OTL logfile created on: 2014-06-06 16:36:23 - Run 42 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\x\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17041) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,25 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 42,94% Memory free 6,50 Gb Paging File | 3,62 Gb Available in Paging File | 55,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,39 Gb Total Space | 9,94 Gb Free Space | 6,79% Space Free | Partition Type: NTFS Drive D: | 271,59 Gb Total Space | 60,12 Gb Free Space | 22,14% Space Free | Partition Type: NTFS Computer Name: X-KOMPUTER | User Name: x | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-06-06 16:34:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\x\Downloads\OTL.exe PRC - [2014-05-30 13:32:58 | 002,537,984 | ---- | M] (WTW.im, Kaworu) -- C:\Program Files\K2T\WTW\wtw.exe PRC - [2014-05-16 05:05:53 | 006,170,168 | ---- | M] (Spotify Ltd) -- C:\Users\x\AppData\Roaming\Spotify\spotify.exe PRC - [2014-05-16 05:05:45 | 001,176,632 | ---- | M] (Spotify Ltd) -- C:\Users\x\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2014-05-16 05:05:44 | 000,598,072 | ---- | M] () -- C:\Users\x\AppData\Roaming\Spotify\Data\SpotifyHelper.exe PRC - [2014-05-07 04:54:56 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Users\x\AppData\Local\Google\Update\1.3.24.7\GoogleCrashHandler.exe PRC - [2014-03-24 19:34:12 | 005,325,152 | ---- | M] () -- D:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.204\deploy\LoLLauncher.exe PRC - [2014-03-20 23:03:18 | 001,797,064 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2014-03-11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe PRC - [2014-03-11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2014-03-11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2014-03-04 14:34:44 | 001,821,128 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2014-03-04 14:34:44 | 000,943,048 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2014-02-23 06:38:05 | 000,074,752 | ---- | M] () -- D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.94\deploy\LolClient.exe PRC - [2013-10-27 10:12:58 | 001,364,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012-12-07 18:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012-11-23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012-07-27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-07-03 10:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2011-02-25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010-04-05 21:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2010-03-25 03:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-05-30 13:32:58 | 000,080,896 | ---- | M] () -- C:\Program Files\K2T\WTW\libZlib.module MOD - [2014-05-30 13:32:57 | 000,461,312 | ---- | M] () -- C:\Program Files\K2T\WTW\libImage.module MOD - [2014-05-30 13:32:57 | 000,420,864 | ---- | M] () -- C:\Program Files\K2T\WTW\libSQ3.module MOD - [2014-05-30 13:32:57 | 000,378,880 | ---- | M] () -- C:\Program Files\K2T\WTW\libLexer.module MOD - [2014-05-30 13:32:57 | 000,104,960 | ---- | M] () -- C:\Program Files\K2T\WTW\libExpat.module MOD - [2014-05-30 13:32:57 | 000,075,776 | ---- | M] () -- C:\Program Files\K2T\WTW\libCryptoWtw.module MOD - [2014-05-30 13:32:57 | 000,017,408 | ---- | M] () -- C:\Program Files\K2T\WTW\libCryptoLayer.module MOD - [2014-05-16 05:05:45 | 000,108,600 | ---- | M] () -- C:\Users\x\AppData\Roaming\Spotify\Data\libegl.dll MOD - [2014-05-16 05:05:44 | 036,966,968 | ---- | M] () -- C:\Users\x\AppData\Roaming\Spotify\Data\libcef.dll MOD - [2014-05-16 05:05:44 | 000,886,840 | ---- | M] () -- C:\Users\x\AppData\Roaming\Spotify\Data\libglesv2.dll MOD - [2014-05-16 05:05:44 | 000,598,072 | ---- | M] () -- C:\Users\x\AppData\Roaming\Spotify\Data\SpotifyHelper.exe MOD - [2014-05-14 01:40:54 | 000,414,536 | ---- | M] () -- C:\Users\x\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll MOD - [2014-05-14 01:40:50 | 004,217,672 | ---- | M] () -- C:\Users\x\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll MOD - [2014-05-14 01:40:45 | 000,716,616 | ---- | M] () -- C:\Users\x\AppData\Local\Google\Chrome\Application\35.0.1916.114\libglesv2.dll MOD - [2014-05-14 01:40:44 | 000,126,280 | ---- | M] () -- C:\Users\x\AppData\Local\Google\Chrome\Application\35.0.1916.114\libegl.dll MOD - [2014-05-14 01:40:43 | 001,732,424 | ---- | M] () -- C:\Users\x\AppData\Local\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll MOD - [2014-03-24 19:34:59 | 000,265,056 | ---- | M] () -- D:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.204\deploy\RiotLauncher.dll MOD - [2014-03-24 19:34:12 | 005,325,152 | ---- | M] () -- D:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.204\deploy\LoLLauncher.exe MOD - [2014-02-23 06:38:05 | 000,074,752 | ---- | M] () -- D:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.94\deploy\LolClient.exe MOD - [2012-04-03 20:27:42 | 000,251,904 | ---- | M] () -- c:\users\x\appdata\roaming\.wtw\profiles\aadm\Plugins32\utlChatCommands.plug [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2014-05-13 22:51:39 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-05-10 13:09:16 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-03-11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2014-03-11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2014-03-06 09:38:10 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService) SRV - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2014-02-07 12:41:21 | 005,093,216 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2013-11-29 09:23:38 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- D:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE) SRV - [2013-10-27 10:12:58 | 001,364,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013-10-23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-05-27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012-12-12 20:00:02 | 000,087,368 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService) SRV - [2012-12-07 18:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012-11-19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012-07-27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012-01-05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011-11-25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010-07-18 02:50:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010-07-01 01:27:00 | 003,608,448 | ---- | M] (INCA Internet Co., Ltd.) [Disabled | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2010-04-05 21:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2010-02-19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135) DRV - [2014-03-20 23:03:40 | 010,523,480 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2014-03-11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2013-11-30 19:43:17 | 000,324,096 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2013-10-02 02:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2013-07-30 21:57:51 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2012-12-07 19:27:50 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2012-08-23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012-07-05 10:13:39 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt) DRV - [2011-12-01 11:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol) DRV - [2011-12-01 11:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp) DRV - [2011-03-30 13:05:55 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2010-11-20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010-10-01 18:44:49 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010-10-01 18:44:49 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010-06-09 17:05:38 | 000,039,736 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nm3.sys -- (nm3) DRV - [2010-04-21 06:02:00 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rminiv3.sys -- (mirrorv3) DRV - [2009-10-27 00:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009-07-06 08:47:46 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2009-03-18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search bar = google.pl IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\${searchCLSID}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=d5c1e390-1e0a-11e1-9803-6cf04912e0ea&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_url = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.golsearch.com/?babsrc=HP_ss_wls_Btisdt6&mntrId=187E6CF04912E0EA&affID=119357&tsp=4993 IE - HKCU\..\SearchScopes,DefaultScope = ${searchCLSID} IE - HKCU\..\SearchScopes\${searchCLSID}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=d5c1e390-1e0a-11e1-9803-6cf04912e0ea&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=187E6CF04912E0EA&affID=119357&tsp=4993 IE - HKCU\..\SearchScopes\{5D8588E8-A1D1-4913-B362-6DA984CBD2FE}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\..\SearchScopes\{96517575-42FC-4350-86B8-24E55F4A3E86}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR IE - HKCU\..\SearchScopes\{9FFD6468-0C27-4E87-8ADB-4AE3771ECF60}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1601497 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 88.199.92.130:8080 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..extensions.enabledAddons: ytd%40mybrowserbar.com:6.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1 FF - prefs.js..browser.startup.homepage: "" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3: C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9: C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\x\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\x\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014-05-10 13:08:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014-05-10 13:08:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\x\AppData\Roaming\IDM\idmmzcc5 [2011-10-15 18:15:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x\AppData\Roaming\mozilla\Extensions [2014-06-04 20:21:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x\AppData\Roaming\mozilla\Firefox\Profiles\taxuqupi.default\extensions [2014-05-05 14:04:52 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\x\AppData\Roaming\mozilla\Firefox\Profiles\taxuqupi.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [2014-06-04 20:21:20 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\x\AppData\Roaming\mozilla\firefox\profiles\taxuqupi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-10 13:08:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2014-05-10 13:09:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014-05-03 12:52:20 | 000,000,000 | ---D | M] (YTD Toolbar) -- C:\PROGRAM FILES\YTD TOOLBAR\FF [2012-01-12 10:58:30 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2011-10-26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://search.babylon.com/?babsrc=HP_ss&affID=100395&mntrId=187e21c700000000000000ff833a79e9 CHR - plugin: Shockwave Flash (Enabled) = C:\Users\x\AppData\Local\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\x\AppData\Local\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\x\AppData\Local\Google\Chrome\Application\35.0.1916.114\pdf.dll CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files\Battlelog Web Plugins\2.1.7\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: BonanzaDealsLive Update (Enabled) = C:\Program Files\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Google Update (Enabled) = C:\Users\x\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: Angry Birds = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Dokumenty Google = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\ CHR - Extension: Dysk Google = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Szukaj w Google = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: AdBlock = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.37_0\ CHR - Extension: Evolved gry online = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\iajlkcpgcnbhfhpdeooockfaincfkjjj\1.4.0_0\ CHR - Extension: Mirkohelper = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidefldfjoggdbebpaioplmhofgdahnk\1.5_0\ CHR - Extension: League of Legends Events = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfnfkjennojjkajjmghdgkibohcnefdk\0.53_0\ CHR - Extension: Sprawdzanie poczty Google = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\ CHR - Extension: Rozszerzenie Subskrypcje RSS (od Google) = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.3_0\ CHR - Extension: Google Wallet = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: Gmail = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: RSS Feed Reader = C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.3_0\ O1 HOSTS File: ([2013-04-01 19:49:36 | 000,000,833 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (savaenSheare) - {A6B2F022-B5AF-05C1-4731-8DE2879218CF} - C:\ProgramData\savaenSheare\zi6vGak0y.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {fe063412-bea4-4d76-8ed3-183be6220d17} - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\x\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: &P&obierz &za pomocą BitComet - D:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - D:\Program Files\BitComet\BitComet.exe (www.BitComet.com) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - D:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99F25937-20F4-4A25-B8F7-7FB51A28381D}: NameServer = 192.168.0.1,8.8.8.8 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-11-22 10:03:04 | 000,000,000 | R--D | M] - C:\Autorun.inf -- [ NTFS ] O32 - AutoRun File - [2011-11-22 10:03:05 | 000,000,000 | R--D | M] - D:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{1f1485e7-59e7-11e3-b4da-6cf04912e0ea}\Shell - "" = AutoRun O33 - MountPoints2\{1f1485e7-59e7-11e3-b4da-6cf04912e0ea}\Shell\AutoRun\command - "" = K:\ O33 - MountPoints2\{1f1485e7-59e7-11e3-b4da-6cf04912e0ea}\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe O33 - MountPoints2\{1f1485e7-59e7-11e3-b4da-6cf04912e0ea}\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe O33 - MountPoints2\{1f1485e7-59e7-11e3-b4da-6cf04912e0ea}\Shell\linuxlive3\command - "" = F:\wubi.exe O33 - MountPoints2\{c7812b40-11b9-11e3-92b5-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c7812b40-11b9-11e3-92b5-806e6f6e6963}\Shell\AutoRun\command - "" = F:\ O33 - MountPoints2\{c7812b40-11b9-11e3-92b5-806e6f6e6963}\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe O33 - MountPoints2\{c7812b40-11b9-11e3-92b5-806e6f6e6963}\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe O33 - MountPoints2\{c7812b40-11b9-11e3-92b5-806e6f6e6963}\Shell\linuxlive3\command - "" = F:\wubi.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\ O33 - MountPoints2\K\Shell\linuxlive\command - "" = VirtualBox\Virtualize_This_Key.exe O33 - MountPoints2\K\Shell\linuxlive2\command - "" = VirtualBox\VirtualBox.exe O33 - MountPoints2\K\Shell\linuxlive3\command - "" = F:\wubi.exe O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-05-16 19:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FinalWire [2014-05-10 13:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2014-05-09 23:17:14 | 000,000,000 | ---D | C] -- C:\Users\x\Desktop\allegro-nauka [2014-05-09 23:16:12 | 000,000,000 | ---D | C] -- C:\Users\x\Desktop\allegro-5.0.10-mingw-4.7.0 [2014-03-23 00:21:14 | 000,868,352 | ---- | C] (Microsoft Corporation) -- C:\Users\x\mem_4120_77410000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Users\x\mem_4120_00200000.bin [1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-06-06 16:33:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1725041692-303553113-1489231641-1003UA.job [2014-06-06 16:07:00 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-06-06 16:00:28 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1725041692-303553113-1489231641-1000UA.job [2014-06-06 15:55:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job [2014-06-06 15:49:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-06-06 15:12:08 | 000,015,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-06-06 15:12:08 | 000,015,968 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-06-06 15:05:09 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-06-06 15:05:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job [2014-06-06 15:04:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-06-06 15:04:54 | 000,012,288 | ---- | M] () -- C:\Windows\System32\umstartup.etl [2014-06-06 15:04:50 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2014-06-06 07:36:02 | 000,024,576 | ---- | M] () -- C:\Windows\System32\umstartup000.etl [2014-06-06 07:33:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1725041692-303553113-1489231641-1003Core.job [2014-06-06 05:00:00 | 000,000,990 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1725041692-303553113-1489231641-1000Core.job [2014-05-22 01:09:50 | 000,002,368 | ---- | M] () -- C:\Users\x\Desktop\Google Chrome.lnk [2014-05-18 13:16:09 | 000,000,667 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk [2014-05-16 19:39:27 | 000,000,839 | ---- | M] () -- C:\Users\x\Desktop\AIDA64 Extreme.lnk [2014-05-13 22:51:39 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2014-05-13 22:51:39 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-05-18 13:16:09 | 000,000,667 | ---- | C] () -- C:\Users\Public\Desktop\Tibia.lnk [2014-05-16 19:39:27 | 000,000,839 | ---- | C] () -- C:\Users\x\Desktop\AIDA64 Extreme.lnk [2014-04-11 21:18:33 | 000,001,449 | ---- | C] () -- C:\Users\x\.recently-used.xbel [2014-03-25 22:36:22 | 000,000,020 | ---- | C] () -- C:\Windows\CROCCLIP.INI [2014-03-23 00:21:17 | 000,147,456 | ---- | C] () -- C:\Users\x\mem_4120_7ffb0000.bin [2014-03-23 00:21:17 | 000,102,400 | ---- | C] () -- C:\Users\x\mem_4120_77b60000.bin [2014-03-23 00:21:17 | 000,049,152 | ---- | C] () -- C:\Users\x\mem_4120_7ffd5000.bin [2014-03-23 00:21:17 | 000,020,480 | ---- | C] () -- C:\Users\x\mem_4120_7f6f0000.bin [2014-03-23 00:21:17 | 000,016,701 | ---- | C] () -- C:\Users\x\mem_4120.map [2014-03-23 00:21:17 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_7ffae000.bin [2014-03-23 00:21:17 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_7ffa5000.bin [2014-03-23 00:21:17 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_77b90000.bin [2014-03-23 00:21:16 | 001,294,336 | ---- | C] () -- C:\Users\x\mem_4120_77950000.bin [2014-03-23 00:21:16 | 000,823,296 | ---- | C] () -- C:\Users\x\mem_4120_77a90000.bin [2014-03-23 00:21:16 | 000,675,840 | ---- | C] () -- C:\Users\x\mem_4120_777e0000.bin [2014-03-23 00:21:16 | 000,536,576 | ---- | C] () -- C:\Users\x\mem_4120_77890000.bin [2014-03-23 00:21:15 | 002,191,360 | ---- | C] () -- C:\Users\x\mem_4120_775c0000.bin [2014-03-23 00:21:15 | 000,835,584 | ---- | C] () -- C:\Users\x\mem_4120_774f0000.bin [2014-03-23 00:21:14 | 000,643,072 | ---- | C] () -- C:\Users\x\mem_4120_77320000.bin [2014-03-23 00:21:14 | 000,585,728 | ---- | C] () -- C:\Users\x\mem_4120_77290000.bin [2014-03-23 00:21:14 | 000,319,488 | ---- | C] () -- C:\Users\x\mem_4120_773c0000.bin [2014-03-23 00:21:14 | 000,040,960 | ---- | C] () -- C:\Users\x\mem_4120_77280000.bin [2014-03-23 00:21:13 | 001,196,032 | ---- | C] () -- C:\Users\x\mem_4120_770d0000.bin [2014-03-23 00:21:13 | 000,503,808 | ---- | C] () -- C:\Users\x\mem_4120_77200000.bin [2014-03-23 00:21:12 | 001,691,648 | ---- | C] () -- C:\Users\x\mem_4120_76f30000.bin [2014-03-23 00:21:11 | 000,356,352 | ---- | C] () -- C:\Users\x\mem_4120_76ed0000.bin [2014-03-23 00:21:11 | 000,282,624 | ---- | C] () -- C:\Users\x\mem_4120_76e40000.bin [2014-03-23 00:21:11 | 000,217,088 | ---- | C] () -- C:\Users\x\mem_4120_76e90000.bin [2014-03-23 00:21:11 | 000,024,576 | ---- | C] () -- C:\Users\x\mem_4120_76e30000.bin [2014-03-23 00:21:09 | 001,851,392 | ---- | C] () -- C:\Users\x\mem_4120_76c60000.bin [2014-03-23 00:21:09 | 001,425,408 | ---- | C] () -- C:\Users\x\mem_4120_76b00000.bin [2014-03-23 00:21:08 | 000,663,552 | ---- | C] () -- C:\Users\x\mem_4120_76a50000.bin [2014-03-23 00:20:52 | 012,886,016 | ---- | C] () -- C:\Users\x\mem_4120_75da0000.bin [2014-03-23 00:20:52 | 000,704,512 | ---- | C] () -- C:\Users\x\mem_4120_75cf0000.bin [2014-03-23 00:20:52 | 000,126,976 | ---- | C] () -- C:\Users\x\mem_4120_75cc0000.bin [2014-03-23 00:20:52 | 000,012,288 | ---- | C] () -- C:\Users\x\mem_4120_75ce0000.bin [2014-03-23 00:20:51 | 000,307,200 | ---- | C] () -- C:\Users\x\mem_4120_75be0000.bin [2014-03-23 00:20:51 | 000,188,416 | ---- | C] () -- C:\Users\x\mem_4120_75b20000.bin [2014-03-23 00:20:51 | 000,159,744 | ---- | C] () -- C:\Users\x\mem_4120_75bb0000.bin [2014-03-23 00:20:51 | 000,073,728 | ---- | C] () -- C:\Users\x\mem_4120_75b50000.bin [2014-03-23 00:20:51 | 000,020,480 | ---- | C] () -- C:\Users\x\mem_4120_75b10000.bin [2014-03-23 00:20:51 | 000,016,384 | ---- | C] () -- C:\Users\x\mem_4120_75ba0000.bin [2014-03-23 00:20:51 | 000,016,384 | ---- | C] () -- C:\Users\x\mem_4120_75b90000.bin [2014-03-23 00:20:51 | 000,016,384 | ---- | C] () -- C:\Users\x\mem_4120_75b80000.bin [2014-03-23 00:20:51 | 000,016,384 | ---- | C] () -- C:\Users\x\mem_4120_75b70000.bin [2014-03-23 00:20:50 | 001,191,936 | ---- | C] () -- C:\Users\x\mem_4120_759e0000.bin [2014-03-23 00:20:50 | 000,049,152 | ---- | C] () -- C:\Users\x\mem_4120_759d0000.bin [2014-03-23 00:20:50 | 000,045,056 | ---- | C] () -- C:\Users\x\mem_4120_75960000.bin [2014-03-23 00:20:49 | 000,311,296 | ---- | C] () -- C:\Users\x\mem_4120_75890000.bin [2014-03-23 00:20:49 | 000,245,760 | ---- | C] () -- C:\Users\x\mem_4120_75390000.bin [2014-03-23 00:20:49 | 000,229,376 | ---- | C] () -- C:\Users\x\mem_4120_75520000.bin [2014-03-23 00:20:49 | 000,110,592 | ---- | C] () -- C:\Users\x\mem_4120_75730000.bin [2014-03-23 00:20:49 | 000,102,400 | ---- | C] () -- C:\Users\x\mem_4120_754e0000.bin [2014-03-23 00:20:49 | 000,094,208 | ---- | C] () -- C:\Users\x\mem_4120_75500000.bin [2014-03-23 00:20:49 | 000,090,112 | ---- | C] () -- C:\Users\x\mem_4120_753d0000.bin [2014-03-23 00:20:49 | 000,057,344 | ---- | C] () -- C:\Users\x\mem_4120_75950000.bin [2014-03-23 00:20:49 | 000,049,152 | ---- | C] () -- C:\Users\x\mem_4120_758e0000.bin [2014-03-23 00:20:49 | 000,032,768 | ---- | C] () -- C:\Users\x\mem_4120_755b0000.bin [2014-03-23 00:20:49 | 000,024,576 | ---- | C] () -- C:\Users\x\mem_4120_75380000.bin [2014-03-23 00:20:48 | 000,278,528 | ---- | C] () -- C:\Users\x\mem_4120_75250000.bin [2014-03-23 00:20:48 | 000,258,048 | ---- | C] () -- C:\Users\x\mem_4120_751e0000.bin [2014-03-23 00:20:48 | 000,249,856 | ---- | C] () -- C:\Users\x\mem_4120_750b0000.bin [2014-03-23 00:20:48 | 000,241,664 | ---- | C] () -- C:\Users\x\mem_4120_75170000.bin [2014-03-23 00:20:48 | 000,094,208 | ---- | C] () -- C:\Users\x\mem_4120_74fb0000.bin [2014-03-23 00:20:48 | 000,090,112 | ---- | C] () -- C:\Users\x\mem_4120_74f90000.bin [2014-03-23 00:20:48 | 000,036,864 | ---- | C] () -- C:\Users\x\mem_4120_74f40000.bin [2014-03-23 00:20:48 | 000,032,768 | ---- | C] () -- C:\Users\x\mem_4120_75070000.bin [2014-03-23 00:20:47 | 000,331,776 | ---- | C] () -- C:\Users\x\mem_4120_74ee0000.bin [2014-03-23 00:20:47 | 000,020,480 | ---- | C] () -- C:\Users\x\mem_4120_74e30000.bin [2014-03-23 00:20:46 | 001,695,744 | ---- | C] () -- C:\Users\x\mem_4120_74780000.bin [2014-03-23 00:20:46 | 001,265,664 | ---- | C] () -- C:\Users\x\mem_4120_74600000.bin [2014-03-23 00:20:46 | 000,233,472 | ---- | C] () -- C:\Users\x\mem_4120_742f0000.bin [2014-03-23 00:20:46 | 000,077,824 | ---- | C] () -- C:\Users\x\mem_4120_742d0000.bin [2014-03-23 00:20:45 | 001,245,184 | ---- | C] () -- C:\Users\x\mem_4120_74170000.bin [2014-03-23 00:20:45 | 000,245,760 | ---- | C] () -- C:\Users\x\mem_4120_73ec0000.bin [2014-03-23 00:20:45 | 000,151,552 | ---- | C] () -- C:\Users\x\mem_4120_73c70000.bin [2014-03-23 00:20:45 | 000,065,536 | ---- | C] () -- C:\Users\x\mem_4120_73bf0000.bin [2014-03-23 00:20:45 | 000,040,960 | ---- | C] () -- C:\Users\x\mem_4120_73200000.bin [2014-03-23 00:20:45 | 000,024,576 | ---- | C] () -- C:\Users\x\mem_4120_73e40000.bin [2014-03-23 00:20:45 | 000,020,480 | ---- | C] () -- C:\Users\x\mem_4120_73e20000.bin [2014-03-23 00:20:44 | 000,229,376 | ---- | C] () -- C:\Users\x\mem_4120_72f00000.bin [2014-03-23 00:20:44 | 000,204,800 | ---- | C] () -- C:\Users\x\mem_4120_73090000.bin [2014-03-23 00:20:44 | 000,114,688 | ---- | C] () -- C:\Users\x\mem_4120_73010000.bin [2014-03-23 00:20:44 | 000,073,728 | ---- | C] () -- C:\Users\x\mem_4120_72e60000.bin [2014-03-23 00:20:44 | 000,053,248 | ---- | C] () -- C:\Users\x\mem_4120_72ee0000.bin [2014-03-23 00:20:44 | 000,028,672 | ---- | C] () -- C:\Users\x\mem_4120_73000000.bin [2014-03-23 00:20:43 | 000,188,416 | ---- | C] () -- C:\Users\x\mem_4120_72480000.bin [2014-03-23 00:20:43 | 000,024,576 | ---- | C] () -- C:\Users\x\mem_4120_71ee0000.bin [2014-03-23 00:20:42 | 001,847,296 | ---- | C] () -- C:\Users\x\mem_4120_71d10000.bin [2014-03-23 00:20:42 | 000,032,768 | ---- | C] () -- C:\Users\x\mem_4120_71a70000.bin [2014-03-23 00:20:39 | 002,842,624 | ---- | C] () -- C:\Users\x\mem_4120_70960000.bin [2014-03-23 00:20:39 | 000,540,672 | ---- | C] () -- C:\Users\x\mem_4120_70c20000.bin [2014-03-23 00:20:39 | 000,495,616 | ---- | C] () -- C:\Users\x\mem_4120_710f0000.bin [2014-03-23 00:20:38 | 000,368,640 | ---- | C] () -- C:\Users\x\mem_4120_701c0000.bin [2014-03-23 00:20:38 | 000,200,704 | ---- | C] () -- C:\Users\x\mem_4120_6f8a0000.bin [2014-03-23 00:20:38 | 000,073,728 | ---- | C] () -- C:\Users\x\mem_4120_706b0000.bin [2014-03-23 00:20:38 | 000,024,576 | ---- | C] () -- C:\Users\x\mem_4120_706e0000.bin [2014-03-23 00:20:38 | 000,016,384 | ---- | C] () -- C:\Users\x\mem_4120_70130000.bin [2014-03-23 00:20:37 | 002,359,296 | ---- | C] () -- C:\Users\x\mem_4120_6c130000.bin [2014-03-23 00:20:37 | 001,257,472 | ---- | C] () -- C:\Users\x\mem_4120_64be0000.bin [2014-03-23 00:20:37 | 001,134,592 | ---- | C] () -- C:\Users\x\mem_4120_63dc0000.bin [2014-03-23 00:20:37 | 000,577,536 | ---- | C] () -- C:\Users\x\mem_4120_67620000.bin [2014-03-23 00:20:37 | 000,466,944 | ---- | C] () -- C:\Users\x\mem_4120_6d850000.bin [2014-03-23 00:20:37 | 000,458,752 | ---- | C] () -- C:\Users\x\mem_4120_6f5f0000.bin [2014-03-23 00:20:37 | 000,229,376 | ---- | C] () -- C:\Users\x\mem_4120_6a960000.bin [2014-03-23 00:20:37 | 000,221,184 | ---- | C] () -- C:\Users\x\mem_4120_6d400000.bin [2014-03-23 00:20:37 | 000,114,688 | ---- | C] () -- C:\Users\x\mem_4120_6f5d0000.bin [2014-03-23 00:20:37 | 000,045,056 | ---- | C] () -- C:\Users\x\mem_4120_6f5c0000.bin [2014-03-23 00:20:37 | 000,016,384 | ---- | C] () -- C:\Users\x\mem_4120_6c910000.bin [2014-03-23 00:20:35 | 015,179,776 | ---- | C] () -- C:\Users\x\mem_4120_61390000.bin [2014-03-23 00:19:36 | 021,827,584 | ---- | C] () -- C:\Users\x\mem_4120_5b360000.bin [2014-03-23 00:19:34 | 018,481,152 | ---- | C] () -- C:\Users\x\mem_4120_2a330000.bin [2014-03-23 00:19:34 | 003,670,016 | ---- | C] () -- C:\Users\x\mem_4120_29f30000.bin [2014-03-23 00:19:33 | 010,551,296 | ---- | C] () -- C:\Users\x\mem_4120_29400000.bin [2014-03-23 00:19:33 | 002,273,280 | ---- | C] () -- C:\Users\x\mem_4120_28765000.bin [2014-03-23 00:19:33 | 001,146,880 | ---- | C] () -- C:\Users\x\mem_4120_285cd000.bin [2014-03-23 00:19:33 | 000,823,296 | ---- | C] () -- C:\Users\x\mem_4120_28430000.bin [2014-03-23 00:19:32 | 004,194,304 | ---- | C] () -- C:\Users\x\mem_4120_27f60000.bin [2014-03-23 00:19:32 | 002,494,464 | ---- | C] () -- C:\Users\x\mem_4120_278b0000.bin [2014-03-23 00:19:32 | 002,244,608 | ---- | C] () -- C:\Users\x\mem_4120_27500000.bin [2014-03-23 00:19:32 | 002,097,152 | ---- | C] () -- C:\Users\x\mem_4120_27bf0000.bin [2014-03-23 00:19:32 | 001,564,672 | ---- | C] () -- C:\Users\x\mem_4120_27730000.bin [2014-03-23 00:19:31 | 004,947,968 | ---- | C] () -- C:\Users\x\mem_4120_26e20000.bin [2014-03-23 00:19:31 | 003,174,400 | ---- | C] () -- C:\Users\x\mem_4120_269a0000.bin [2014-03-23 00:19:30 | 007,671,808 | ---- | C] () -- C:\Users\x\mem_4120_26240000.bin [2014-03-23 00:19:29 | 028,938,240 | ---- | C] () -- C:\Users\x\mem_4120_246a0000.bin [2014-03-23 00:19:29 | 006,193,152 | ---- | C] () -- C:\Users\x\mem_4120_24070000.bin [2014-03-23 00:19:29 | 004,640,768 | ---- | C] () -- C:\Users\x\mem_4120_23c00000.bin [2014-03-23 00:19:26 | 016,781,312 | ---- | C] () -- C:\Users\x\mem_4120_22bf0000.bin [2014-03-23 00:19:23 | 029,167,616 | ---- | C] () -- C:\Users\x\mem_4120_21000000.bin [2014-03-23 00:19:20 | 013,258,752 | ---- | C] () -- C:\Users\x\mem_4120_2034b000.bin [2014-03-23 00:19:20 | 010,092,544 | ---- | C] () -- C:\Users\x\mem_4120_1e530000.bin [2014-03-23 00:19:20 | 004,382,720 | ---- | C] () -- C:\Users\x\mem_4120_1ff1c000.bin [2014-03-23 00:19:20 | 004,194,304 | ---- | C] () -- C:\Users\x\mem_4120_1f810000.bin [2014-03-23 00:19:20 | 004,096,000 | ---- | C] () -- C:\Users\x\mem_4120_1ef30000.bin [2014-03-23 00:19:20 | 003,125,248 | ---- | C] () -- C:\Users\x\mem_4120_1fc20000.bin [2014-03-23 00:19:20 | 002,883,584 | ---- | C] () -- C:\Users\x\mem_4120_1f480000.bin [2014-03-23 00:19:20 | 001,572,864 | ---- | C] () -- C:\Users\x\mem_4120_1e1e0000.bin [2014-03-23 00:19:19 | 010,289,152 | ---- | C] () -- C:\Users\x\mem_4120_1d740000.bin [2014-03-23 00:19:19 | 005,505,024 | ---- | C] () -- C:\Users\x\mem_4120_1cce0000.bin [2014-03-23 00:19:19 | 004,194,304 | ---- | C] () -- C:\Users\x\mem_4120_1d2e0000.bin [2014-03-23 00:19:19 | 004,194,304 | ---- | C] () -- C:\Users\x\mem_4120_1c7a0000.bin [2014-03-23 00:19:18 | 009,228,288 | ---- | C] () -- C:\Users\x\mem_4120_1be33000.bin [2014-03-23 00:19:18 | 008,790,016 | ---- | C] () -- C:\Users\x\mem_4120_1b5d0000.bin [2014-03-23 00:19:18 | 003,309,568 | ---- | C] () -- C:\Users\x\mem_4120_1b2a0000.bin [2014-03-23 00:19:18 | 002,101,248 | ---- | C] () -- C:\Users\x\mem_4120_1afa0000.bin [2014-03-23 00:19:17 | 021,757,952 | ---- | C] () -- C:\Users\x\mem_4120_19710000.bin [2014-03-23 00:19:17 | 001,441,792 | ---- | C] () -- C:\Users\x\mem_4120_1ac60000.bin [2014-03-23 00:19:16 | 035,528,704 | ---- | C] () -- C:\Users\x\mem_4120_1751e000.bin [2014-03-23 00:19:16 | 016,183,296 | ---- | C] () -- C:\Users\x\mem_4120_16160000.bin [2014-03-23 00:19:16 | 004,943,872 | ---- | C] () -- C:\Users\x\mem_4120_14c90000.bin [2014-03-23 00:19:16 | 004,857,856 | ---- | C] () -- C:\Users\x\mem_4120_1527e000.bin [2014-03-23 00:19:16 | 004,198,400 | ---- | C] () -- C:\Users\x\mem_4120_14680000.bin [2014-03-23 00:19:16 | 004,100,096 | ---- | C] () -- C:\Users\x\mem_4120_15a20000.bin [2014-03-23 00:19:16 | 002,097,152 | ---- | C] () -- C:\Users\x\mem_4120_171f0000.bin [2014-03-23 00:19:16 | 001,310,720 | ---- | C] () -- C:\Users\x\mem_4120_15f60000.bin [2014-03-23 00:19:16 | 000,749,568 | ---- | C] () -- C:\Users\x\mem_4120_15e40000.bin [2014-03-23 00:19:16 | 000,667,648 | ---- | C] () -- C:\Users\x\mem_4120_1596e000.bin [2014-03-23 00:19:16 | 000,098,304 | ---- | C] () -- C:\Users\x\mem_4120_143e0000.bin [2014-03-23 00:19:16 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_143d0000.bin [2014-03-23 00:19:15 | 010,985,472 | ---- | C] () -- C:\Users\x\mem_4120_12da0000.bin [2014-03-23 00:19:15 | 003,919,872 | ---- | C] () -- C:\Users\x\mem_4120_13820000.bin [2014-03-23 00:19:15 | 003,121,152 | ---- | C] () -- C:\Users\x\mem_4120_125d0000.bin [2014-03-23 00:19:15 | 002,752,512 | ---- | C] () -- C:\Users\x\mem_4120_13f30000.bin [2014-03-23 00:19:15 | 002,580,480 | ---- | C] () -- C:\Users\x\mem_4120_12910000.bin [2014-03-23 00:19:15 | 002,097,152 | ---- | C] () -- C:\Users\x\mem_4120_12b90000.bin [2014-03-23 00:19:15 | 002,097,152 | ---- | C] () -- C:\Users\x\mem_4120_123b0000.bin [2014-03-23 00:19:15 | 001,310,720 | ---- | C] () -- C:\Users\x\mem_4120_13be0000.bin [2014-03-23 00:19:13 | 041,050,112 | ---- | C] () -- C:\Users\x\mem_4120_0e580000.bin [2014-03-23 00:19:13 | 010,072,064 | ---- | C] () -- C:\Users\x\mem_4120_112a0000.bin [2014-03-23 00:19:13 | 008,032,256 | ---- | C] () -- C:\Users\x\mem_4120_0d340000.bin [2014-03-23 00:19:13 | 007,778,304 | ---- | C] () -- C:\Users\x\mem_4120_11c40000.bin [2014-03-23 00:19:13 | 004,849,664 | ---- | C] () -- C:\Users\x\mem_4120_0e0d0000.bin [2014-03-23 00:19:13 | 003,276,800 | ---- | C] () -- C:\Users\x\mem_4120_10f70000.bin [2014-03-23 00:19:13 | 002,838,528 | ---- | C] () -- C:\Users\x\mem_4120_10cb0000.bin [2014-03-23 00:19:13 | 002,490,368 | ---- | C] () -- C:\Users\x\mem_4120_0dc30000.bin [2014-03-23 00:19:13 | 001,859,584 | ---- | C] () -- C:\Users\x\mem_4120_0df00000.bin [2014-03-23 00:19:13 | 001,298,432 | ---- | C] () -- C:\Users\x\mem_4120_0daf0000.bin [2014-03-23 00:19:12 | 022,036,480 | ---- | C] () -- C:\Users\x\mem_4120_0b4c0000.bin [2014-03-23 00:19:12 | 016,777,216 | ---- | C] () -- C:\Users\x\mem_4120_07040000.bin [2014-03-23 00:19:12 | 012,984,320 | ---- | C] () -- C:\Users\x\mem_4120_091ae000.bin [2014-03-23 00:19:12 | 010,354,688 | ---- | C] () -- C:\Users\x\mem_4120_08050000.bin [2014-03-23 00:19:12 | 006,529,024 | ---- | C] () -- C:\Users\x\mem_4120_08a40000.bin [2014-03-23 00:19:12 | 005,636,096 | ---- | C] () -- C:\Users\x\mem_4120_06660000.bin [2014-03-23 00:19:12 | 004,919,296 | ---- | C] () -- C:\Users\x\mem_4120_0b000000.bin [2014-03-23 00:19:12 | 004,194,304 | ---- | C] () -- C:\Users\x\mem_4120_0abd0000.bin [2014-03-23 00:19:12 | 004,194,304 | ---- | C] () -- C:\Users\x\mem_4120_06c30000.bin [2014-03-23 00:19:12 | 004,190,208 | ---- | C] () -- C:\Users\x\mem_4120_0a370000.bin [2014-03-23 00:19:12 | 003,145,728 | ---- | C] () -- C:\Users\x\mem_4120_0a030000.bin [2014-03-23 00:19:12 | 001,568,768 | ---- | C] () -- C:\Users\x\mem_4120_0d020000.bin [2014-03-23 00:19:12 | 001,396,736 | ---- | C] () -- C:\Users\x\mem_4120_0cbe0000.bin [2014-03-23 00:19:12 | 001,052,672 | ---- | C] () -- C:\Users\x\mem_4120_0ce40000.bin [2014-03-23 00:19:12 | 000,630,784 | ---- | C] () -- C:\Users\x\mem_4120_0ab30000.bin [2014-03-23 00:19:12 | 000,630,784 | ---- | C] () -- C:\Users\x\mem_4120_0aa90000.bin [2014-03-23 00:19:12 | 000,630,784 | ---- | C] () -- C:\Users\x\mem_4120_0a8b0000.bin [2014-03-23 00:19:12 | 000,630,784 | ---- | C] () -- C:\Users\x\mem_4120_0a810000.bin [2014-03-23 00:19:12 | 000,626,688 | ---- | C] () -- C:\Users\x\mem_4120_0a9f0000.bin [2014-03-23 00:19:12 | 000,626,688 | ---- | C] () -- C:\Users\x\mem_4120_0a950000.bin [2014-03-23 00:19:12 | 000,626,688 | ---- | C] () -- C:\Users\x\mem_4120_0a770000.bin [2014-03-23 00:19:12 | 000,626,688 | ---- | C] () -- C:\Users\x\mem_4120_09e50000.bin [2014-03-23 00:19:12 | 000,573,440 | ---- | C] () -- C:\Users\x\mem_4120_0cf50000.bin [2014-03-23 00:19:12 | 000,573,440 | ---- | C] () -- C:\Users\x\mem_4120_09ef0000.bin [2014-03-23 00:19:12 | 000,532,480 | ---- | C] () -- C:\Users\x\mem_4120_09f80000.bin [2014-03-23 00:19:12 | 000,008,192 | ---- | C] () -- C:\Users\x\mem_4120_0cb7e000.bin [2014-03-23 00:19:12 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_0ca00000.bin [2014-03-23 00:19:11 | 022,282,240 | ---- | C] () -- C:\Users\x\mem_4120_05050000.bin [2014-03-23 00:19:11 | 007,077,888 | ---- | C] () -- C:\Users\x\mem_4120_041a0000.bin [2014-03-23 00:19:11 | 006,307,840 | ---- | C] () -- C:\Users\x\mem_4120_0321e000.bin [2014-03-23 00:19:11 | 004,194,304 | ---- | C] () -- C:\Users\x\mem_4120_02d10000.bin [2014-03-23 00:19:11 | 004,034,560 | ---- | C] () -- C:\Users\x\mem_4120_01ec0000.bin [2014-03-23 00:19:11 | 004,001,792 | ---- | C] () -- C:\Users\x\mem_4120_018c0000.bin [2014-03-23 00:19:11 | 003,842,048 | ---- | C] () -- C:\Users\x\mem_4120_04c30000.bin [2014-03-23 00:19:11 | 003,010,560 | ---- | C] () -- C:\Users\x\mem_4120_00770000.bin [2014-03-23 00:19:11 | 002,924,544 | ---- | C] () -- C:\Users\x\mem_4120_03c00000.bin [2014-03-23 00:19:11 | 002,883,584 | ---- | C] () -- C:\Users\x\mem_4120_03ed0000.bin [2014-03-23 00:19:11 | 002,105,344 | ---- | C] () -- C:\Users\x\mem_4120_0271e000.bin [2014-03-23 00:19:11 | 001,200,128 | ---- | C] () -- C:\Users\x\mem_4120_01780000.bin [2014-03-23 00:19:11 | 001,064,960 | ---- | C] () -- C:\Users\x\mem_4120_01d80000.bin [2014-03-23 00:19:11 | 001,060,864 | ---- | C] () -- C:\Users\x\mem_4120_03a7d000.bin [2014-03-23 00:19:11 | 001,056,768 | ---- | C] () -- C:\Users\x\mem_4120_02bfe000.bin [2014-03-23 00:19:11 | 001,048,576 | ---- | C] () -- C:\Users\x\mem_4120_03830000.bin [2014-03-23 00:19:11 | 000,913,408 | ---- | C] () -- C:\Users\x\mem_4120_01ca0000.bin [2014-03-23 00:19:11 | 000,798,720 | ---- | C] () -- C:\Users\x\mem_4120_04970000.bin [2014-03-23 00:19:11 | 000,622,592 | ---- | C] () -- C:\Users\x\mem_4120_03940000.bin [2014-03-23 00:19:11 | 000,622,592 | ---- | C] () -- C:\Users\x\mem_4120_023ed000.bin [2014-03-23 00:19:11 | 000,528,384 | ---- | C] () -- C:\Users\x\mem_4120_039e0000.bin [2014-03-23 00:19:11 | 000,475,136 | ---- | C] () -- C:\Users\x\mem_4120_00b50000.bin [2014-03-23 00:19:11 | 000,360,448 | ---- | C] () -- C:\Users\x\mem_4120_00ad0000.bin [2014-03-23 00:19:11 | 000,294,912 | ---- | C] () -- C:\Users\x\mem_4120_00a50000.bin [2014-03-23 00:19:11 | 000,143,360 | ---- | C] () -- C:\Users\x\mem_4120_025ce000.bin [2014-03-23 00:19:11 | 000,114,688 | ---- | C] () -- C:\Users\x\mem_4120_02a70000.bin [2014-03-23 00:19:11 | 000,090,112 | ---- | C] () -- C:\Users\x\mem_4120_00b30000.bin [2014-03-23 00:19:11 | 000,073,728 | ---- | C] () -- C:\Users\x\mem_4120_04b30000.bin [2014-03-23 00:19:11 | 000,073,728 | ---- | C] () -- C:\Users\x\mem_4120_04870000.bin [2014-03-23 00:19:11 | 000,069,632 | ---- | C] () -- C:\Users\x\mem_4120_024b0000.bin [2014-03-23 00:19:11 | 000,069,632 | ---- | C] () -- C:\Users\x\mem_4120_01760000.bin [2014-03-23 00:19:11 | 000,065,536 | ---- | C] () -- C:\Users\x\mem_4120_02af0000.bin [2014-03-23 00:19:11 | 000,045,056 | ---- | C] () -- C:\Users\x\mem_4120_04a60000.bin [2014-03-23 00:19:11 | 000,045,056 | ---- | C] () -- C:\Users\x\mem_4120_022d0000.bin [2014-03-23 00:19:11 | 000,020,480 | ---- | C] () -- C:\Users\x\mem_4120_02a1f000.bin [2014-03-23 00:19:11 | 000,020,480 | ---- | C] () -- C:\Users\x\mem_4120_022e0000.bin [2014-03-23 00:19:11 | 000,020,480 | ---- | C] () -- C:\Users\x\mem_4120_022c0000.bin [2014-03-23 00:19:11 | 000,012,288 | ---- | C] () -- C:\Users\x\mem_4120_02600000.bin [2014-03-23 00:19:11 | 000,008,192 | ---- | C] () -- C:\Users\x\mem_4120_02610000.bin [2014-03-23 00:19:11 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_04aa0000.bin [2014-03-23 00:19:11 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_02a30000.bin [2014-03-23 00:19:11 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_024a0000.bin [2014-03-23 00:19:11 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_02490000.bin [2014-03-23 00:19:11 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_00760000.bin [2014-03-23 00:19:11 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_00750000.bin [2014-03-23 00:19:10 | 001,060,864 | ---- | C] () -- C:\Users\x\mem_4120_00210000.bin [2014-03-23 00:19:10 | 001,052,672 | ---- | C] () -- C:\Users\x\mem_4120_004a0000.bin [2014-03-23 00:19:10 | 000,487,424 | ---- | C] () -- C:\Users\x\mem_4120_00180000.bin [2014-03-23 00:19:10 | 000,352,256 | ---- | C] () -- C:\Users\x\mem_4120_005b0000.bin [2014-03-23 00:19:10 | 000,086,016 | ---- | C] () -- C:\Users\x\mem_4120_003c0000.bin [2014-03-23 00:19:10 | 000,073,728 | ---- | C] () -- C:\Users\x\mem_4120_00710000.bin [2014-03-23 00:19:10 | 000,073,728 | ---- | C] () -- C:\Users\x\mem_4120_006f0000.bin [2014-03-23 00:19:10 | 000,073,728 | ---- | C] () -- C:\Users\x\mem_4120_00390000.bin [2014-03-23 00:19:10 | 000,069,632 | ---- | C] () -- C:\Users\x\mem_4120_00010000.bin [2014-03-23 00:19:10 | 000,024,576 | ---- | C] () -- C:\Users\x\mem_4120_00320000.bin [2014-03-23 00:19:10 | 000,016,384 | ---- | C] () -- C:\Users\x\mem_4120_00030000.bin [2014-03-23 00:19:10 | 000,012,288 | ---- | C] () -- C:\Users\x\mem_4120_006e0000.bin [2014-03-23 00:19:10 | 000,012,288 | ---- | C] () -- C:\Users\x\mem_4120_00490000.bin [2014-03-23 00:19:10 | 000,008,192 | ---- | C] () -- C:\Users\x\mem_4120_006c0000.bin [2014-03-23 00:19:10 | 000,008,192 | ---- | C] () -- C:\Users\x\mem_4120_006b0000.bin [2014-03-23 00:19:10 | 000,008,192 | ---- | C] () -- C:\Users\x\mem_4120_00380000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_00740000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_006d0000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_003b0000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_00370000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_00360000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_00350000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_00340000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_00330000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_00080000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_00070000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_00060000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_00050000.bin [2014-03-23 00:19:10 | 000,004,096 | ---- | C] () -- C:\Users\x\mem_4120_00040000.bin [2014-03-23 00:18:10 | 000,138,766 | ---- | C] () -- C:\Windows\System32\HiperDrop.exe [2013-08-28 00:18:44 | 000,854,016 | ---- | C] () -- C:\Windows\System32\aapt.exe [2013-08-25 07:27:21 | 000,138,056 | ---- | C] () -- C:\Users\x\AppData\Roaming\PnkBstrK.sys [2013-06-06 18:19:21 | 000,001,496 | ---- | C] () -- C:\Users\x\AppData\Local\Adobe Zapisz dla Internetu 12.0 Prefs [2012-11-25 06:50:38 | 002,388,304 | ---- | C] () -- C:\Windows\System32\alld42.dll [2012-11-25 06:50:37 | 001,043,258 | ---- | C] () -- C:\Windows\System32\allp42.dll [2012-11-25 06:50:37 | 000,568,198 | ---- | C] () -- C:\Windows\System32\alleg42.dll [2012-11-21 20:33:42 | 000,321,288 | ---- | C] () -- C:\Program Files\Common Files\Sanpya.ttf [2012-11-16 18:44:06 | 000,303,616 | ---- | C] () -- C:\Windows\System32\SDL.dll [2012-06-17 05:01:56 | 000,017,408 | ---- | C] () -- C:\Users\x\AppData\Local\WebpageIcons.db [2012-01-30 16:58:19 | 000,123,904 | ---- | C] () -- C:\Users\x\Obraz.png [2012-01-11 22:07:43 | 000,000,000 | ---- | C] () -- C:\Users\x\AppData\Local\{7A5FA61B-F851-4A15-9C1B-8D17A6B7E640} [2011-11-11 20:52:03 | 000,000,000 | ---- | C] () -- C:\Users\x\AppData\Local\{720FB347-EDB1-410D-8704-8C1F508D3ED0} [2011-10-04 19:54:51 | 000,007,614 | ---- | C] () -- C:\Users\x\AppData\Local\resmon.resmoncfg [2011-09-19 17:03:17 | 000,000,000 | ---- | C] () -- C:\Users\x\AppData\Local\{F3A69363-FF1C-428A-9381-C9D3626CE746} [2011-07-19 07:50:46 | 000,000,990 | -HS- | C] () -- C:\Users\x\AppData\Roaming\systemfl.$dk [2011-07-19 07:26:32 | 000,000,640 | RHS- | C] () -- C:\Users\x\ntuser.pol [2011-06-08 20:26:38 | 000,000,000 | ---- | C] () -- C:\Users\x\AppData\Local\{17D2074E-F1E2-491C-8E8C-F88D0D691FB7} [2011-05-31 19:37:21 | 000,000,000 | ---- | C] () -- C:\Users\x\AppData\Local\{0A6B17A8-A06B-4623-9FFA-CC04B2B7B1BD} [2011-02-11 20:47:30 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013-08-06 18:49:38 | 000,000,000 | -HSD | M] -- C:\Users\x\AppData\Roaming\.# [2012-08-09 16:34:47 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\.minecraft [2012-12-09 21:45:32 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\.mono [2012-04-03 07:29:12 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\.wtw [2010-08-19 13:15:07 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA [2010-08-31 23:54:09 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ACAPsoft [2011-08-16 23:45:50 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\AceBIT [2011-12-03 03:56:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\AgerWebEdytor [2012-06-02 16:12:03 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Audacity [2010-10-31 03:12:26 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\AutomatedQA [2013-09-02 21:50:11 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Babylon [2014-02-22 21:03:04 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Battle.net [2013-09-15 23:44:25 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Bitcoin [2014-05-05 15:27:24 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\BitComet [2014-05-02 23:02:34 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\BoL [2014-03-24 16:41:36 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Broad Intelligence [2012-08-27 14:43:22 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Canon [2010-08-19 13:15:07 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\CodeGear [2013-10-13 17:45:24 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\codesnippets [2011-07-13 04:47:45 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2011-07-13 12:59:49 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1 [2011-09-29 23:22:04 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Cream Software [2014-04-19 19:54:58 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Curse [2014-04-19 19:56:02 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Curse Advertising [2014-04-25 22:52:38 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Curse Client [2014-05-03 13:07:10 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DAEMON Tools Lite [2013-05-24 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DAEMON Tools Pro [2011-11-24 23:06:25 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Datarescue [2013-08-06 18:44:55 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Dev-Cpp [2011-11-15 17:45:04 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DMCache [2013-06-03 23:03:46 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\DVDVideoSoft [2011-09-29 23:09:32 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Embarcadero [2010-11-12 09:14:52 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\FinalBuilder7 [2011-05-29 20:46:07 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Gadu-Gadu 10 [2011-01-30 00:33:09 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\GHISLER [2014-05-03 13:00:57 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\gnupg [2013-11-19 19:50:53 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Grupa IMAGE [2014-04-11 21:18:33 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\gtk-2.0 [2013-07-20 23:25:38 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HD Tune Pro [2011-11-24 22:40:29 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Hex-Rays [2013-01-08 17:56:21 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HTC [2013-01-08 17:56:14 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\HTC Sync [2011-11-15 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\IDM [2011-05-24 22:54:38 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\ipla [2013-01-16 01:10:40 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Leadertech [2011-10-09 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\LolClient [2012-05-30 06:20:31 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\LolClient2 [2012-03-30 19:27:14 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Miranda [2011-07-12 15:28:11 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Need for Speed World [2013-07-14 21:05:21 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Notepad++ [2010-07-17 16:23:46 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\OpenFM [2012-04-17 23:55:52 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\OpenOffice.org [2010-07-17 13:48:23 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Opera [2013-08-18 21:46:04 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Origin [2010-11-12 20:25:04 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\otloader [2011-02-11 20:13:42 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Pandion [2011-04-03 00:41:18 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\PhotoScape [2011-03-03 12:43:38 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Rainmeter [2011-02-12 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Registry Mechanic [2012-08-22 18:18:04 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Remere's Map Editor [2013-11-01 00:58:55 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Riot Games [2010-08-31 23:54:09 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Sinner [2014-06-06 16:00:11 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Spotify [2010-10-31 17:16:06 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Subversion [2013-10-06 20:51:15 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TeamViewer [2014-05-20 06:39:38 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Tibia [2010-10-31 02:03:09 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TibiaAPI [2010-07-18 18:18:57 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Tibiacast [2012-07-05 10:15:32 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TrueCrypt [2011-04-12 19:07:42 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\TuneUp Software [2012-12-30 23:15:07 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Ubisoft [2012-01-28 14:12:31 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\uTorrent [2014-04-21 03:56:19 | 000,000,000 | ---D | M] -- C:\Users\x\AppData\Roaming\Wireshark [2013-05-24 12:14:23 | 000,000,000 | -HSD | M] -- C:\Users\x\AppData\Roaming\wyUpdate AU [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 272 bytes -> C:\ProgramData\TEMP:6BE50C2B @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:66633281 @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0888F409 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:3440EB47 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:0D786AE3 < End of report >