 000,378,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb) DRV - [2012-08-23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012-08-20 01:54:18 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2011-12-31 02:20:23 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011-10-04 07:46:14 | 002,205,696 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2011-08-17 21:44:48 | 000,041,600 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter) DRV - [2011-07-15 21:53:52 | 000,168,576 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdxhc.sys -- (amdxhc) DRV - [2011-07-15 21:53:52 | 000,076,928 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdhub30.sys -- (amdhub30) DRV - [2011-03-08 13:01:06 | 000,012,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor32.sys -- (LiveTunerPM) DRV - [2010-07-27 02:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010-03-20 05:06:58 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter) DRV - [2008-07-26 14:30:30 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | On_Demand | Stopped] -- C:\Users\DG\Downloads\K10STAT154\WinRing0.sys -- (WinRing0_1_2_0) DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2907876353-1400918095-1777244027-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2907876353-1400918095-1777244027-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2907876353-1400918095-1777244027-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-21-2907876353-1400918095-1777244027-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: %7B4176DFF4-4698-11DE-BEEB-45DA55D89593%7D:0.8.40 FF - prefs.js..extensions.enabledAddons: trafficlight%40bitdefender.com:0.2.17 FF - prefs.js..extensions.enabledAddons: movableAppButton%40Merci.chao:1.4 FF - prefs.js..extensions.enabledAddons: %7B5F590AA2-1221-4113-A6F4-A4BB62414FAC%7D:0.45.8.20130519.3 FF - prefs.js..extensions.enabledAddons: mintrayr%40tn123.ath.cx:1.1.2 FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.17 FF - prefs.js..extensions.enabledAddons: info%40djzig.com:2.3.0 FF - prefs.js..network.proxy.http: "92.255.181.149" FF - prefs.js..network.proxy.http_port: 8080 FF - user.js..browser.search.openintab: true FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 31.2.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2014-09-13 19:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DG\AppData\Roaming\mozilla\Extensions [2014-10-22 16:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DG\AppData\Roaming\mozilla\Firefox\Profiles\oldx53dy.default\extensions [2014-10-22 16:31:29 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\DG\AppData\Roaming\mozilla\Firefox\Profiles\oldx53dy.default\extensions\info@djzig.com [2014-09-14 00:02:01 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Users\DG\AppData\Roaming\mozilla\Firefox\Profiles\oldx53dy.default\extensions\mintrayr@tn123.ath.cx [2014-08-16 23:59:14 | 000,114,352 | ---- | M] () (No name found) -- C:\Users\DG\AppData\Roaming\mozilla\firefox\profiles\oldx53dy.default\extensions\compatibility@addons.mozilla.org.xpi [2014-10-16 17:57:58 | 001,443,602 | ---- | M] () (No name found) -- C:\Users\DG\AppData\Roaming\mozilla\firefox\profiles\oldx53dy.default\extensions\firefox@ghostery.com.xpi [2014-09-21 18:10:56 | 000,082,295 | ---- | M] () (No name found) -- C:\Users\DG\AppData\Roaming\mozilla\firefox\profiles\oldx53dy.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2014-08-17 00:03:42 | 000,003,323 | ---- | M] () (No name found) -- C:\Users\DG\AppData\Roaming\mozilla\firefox\profiles\oldx53dy.default\extensions\movableAppButton@Merci.chao.xpi [2014-08-17 00:03:42 | 000,897,750 | ---- | M] () (No name found) -- C:\Users\DG\AppData\Roaming\mozilla\firefox\profiles\oldx53dy.default\extensions\trafficlight@bitdefender.com.xpi [2014-08-17 00:03:42 | 000,222,800 | ---- | M] () (No name found) -- C:\Users\DG\AppData\Roaming\mozilla\firefox\profiles\oldx53dy.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2014-08-17 00:54:38 | 000,043,024 | ---- | M] () (No name found) -- C:\Users\DG\AppData\Roaming\mozilla\firefox\profiles\oldx53dy.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2014-10-11 17:51:02 | 000,197,256 | ---- | M] () (No name found) -- C:\Users\DG\AppData\Roaming\mozilla\firefox\profiles\oldx53dy.default\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}.xpi [2014-10-16 17:57:57 | 000,979,610 | ---- | M] () (No name found) -- C:\Users\DG\AppData\Roaming\mozilla\firefox\profiles\oldx53dy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-14 14:04:59 | 000,731,942 | ---- | M] () (No name found) -- C:\Users\DG\AppData\Roaming\mozilla\firefox\profiles\oldx53dy.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-10-29 07:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014-10-29 07:13:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009-06-10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsisoft GmbH) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe (QFX Software Corporation) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files\ASUS\ASUS Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [SpyShelter] C:\Program Files\SpyShelter Personal Free\SpyShelter.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-2907876353-1400918095-1777244027-1000..\Run: [MCShield Monitor] C:\Program Files\MCShield\MCShieldRTM.exe (MyCity) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-2907876353-1400918095-1777244027-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0F90588D-37CD-4412-8D0D-F81693CB5EDC}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1721FC72-1FB2-41DF-937E-FF77E1CCE746}: NameServer = 0.0.0.0 0.0.0.0 O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-10-30 18:02:53 | 000,000,000 | ---D | C] -- C:\FRST [2014-10-30 17:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2014-10-30 16:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\SpyShelter Personal Free [2014-10-30 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\DG\AppData\Roaming\SpyShelter [2014-10-30 12:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2014-10-30 12:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies [2014-10-30 08:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam [2014-10-30 08:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\Steam [2014-10-29 12:02:48 | 000,000,000 | ---D | C] -- C:\Users\DG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center [2014-10-29 12:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2014-10-29 12:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT [2014-10-29 12:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center [2014-10-29 11:44:41 | 000,000,000 | ---D | C] -- C:\AMD [2014-10-29 07:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014-10-26 13:57:24 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2014-10-26 10:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic II [2014-10-25 21:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner [2014-10-25 21:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mobile Partner [2014-10-25 21:10:43 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll [2014-10-25 21:10:43 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01007.dll [2014-10-25 21:10:43 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys [2014-10-25 21:10:43 | 000,378,880 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbwwan.sys [2014-10-25 21:10:43 | 000,203,264 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys [2014-10-25 21:10:43 | 000,199,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2014-10-25 21:10:43 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys [2014-10-25 21:10:43 | 000,096,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys [2014-10-25 21:10:43 | 000,076,544 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys [2014-10-25 21:10:43 | 000,069,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys [2014-10-25 21:10:43 | 000,027,520 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys [2014-10-25 21:10:43 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2014-10-25 21:10:43 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys [2014-10-25 21:10:43 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys [2014-10-25 21:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Partner [2014-10-25 21:09:13 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService [2014-10-25 17:14:55 | 000,000,000 | ---D | C] -- C:\Users\DG\AppData\Local\WB Games [2014-10-25 16:46:25 | 000,000,000 | ---D | C] -- C:\Users\DG\Documents\The Lord of the Rings - Conquest [2014-10-25 16:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED [2014-10-25 10:28:10 | 000,000,000 | ---D | C] -- C:\Users\DG\Documents\Dane gry Powrót Króla tm [2014-10-22 08:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\Geeks3D [2014-10-19 10:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan [2014-10-18 18:28:46 | 000,000,000 | ---D | C] -- C:\Users\DG\Documents\Assassin's Creed Revelations [2014-10-18 18:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2014-10-18 18:26:04 | 000,000,000 | ---D | C] -- C:\Users\DG\AppData\Roaming\PunkBuster [2014-10-18 17:55:12 | 000,000,000 | ---D | C] -- C:\Users\DG\Documents\Witcher 2 [2014-10-18 17:55:12 | 000,000,000 | ---D | C] -- C:\Users\DG\AppData\Local\The Witcher 2 [2014-10-17 16:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield [2014-10-17 16:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MCShield [2014-10-17 16:30:25 | 000,000,000 | ---D | C] -- C:\Program Files\MCShield [2014-10-17 15:22:27 | 000,000,000 | ---D | C] -- C:\Unreal Commander [2014-10-17 15:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2014-10-15 17:14:17 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2014-10-15 17:14:17 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll [2014-10-15 17:14:14 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll [2014-10-15 17:14:13 | 002,379,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2014-10-15 17:14:04 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe [2014-10-15 17:14:04 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll [2014-10-15 17:14:04 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll [2014-10-15 17:14:03 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2014-10-15 17:14:03 | 000,365,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2014-10-15 17:14:03 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2014-10-15 17:14:03 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2014-10-15 17:14:02 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll [2014-10-15 17:14:01 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2014-10-15 17:14:00 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2014-10-15 17:13:59 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2014-10-15 17:13:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll [2014-10-15 17:13:56 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll [2014-10-15 17:13:55 | 004,201,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2014-10-15 17:13:52 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2014-10-15 17:13:52 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2014-10-15 17:13:51 | 000,331,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2014-10-15 17:13:50 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2014-10-15 17:13:50 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2014-10-15 17:13:50 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2014-10-15 17:13:49 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2014-10-15 17:13:48 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2014-10-15 17:13:48 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2014-10-15 17:13:31 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll [2014-10-15 17:13:30 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll [2014-10-15 17:13:19 | 002,744,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll [2014-10-15 17:13:07 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2014-10-15 17:12:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2014-10-15 17:12:49 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll [2014-10-15 17:12:48 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll [2014-10-15 17:12:48 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll [2014-10-15 17:12:45 | 003,208,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll [2014-10-15 17:12:45 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll [2014-10-15 17:12:45 | 000,409,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll [2014-10-15 17:12:45 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll [2014-10-15 17:12:44 | 003,970,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2014-10-15 17:12:44 | 000,521,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe [2014-10-15 17:12:44 | 000,455,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe [2014-10-15 17:12:44 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll [2014-10-15 17:12:43 | 003,914,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2014-10-15 17:12:43 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2014-10-15 17:12:43 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll [2014-10-15 17:12:43 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll [2014-10-15 17:12:42 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll [2014-10-15 17:12:41 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll [2014-10-15 17:12:39 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll [2014-10-15 17:12:39 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll [2014-10-15 17:12:39 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll [2014-10-15 17:12:39 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe [2014-10-15 17:12:39 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe [2014-10-15 17:12:38 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe [2014-10-15 17:12:38 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidapi.dll [2014-10-15 17:12:37 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll [2014-10-15 17:12:37 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe [2014-10-15 17:12:36 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe [2014-10-15 17:12:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll [2014-10-15 17:12:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx [2014-10-15 17:12:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll [2014-10-15 17:12:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL [2014-10-15 17:12:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll [2014-10-05 13:37:45 | 000,000,000 | ---D | C] -- C:\Users\DG\AppData\Roaming\WB Games [2014-10-01 15:10:33 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-10-30 18:10:04 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-10-30 16:57:51 | 000,023,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-10-30 16:57:51 | 000,023,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-10-30 16:55:26 | 000,739,932 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2014-10-30 16:55:26 | 000,653,724 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2014-10-30 16:55:26 | 000,155,474 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2014-10-30 16:55:26 | 000,121,596 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2014-10-30 16:50:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-10-30 08:02:50 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014-10-30 08:02:50 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2014-10-29 12:47:04 | 000,007,601 | ---- | M] () -- C:\Users\DG\AppData\Local\Resmon.ResmonCfg [2014-10-25 21:11:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2014-10-25 15:58:24 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-25 11:11:08 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat [2014-10-19 10:49:49 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo [2014-10-16 17:41:02 | 000,336,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2014-10-10 02:44:58 | 000,230,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll [2014-10-10 02:44:35 | 000,396,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll [2014-10-10 02:39:38 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll [2014-10-07 03:04:46 | 000,331,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2014-10-02 22:26:26 | 000,032,096 | ---- | M] () -- C:\Windows\System32\Osklauncher.exe [2014-10-01 10:11:24 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys [2014-10-01 10:11:14 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys [2014-10-01 10:11:10 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-10-30 16:47:03 | 000,057,344 | ---- | C] () -- C:\Windows\System32\inject_logon_dll.dll [2014-10-30 16:47:03 | 000,033,632 | ---- | C] () -- C:\Windows\System32\SpyShelterShellExt.dll [2014-10-30 16:47:03 | 000,032,096 | ---- | C] () -- C:\Windows\System32\Osklauncher.exe [2014-10-29 12:47:04 | 000,007,601 | ---- | C] () -- C:\Users\DG\AppData\Local\Resmon.ResmonCfg [2014-10-25 21:11:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf [2014-10-25 11:11:08 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2014-10-19 10:49:42 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo [2014-10-18 18:26:28 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2014-10-18 18:26:18 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2014-09-26 10:52:19 | 000,210,360 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys [2014-09-26 10:52:19 | 000,044,984 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys [2014-09-18 17:52:38 | 002,499,752 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2014-09-18 17:52:38 | 000,087,112 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2014-09-18 17:52:38 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2014-09-18 17:52:38 | 000,014,920 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2014-09-18 17:52:38 | 000,009,160 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2014-09-15 23:18:04 | 000,203,776 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2014-09-15 18:19:58 | 000,038,912 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2014-09-13 23:59:00 | 000,008,192 | ---- | C] () -- C:\Users\DG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2014-09-13 23:32:03 | 000,075,640 | ---- | C] () -- C:\Windows\System32\drivers\hmpalert.sys [2014-09-13 17:41:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2014-09-13 17:32:47 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2014-09-02 07:26:22 | 000,759,301 | ---- | C] () -- C:\Windows\System32\amdicdxx.dat [2014-08-31 15:58:50 | 000,322,868 | ---- | C] () -- C:\Windows\System32\ativvaxy_vi.dat [2014-08-31 15:56:40 | 000,321,200 | ---- | C] () -- C:\Windows\System32\ativvaxy_vi_nd.dat [2014-08-28 22:52:22 | 000,157,224 | ---- | C] () -- C:\Windows\System32\amde31a.dat [2014-08-28 17:58:16 | 000,158,928 | ---- | C] () -- C:\Windows\System32\ativce03.dat [2014-08-14 21:19:30 | 000,082,128 | ---- | C] () -- C:\Windows\System32\ativce02.dat [2014-07-15 16:54:46 | 000,290,080 | ---- | C] () -- C:\Windows\System32\ativvaxy_cz_nd.dat [2014-07-02 19:40:50 | 000,234,164 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik.dat [2014-07-02 19:38:02 | 000,232,752 | ---- | C] () -- C:\Windows\System32\ativvaxy_cik_nd.dat [2014-04-18 03:22:56 | 000,995,342 | ---- | C] () -- C:\Windows\System32\amdocl_as32.exe [2014-04-18 03:22:56 | 000,798,734 | ---- | C] () -- C:\Windows\System32\amdocl_ld32.exe [2014-04-18 02:14:36 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2014-04-18 02:14:36 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2014-04-01 06:21:18 | 000,734,861 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-06-25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2014-09-14 03:48:40 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\Ace [2014-09-18 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\Acronis [2014-09-13 23:45:12 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\Ashampoo [2014-09-14 06:29:07 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\Canneverbe Limited [2014-10-26 13:29:00 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\OnlineArmor [2014-09-19 19:40:21 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\Panda Security [2014-10-18 18:26:04 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\PunkBuster [2014-09-20 20:57:01 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\QFX Software [2014-09-13 19:05:53 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\QuickScan [2014-09-14 03:32:42 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\Raptr [2014-10-30 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\SpyShelter [2014-09-13 19:51:44 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\Thunderbird [2014-09-19 19:50:10 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\TuneUp Software [2014-10-05 14:28:06 | 000,000,000 | ---D | M] -- C:\Users\DG\AppData\Roaming\WB Games [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C43ED645 < End of report >