OTL logfile created on: 2016-07-28 11:19:45 - Run 1 OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\niko\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 7,94 Gb Total Physical Memory | 4,90 Gb Available Physical Memory | 61,75% Memory free 15,87 Gb Paging File | 12,32 Gb Available in Paging File | 77,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 29,38 Gb Free Space | 26,28% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 608,78 Gb Free Space | 65,35% Space Free | Partition Type: NTFS Computer Name: NIKO-KOMPUTER | User Name: niko | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2016-07-28 11:16:59 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\niko\Downloads\OTL 3.2.70.2 [1].exe PRC - [2016-07-18 10:34:25 | 000,018,944 | ---- | M] () -- C:\Windows\svchobst.exe PRC - [2016-07-13 09:25:17 | 000,032,768 | ---- | M] () -- D:\Program Files\svchost\spoolsv.exe PRC - [2016-07-09 03:06:18 | 002,851,408 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe PRC - [2016-07-09 03:06:18 | 002,062,928 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe PRC - [2016-07-09 03:06:18 | 001,450,064 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2016-07-01 19:27:04 | 000,692,736 | ---- | M] () -- C:\ProgramData\CloudPrinter\CloudPrinter.exe PRC - [2016-06-30 14:31:47 | 000,592,424 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\38.0.2220.41\opera_crashreporter.exe PRC - [2016-06-30 14:31:44 | 000,710,184 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe PRC - [2016-05-19 16:41:34 | 000,134,656 | ---- | M] () -- C:\Users\niko\AppData\Local\Apps\2.0\abril.exe PRC - [2016-05-15 18:04:00 | 002,089,472 | ---- | M] () -- C:\ProgramData\Logic Handler\set.exe PRC - [2016-01-12 06:43:57 | 002,787,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2016-01-12 06:43:47 | 001,879,488 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2015-08-25 16:08:20 | 000,410,744 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2014-04-11 10:31:04 | 000,016,232 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2013-09-16 13:18:28 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2013-09-16 13:17:42 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2016-07-18 10:34:25 | 000,018,944 | ---- | M] () -- C:\Windows\svchobst.exe MOD - [2016-07-17 00:48:42 | 000,493,568 | ---- | M] () -- C:\Windows\SysWOW64\chtbrkg.dll MOD - [2016-07-13 09:25:17 | 000,032,768 | ---- | M] () -- D:\Program Files\svchost\spoolsv.exe MOD - [2016-07-12 20:53:50 | 017,602,240 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_22_0_0_209.dll MOD - [2016-07-09 03:06:24 | 002,317,904 | ---- | M] () -- C:\Program Files (x86)\Steam\video.dll MOD - [2016-07-09 03:06:18 | 000,829,520 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL MOD - [2016-07-07 00:00:04 | 000,266,560 | ---- | M] () -- C:\Program Files (x86)\Steam\openvr_api.dll MOD - [2016-06-30 14:31:56 | 067,945,512 | ---- | M] () -- C:\Program Files (x86)\Opera\38.0.2220.41\opera.dll MOD - [2016-06-30 14:31:52 | 002,203,176 | ---- | M] () -- C:\Program Files (x86)\Opera\38.0.2220.41\libglesv2.dll MOD - [2016-06-30 14:31:51 | 000,087,080 | ---- | M] () -- C:\Program Files (x86)\Opera\38.0.2220.41\libegl.dll MOD - [2016-06-14 21:14:08 | 049,826,080 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2016-04-29 22:10:14 | 000,785,920 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll MOD - [2016-02-09 01:14:32 | 002,549,760 | ---- | M] () -- C:\Program Files (x86)\Steam\libavcodec-56.dll MOD - [2016-02-09 01:14:32 | 000,491,008 | ---- | M] () -- C:\Program Files (x86)\Steam\libavformat-56.dll MOD - [2016-02-09 01:14:32 | 000,485,888 | ---- | M] () -- C:\Program Files (x86)\Steam\libswscale-3.dll MOD - [2016-02-09 01:14:32 | 000,442,880 | ---- | M] () -- C:\Program Files (x86)\Steam\libavutil-54.dll MOD - [2016-02-09 01:14:32 | 000,332,800 | ---- | M] () -- C:\Program Files (x86)\Steam\libavresample-2.dll MOD - [2016-01-12 06:43:57 | 000,018,880 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll MOD - [2015-09-25 01:56:28 | 000,119,208 | ---- | M] () -- C:\Program Files (x86)\Steam\winh264.dll MOD - [2015-07-03 18:12:46 | 004,962,816 | ---- | M] () -- C:\Program Files (x86)\Steam\v8.dll MOD - [2015-07-03 18:12:28 | 001,556,992 | ---- | M] () -- C:\Program Files (x86)\Steam\icui18n.dll MOD - [2015-07-03 18:12:28 | 001,187,840 | ---- | M] () -- C:\Program Files (x86)\Steam\icuuc.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2016-07-02 08:46:04 | 003,107,328 | ---- | M] (Search Module Ltd.) [Auto | Running] -- C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe -- (SMUpd) SRV:[b]64bit:[/b] - [2016-01-12 06:43:46 | 001,163,200 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService) SRV:[b]64bit:[/b] - [2016-01-12 06:43:37 | 006,308,288 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc) SRV:[b]64bit:[/b] - [2016-01-12 06:43:37 | 004,812,736 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc) SRV:[b]64bit:[/b] - [2015-11-30 11:55:50 | 001,368,408 | ---- | M] (Disc Soft Ltd) [On_Demand | Stopped] -- C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe -- (Disc Soft Lite Bus Service) SRV:[b]64bit:[/b] - [2014-04-11 10:31:04 | 000,016,232 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV:[b]64bit:[/b] - [2013-08-27 15:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2013-08-27 15:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2016-07-12 20:53:51 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2016-07-09 03:06:18 | 001,450,064 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2016-07-01 19:27:04 | 000,692,736 | ---- | M] () [Auto | Running] -- C:\ProgramData\CloudPrinter\CloudPrinter.exe -- (CloudPrinter) SRV - [2016-05-19 16:41:34 | 000,134,656 | ---- | M] () [Auto | Running] -- C:\Users\niko\AppData\Local\Apps\2.0\abril.exe -- (ProntSpooler) SRV - [2016-05-15 18:04:00 | 002,089,472 | ---- | M] () [Auto | Running] -- C:\ProgramData\Logic Handler\set.exe -- (backlh) SRV - [2016-02-24 09:15:00 | 004,362,656 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2016-01-12 06:43:47 | 001,879,488 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2015-08-25 16:08:20 | 000,410,744 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013-09-16 13:18:28 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2013-09-16 13:17:42 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012-07-09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2016-07-21 16:10:27 | 000,093,072 | ---- | M] (WinMount International Inc) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KuaiZipDrive2.sys -- (KuaiZipDrive2) DRV:[b]64bit:[/b] - [2016-07-02 08:47:10 | 000,052,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys -- (SMUpdd) DRV:[b]64bit:[/b] - [2016-05-27 23:53:20 | 000,051,400 | ---- | M] (SteelSeries ApS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sshid.sys -- (sshid) DRV:[b]64bit:[/b] - [2016-05-27 23:53:20 | 000,025,656 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf) DRV:[b]64bit:[/b] - [2016-03-09 20:43:42 | 000,040,576 | ---- | M] (SteelSeries ApS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssdevfactory.sys -- (ssdevfactory) DRV:[b]64bit:[/b] - [2016-01-12 06:43:36 | 000,026,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms) DRV:[b]64bit:[/b] - [2015-12-26 11:59:30 | 000,046,392 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtliteusbbus.sys -- (dtliteusbbus) DRV:[b]64bit:[/b] - [2015-12-26 11:59:19 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtlitescsibus.sys -- (dtlitescsibus) DRV:[b]64bit:[/b] - [2015-12-18 08:11:06 | 000,047,760 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:[b]64bit:[/b] - [2015-09-01 06:00:00 | 000,204,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:[b]64bit:[/b] - [2014-04-11 10:30:44 | 000,645,480 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:[b]64bit:[/b] - [2014-04-11 10:30:44 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:[b]64bit:[/b] - [2014-03-18 04:44:36 | 000,906,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2014-02-21 07:56:18 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:[b]64bit:[/b] - [2014-02-21 07:56:14 | 000,791,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2014-02-21 07:56:14 | 000,370,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:[b]64bit:[/b] - [2013-09-16 13:17:42 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2015-10-05 07:24:16 | 000,029,896 | ---- | M] (CyberLink Corp.) [2016/01/09 19:15:17] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl -- ({687703DE-DC6D-4649-892B-B8497854A6AB}) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=92552456_hao_pg IE - HKLM\..\SearchScopes,DefaultScope = {ielnksrch} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\ielnksrch: "URL" = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmoujyConmD2QE4aVEwHzxal3_Vjn9DfJJB969--azA-fAkf8Uvf33QwywjcPFK4sJxWmu5v7aI_9TK83ICXt5g8VjmXFkX7wzktVKjeajNLuMql8YIqII7_S29iPlvDlYuQNYSH6W1UgxscL1dgEC0GwGK913&q={searchTerms} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=21.6.0.32 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=21.6.0.32 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=21.6.0.32 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pl&pid=NIS&pvid=21.6.0.32 IE - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmoujyConmD2QE4aVEwHzxal3_Vjn9DfJJB969--azA-fAkf8Uvf33QwywjcPFK4sJxWmu5v7aI_9TK83ICXt5g8VjmXFkX7wzktVKjeajNLuMql8YIqII7_S29iPlvDlYuQNYSH6W1UgxscL1dgEC0GwGK913&q={searchTerms} IE - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmoujyConmD2QE4aVEwHzxal3_Vjn9DfJJB969--azA-fAkf8Uvf33QwywjcPFK4sJxWmu5v7aI_9TK83ICXt5g8VjmXFkX7wzktVKjeajNLuMql8YIqII7_S29iPlvDlYuQNYSH6W1UgxscL1dgEC0GwGK913&q={searchTerms} IE - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.only-search.com/?babsrc=HP_kms&affID=132174 IE - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmoujyConmD2QE4aVEwHzxal3_Vjn9DfJJB969--azA-fAkf8Uvf33QwywjcPFK4sJxWmu5v7aI_9TK83ICXt5g8VjmXFkX7wzktVKjeajNLuMql8YIqII7_S29iPlvDlYuQNYSH6W1UgxscL1dgEC0GwGK913&q={searchTerms} IE - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=MSNTLB&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox IE - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\..\SearchScopes\{183447CC-215B-41F7-7FFB-549A46CFE82C}: "URL" = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmoujyConmD2QE4aVEwHzxal3_Vjn9DfJJB969--azA-fAkf8Uvf33QwywjcPFK4sJxWmu5v7aI_9TK83ICXt5g8VjmXFkX7wzktVKjeajNLuMql8YIqII7_S29iPlvDlYuQNYSH6W1UgxscL1dgEC0GwGK913&q={searchTerms} IE - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\..\SearchScopes\{572EAF97-97C3-4959-9954-E481159F0A82}: "URL" = http://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G71zamobl2140BR,b4ff60fc-3e40-4e9b-90c8-875be561f40e, IE - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GIWA_plPL678 IE - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\..\SearchScopes\{724C0F61-B60F-4C09-98BF-D1E1BB856234}: "URL" = http://www.only-search.com/?babsrc=SP_kms&affID=132174&q={searchTerms}&r=263 IE - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\..\SearchScopes\{ielnksrch}: "URL" = http://www-searching.com/search.aspx?s=g71zamobl2140br,b4ff60fc-3e40-4e9b-90c8-875be561f40e,&site=shyosie&prd=setgo&q={searchTerms} IE - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://un-stop.biz/wpad.dat?116f42e719d4ec991188487d14b7836b9001046 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.92.2: C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.92.2: C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npnxgame.dll File not found FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@qq.com/npAndroidAssistant: C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll (腾讯公司) FF - HKLM\Software\MozillaPlugins\@qq.com/QQPCMgr: C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\npQMExtensionsMozilla.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\niko\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1503240-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Users\niko\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\niko\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2016-06-15 18:15:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2016-06-15 18:15:44 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\ CHR - Extension: No name found = C:\Users\niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\ CHR - Extension: No name found = C:\Users\niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinhfkamckbogjgmbmdkdebbbpnmlaef\1.0.8_0\ CHR - Extension: No name found = C:\Users\niko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2016-04-17 18:53:51 | 000,001,006 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 down.baidu2016.com O1 - Hosts: 127.0.0.1 123.sogou.com O1 - Hosts: 127.0.0.1 www.czzsyzgm.com O1 - Hosts: 127.0.0.1 www.czzsyzxl.com O1 - Hosts: 127.0.0.1 union.baidu2019.com O2:[b]64bit:[/b] - BHO: (Kajajugt) - {1308CFBC-219D-42D4-84FC-E44F74703219} - C:\Program Files\Kajajugt\Naajoj64.dll () O2:[b]64bit:[/b] - BHO: (Ekeh) - {4D26AC6E-ACC5-4F1B-8E69-15632B081960} - C:\Program Files\Ekeh\Humneh64.dll () O2:[b]64bit:[/b] - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (电脑管家网页防火墙) - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSWebMon64.dat File not found O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Kajajugt) - {1308CFBC-219D-42D4-84FC-E44F74703219} - C:\Program Files\Kajajugt\Naajoj.dll () O2 - BHO: (Ekeh) - {4D26AC6E-ACC5-4F1B-8E69-15632B081960} - C:\Program Files\Ekeh\Humneh.dll File not found O2 - BHO: (Ó¦Óñ¦Ň»Ľü°˛×°˛ĺĽţ) - {50F4150A-48B2-417A-BE4C-C83F580FB904} - C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll (腾讯公司) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [IDSCCOMEII] "C:\Program Files (x86)\EasyHotspot\idsccom_EII.exe" File not found O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [vnlgp] C:\Users\niko\AppData\Roaming\vnlgp\vnlgp\start.cmd () O4 - HKLM..\Run: [] C:\Windows\svchobst.exe () O4 - HKLM..\Run: [apphide] C:\Program Files (x86)\badu\uc.exe File not found O4 - HKLM..\Run: [spoolsv] D:\Program Files\svchost\spoolsv.exe () O4 - HKLM..\Run: [svchost] C:\Users\niko\AppData\Local\Temp\20573\svchost.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000..\Run: [apphide2] C:\Program Files (x86)\badu\uc.exe File not found O4 - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000..\Run: [Only-search] C:\Program Files (x86)\onlysearch\onlysearch\1.3.22.1\onlysearch.exe File not found O4 - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000..\Run: [osmsg] C:\ProgramData\WindowsMsg\osmsg.exe () O4 - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000..\Run: [Pritc] C:\Users\niko\AppData\Local\Temp\00020799\casrss.exe (VLOME) O4 - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000..\Run: [svchost0] C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe File not found O4 - HKU\S-1-5-21-3651358100-1429554799-4116503857-1000..\Run: [uTorrent] C:\Users\niko\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Download with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dllink.htm File not found O8 - Extra context menu item: Download with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dllink.htm File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000001 - cchtbrkg.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000002 - cchtbrkg.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000003 - cchtbrkg.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000004 - cchtbrkg.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000005 - cchtbrkg.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000006 - cchtbrkg.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000007 - cchtbrkg.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000008 - cchtbrkg.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000009 - cchtbrkg.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000010 - cchtbrkg.dll File not found O10:[b]64bit:[/b] - Protocol_Catalog9\Catalog_Entries64\000000000021 - cchtbrkg.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BAB2936-23BE-4B7B-84EA-200FD9A5CD69}: DhcpNameServer = 192.168.0.1 O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{9dff0d48-a01a-11e5-a37d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{9dff0d48-a01a-11e5-a37d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2016-07-28 08:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Huorong [2016-07-24 10:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2016-07-24 10:26:22 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Local\Ares [2016-07-24 10:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ares [2016-07-23 16:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KingsIsle Entertainment [2016-07-23 16:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment [2016-07-21 16:10:27 | 000,093,072 | ---- | C] (WinMount International Inc) -- C:\Windows\SysNative\drivers\KuaiZipDrive2.sys [2016-07-21 12:21:56 | 000,272,000 | ---- | C] (Huorong Borui (Beijing) Technology Co., Ltd.) -- C:\Windows\SysNative\dtrampo.dll.2016-07-28-10-57-18.trashed [2016-07-21 12:21:56 | 000,236,672 | ---- | C] (Huorong Borui (Beijing) Technology Co., Ltd.) -- C:\Windows\SysWow64\dtrampo.dll.2016-07-28-10-57-18.trashed [2016-07-21 12:21:54 | 000,044,992 | ---- | C] (Huorong Borui (Beijing) Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\hrwfpdrv.sys [2016-07-21 12:21:52 | 000,035,776 | ---- | C] (Huorong Borui (Beijing) Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\hrfwdrv.sys [2016-07-20 15:12:57 | 000,093,072 | ---- | C] (WinMount International Inc) -- C:\Windows\SysNative\drivers\KuaiZipDrive.sys [2016-07-20 09:38:07 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Roaming\Softlink [2016-07-20 09:38:07 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Roaming\KuaiZip [2016-07-15 11:13:20 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Roaming\STV Launcher [2016-07-14 15:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2016-07-11 14:16:52 | 000,000,000 | ---D | C] -- C:\Users\niko\.ssh [2016-07-08 16:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon [2016-07-08 16:53:57 | 000,000,000 | ---D | C] -- C:\Nexon [2016-07-08 16:53:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon [2016-07-02 13:31:58 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Roaming\Crystal-Launcher [2016-07-02 09:33:50 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Local\BrowserAir [2016-07-01 21:41:01 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Roaming\Ludashi [2016-07-01 21:30:00 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Roaming\lockhomepage [2016-07-01 21:27:05 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Local\fjientfagetherdrimo [2016-07-01 21:26:31 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2016-07-01 21:26:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMsg [2016-07-01 21:25:59 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Local\app [2016-07-01 19:43:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Freshtone [2016-07-01 19:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Logic Handler [2016-07-01 19:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lamzaps [2016-07-01 19:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\CloudPrinter [2016-07-01 19:31:20 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Local\UCBrowser [2016-07-01 19:27:22 | 000,563,520 | ---- | C] (Funny Roger Inc) -- C:\Users\niko\AppData\Roaming\Sunfresh.bin [2016-07-01 19:24:32 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Roaming\vnlgp [2016-07-01 19:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchModule [2016-07-01 19:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Noobzo [2016-07-01 19:21:46 | 000,000,000 | ---D | C] -- C:\Users\niko\AppData\Local\Free Download Manager [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2016-07-28 11:17:04 | 000,000,596 | ---- | M] () -- C:\Windows\tasks\PPTAssistantUpdateTask_niko.job [2016-07-28 11:17:00 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\PPTAssistantNotifyTask_niko.job [2016-07-28 11:07:30 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2016-07-28 10:53:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2016-07-28 10:51:02 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2016-07-28 10:44:00 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2016-07-28 08:59:19 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2016-07-28 08:59:19 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2016-07-28 08:57:31 | 001,671,648 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2016-07-28 08:57:31 | 000,740,732 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2016-07-28 08:57:31 | 000,654,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2016-07-28 08:57:31 | 000,155,804 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2016-07-28 08:57:31 | 000,121,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2016-07-28 08:51:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2016-07-28 08:50:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2016-07-28 08:50:33 | 2096,406,527 | -HS- | M] () -- C:\hiberfil.sys [2016-07-27 21:53:38 | 000,000,222 | ---- | M] () -- C:\Users\niko\Desktop\Evolve Stage 2.url [2016-07-27 18:16:00 | 000,000,660 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN0CF3J1F905HW.job [2016-07-24 10:26:20 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Ares.lnk [2016-07-23 21:54:03 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job [2016-07-22 09:36:26 | 000,001,980 | ---- | M] () -- C:\Users\niko\Desktop\Crystal Launcher.lnk [2016-07-21 18:16:21 | 000,250,912 | ---- | M] () -- C:\Windows\SysWow64\kz.exe [2016-07-21 16:10:27 | 000,093,072 | ---- | M] (WinMount International Inc) -- C:\Windows\SysNative\drivers\KuaiZipDrive2.sys [2016-07-21 12:21:56 | 000,272,000 | ---- | M] (Huorong Borui (Beijing) Technology Co., Ltd.) -- C:\Windows\SysNative\dtrampo.dll.2016-07-28-10-57-18.trashed [2016-07-21 12:21:56 | 000,236,672 | ---- | M] (Huorong Borui (Beijing) Technology Co., Ltd.) -- C:\Windows\SysWow64\dtrampo.dll.2016-07-28-10-57-18.trashed [2016-07-21 12:21:54 | 000,044,992 | ---- | M] (Huorong Borui (Beijing) Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\hrwfpdrv.sys [2016-07-21 12:21:52 | 000,035,776 | ---- | M] (Huorong Borui (Beijing) Technology Co., Ltd.) -- C:\Windows\SysNative\drivers\hrfwdrv.sys [2016-07-20 09:38:07 | 000,093,072 | ---- | M] (WinMount International Inc) -- C:\Windows\SysNative\drivers\KuaiZipDrive.sys [2016-07-18 10:34:25 | 000,018,944 | ---- | M] () -- C:\Windows\svchobst.exe [2016-07-17 09:44:33 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2016-07-17 00:48:42 | 000,493,568 | ---- | M] () -- C:\Windows\SysWow64\chtbrkg.dll [2016-07-17 00:47:48 | 000,640,512 | ---- | M] () -- C:\Windows\SysNative\chtbrkg.dll [2016-07-14 15:48:16 | 000,110,144 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2016-07-12 20:53:51 | 000,796,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2016-07-12 20:53:50 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2016-07-12 16:42:13 | 000,000,973 | ---- | M] () -- C:\Users\niko\Desktop\Steam.lnk [2016-07-03 19:17:33 | 000,002,228 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-07-02 09:32:33 | 000,512,000 | ---- | M] () -- C:\ProgramData\smp2.exe [2016-07-02 07:45:20 | 001,136,640 | ---- | M] () -- C:\Windows\SysNative\bi3.exe [2016-07-01 19:43:20 | 002,279,413 | ---- | M] () -- C:\Users\niko\AppData\Roaming\StrongKeydom.bin [2016-07-01 19:42:55 | 000,002,397 | ---- | M] () -- C:\Windows\SysWow64\findit.xml [2016-07-01 19:42:45 | 006,870,016 | ---- | M] () -- C:\Users\niko\AppData\Roaming\agent.dat [2016-07-01 19:42:45 | 001,761,214 | ---- | M] () -- C:\Users\niko\AppData\Roaming\Blackron.tst [2016-07-01 19:42:45 | 000,126,464 | ---- | M] () -- C:\Users\niko\AppData\Roaming\noah.dat [2016-07-01 19:42:45 | 000,069,024 | ---- | M] () -- C:\Users\niko\AppData\Roaming\Config.xml [2016-07-01 19:42:45 | 000,018,432 | ---- | M] () -- C:\Users\niko\AppData\Roaming\Main.dat [2016-07-01 19:42:45 | 000,005,568 | ---- | M] () -- C:\Users\niko\AppData\Roaming\md.xml [2016-07-01 19:42:30 | 000,126,464 | ---- | M] () -- C:\Users\niko\AppData\Roaming\lobby.dat [2016-07-01 19:42:29 | 000,072,704 | ---- | M] () -- C:\Users\niko\AppData\Roaming\Damdom.tst [2016-07-01 19:42:29 | 000,054,272 | ---- | M] () -- C:\Users\niko\AppData\Roaming\ApplicationHosting.dat [2016-07-01 19:27:22 | 000,563,520 | ---- | M] (Funny Roger Inc) -- C:\Users\niko\AppData\Roaming\Sunfresh.bin [2016-07-01 19:27:09 | 000,018,288 | ---- | M] () -- C:\Users\niko\AppData\Roaming\InstallationConfiguration.xml [2016-07-01 19:27:04 | 000,692,736 | ---- | M] () -- C:\Users\niko\AppData\Roaming\Damdom.exe [2016-07-01 19:27:04 | 000,692,736 | ---- | M] () -- C:\Users\niko\AppData\Roaming\Blackron.exe [2016-07-01 19:27:04 | 000,128,512 | ---- | M] () -- C:\Users\niko\AppData\Roaming\Installer.dat [color=#E56717]========== Files Created - No Company Name ==========[/color] [2016-07-27 21:53:38 | 000,000,222 | ---- | C] () -- C:\Users\niko\Desktop\Evolve Stage 2.url [2016-07-26 21:44:14 | 000,002,481 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [2016-07-26 21:44:14 | 000,002,469 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2016-07-26 21:37:57 | 000,001,048 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2016-07-26 21:37:57 | 000,001,044 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2016-07-24 10:26:20 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Ares.lnk [2016-07-21 18:16:21 | 000,250,912 | ---- | C] () -- C:\Windows\SysWow64\kz.exe [2016-07-20 09:38:24 | 000,640,512 | ---- | C] () -- C:\Windows\SysNative\chtbrkg.dll [2016-07-20 09:38:24 | 000,493,568 | ---- | C] () -- C:\Windows\SysWow64\chtbrkg.dll [2016-07-18 10:34:25 | 000,018,944 | ---- | C] () -- C:\Windows\svchobst.exe [2016-07-17 09:44:33 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2016-07-17 09:44:33 | 000,001,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2016-07-12 16:42:13 | 000,000,973 | ---- | C] () -- C:\Users\niko\Desktop\Steam.lnk [2016-07-03 19:17:33 | 000,002,228 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2016-07-02 13:32:32 | 000,001,980 | ---- | C] () -- C:\Users\niko\Desktop\Crystal Launcher.lnk [2016-07-02 07:45:20 | 001,136,640 | ---- | C] () -- C:\Windows\SysNative\bi3.exe [2016-07-01 19:43:20 | 002,279,413 | ---- | C] () -- C:\Users\niko\AppData\Roaming\StrongKeydom.bin [2016-07-01 19:42:55 | 000,002,397 | ---- | C] () -- C:\Windows\SysWow64\findit.xml [2016-07-01 19:42:45 | 006,870,016 | ---- | C] () -- C:\Users\niko\AppData\Roaming\agent.dat [2016-07-01 19:42:45 | 001,761,214 | ---- | C] () -- C:\Users\niko\AppData\Roaming\Blackron.tst [2016-07-01 19:42:45 | 000,126,464 | ---- | C] () -- C:\Users\niko\AppData\Roaming\noah.dat [2016-07-01 19:42:45 | 000,069,024 | ---- | C] () -- C:\Users\niko\AppData\Roaming\Config.xml [2016-07-01 19:42:45 | 000,018,432 | ---- | C] () -- C:\Users\niko\AppData\Roaming\Main.dat [2016-07-01 19:42:36 | 000,692,736 | ---- | C] () -- C:\Users\niko\AppData\Roaming\Blackron.exe [2016-07-01 19:42:30 | 000,005,568 | ---- | C] () -- C:\Users\niko\AppData\Roaming\md.xml [2016-07-01 19:42:29 | 000,126,464 | ---- | C] () -- C:\Users\niko\AppData\Roaming\lobby.dat [2016-07-01 19:42:29 | 000,072,704 | ---- | C] () -- C:\Users\niko\AppData\Roaming\Damdom.tst [2016-07-01 19:42:29 | 000,054,272 | ---- | C] () -- C:\Users\niko\AppData\Roaming\ApplicationHosting.dat [2016-07-01 19:42:28 | 000,692,736 | ---- | C] () -- C:\Users\niko\AppData\Roaming\Damdom.exe [2016-07-01 19:27:04 | 000,128,512 | ---- | C] () -- C:\Users\niko\AppData\Roaming\Installer.dat [2016-07-01 19:27:04 | 000,018,288 | ---- | C] () -- C:\Users\niko\AppData\Roaming\InstallationConfiguration.xml [2016-07-01 19:24:08 | 000,512,000 | ---- | C] () -- C:\ProgramData\smp2.exe [2016-04-17 21:11:29 | 000,000,266 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2016-04-17 19:01:51 | 000,005,120 | ---- | C] () -- C:\Users\niko\AppData\Roaming\GiftBag.db [2016-04-17 19:00:51 | 000,001,314 | ---- | C] () -- C:\ProgramData\webad.xml [2016-04-17 19:00:27 | 000,000,000 | ---- | C] () -- C:\Users\niko\AppData\Roaming\svrupg.exe [2016-03-27 16:00:11 | 012,205,568 | ---- | C] () -- C:\Users\niko\minecraft story mode - installshield wizard.exe [2015-12-11 17:39:20 | 037,819,184 | ---- | C] () -- C:\Windows\SysWow64\nvcompiler.dll [2015-12-11 17:26:30 | 001,693,320 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2015-12-11 17:24:39 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2015-09-01 06:00:00 | 000,003,619 | ---- | C] () -- C:\Windows\cadx2.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010-11-21 05:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010-11-21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2016-06-03 15:17:01 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\.minecraft [2016-05-27 13:23:54 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\.minecraftzyczu [2016-02-09 16:23:02 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\.mono [2016-02-21 22:04:36 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\.techniclauncher [2016-07-27 21:46:44 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Azureus [2016-03-24 18:31:09 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Brave Giant [2016-02-05 12:18:56 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\com.efile.epity2015 [2016-05-29 17:04:04 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\cpuminer [2016-07-22 09:36:26 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Crystal-Launcher [2015-12-26 11:59:39 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\DAEMON Tools Lite [2016-07-01 19:23:44 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\gplyra [2016-02-24 21:53:29 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\java [2016-04-17 19:17:00 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\kingsoft [2016-07-21 16:02:46 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\KuaiZip [2016-04-17 19:02:05 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\LaexuGegobog [2015-12-12 08:50:36 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\library_dir [2016-04-17 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\LightGate [2016-07-01 21:42:07 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\lockhomepage [2016-03-10 18:57:50 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\LolClient [2016-07-01 21:41:11 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Ludashi [2016-04-17 21:16:32 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\MCorp [2016-05-15 20:07:13 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\MMFApplications [2016-01-26 22:14:02 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Octoshape [2015-12-11 18:26:29 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Opera Software [2016-04-17 18:58:52 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\pptassist [2016-03-05 08:58:49 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Raptr [2016-04-04 14:21:48 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\RenPy [2016-04-17 21:10:47 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Rikfootov [2016-07-20 09:38:07 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Softlink [2016-01-30 22:19:10 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Steam [2016-07-27 22:00:53 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\steelseries-engine-3-client [2016-07-21 18:17:26 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\STV Launcher [2016-04-17 21:11:31 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Tencent [2016-07-26 20:51:16 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\TS3Client [2016-04-17 19:02:08 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Tueasjey [2016-01-18 10:31:38 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Unity [2016-05-14 20:24:16 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\uplay [2016-04-17 18:59:13 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\UPUpdata [2016-07-28 08:50:53 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\uTorrent [2015-12-21 18:27:54 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Visan [2016-07-01 19:24:35 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\vnlgp [2016-04-17 19:02:07 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\VypiwGyp [2016-01-30 22:19:17 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\Warner Bros. Interactive Entertainment [2016-03-19 10:04:42 | 000,000,000 | ---D | M] -- C:\Users\niko\AppData\Roaming\WarThunder [color=#E56717]========== Purity Check ==========[/color] < End of report >