OTL logfile created on: 2012-10-25 18:52:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\admin\Desktop\syf
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
3,99 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 75,20% Memory free
9,98 Gb Paging File | 9,06 Gb Available in Paging File | 90,82% Paging File free
Paging file location(s): c:\pagefile.sys 6130 6130 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 13,66 Gb Free Space | 14,00% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 182,27 Gb Free Space | 49,52% Space Free | Partition Type: NTFS
 
Computer Name: KOMPUTER | User Name: admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012-10-25 18:36:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\syf\OTL.exe
PRC - [2012-09-01 13:35:43 | 000,874,896 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012-09-01 13:35:45 | 000,783,360 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
MOD - [2012-09-01 13:35:45 | 000,316,928 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012-09-01 13:35:45 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012-09-01 13:35:45 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012-09-01 13:35:45 | 000,099,840 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012-09-01 13:35:45 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012-09-01 13:35:45 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012-09-01 13:35:45 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012-09-01 13:35:45 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012-09-01 13:35:45 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2012-09-01 13:35:45 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012-09-01 13:35:45 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012-09-01 13:35:45 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll
MOD - [2012-07-01 21:55:51 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2012-10-14 13:16:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012-09-03 19:46:06 | 000,722,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012-08-13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012-07-17 22:31:18 | 000,116,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-04-21 18:24:21 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012-02-14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012-01-18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011-09-02 16:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2011-03-20 10:01:21 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010-11-30 18:03:00 | 004,023,760 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010-07-22 07:49:48 | 000,028,766 | ---- | M] (IWON) [Auto | Stopped] -- C:\Program Files (x86)\IWONGIE\bar\1.bin\vrbarsvc.exe -- (IWONGIEService)
SRV - [2010-06-14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007-05-31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004-12-30 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
[color=#E56717]========== Standard Registry (All) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.allgameshome.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{807FC1E6-CF7E-4B46-B5A0-A988A18689CA}: "URL" = http://home.allgameshome.com/results.php?category=web&s={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=418&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{aa91a22e-2e6d-4c79-a578-d50109b651aa}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVxdm138YYPL&ptb=640D8804-CA46-49AC-A6C6-504E0F5D7252&psa=&ind=2010072201&ptnrS=ZVxdm138YYPL&si=gua253401&st=sb&n=77cf4489&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ä???://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\.DEFAULT\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ä???://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-18\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66019
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\URLSearchHook: {2ad11eb6-a327-4dfe-88bf-c6071e09f05b} - C:\Program Files (x86)\IWONGIE\bar\1.bin\vrSrcAs.dll (IWON)
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\URLSearchHook: {d43723ae-1ae1-4a25-a6a4-bf0929273cab} - No CLSID value found
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=66019
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GFRE_plPL386
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={E882A7F1-A5C2-493D-926B-5696F78856AF}&mid=8df29cc677279d21ce6a436e3c0a6bb8-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pl&ds=AVG&pr=fr&d=2012-06-05 22:41:27&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://home.allgameshome.com/results.php?category=web&s={searchTerms}
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=418&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\SearchScopes\{aa91a22e-2e6d-4c79-a578-d50109b651aa}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVxdm138YYPL&ptb=640D8804-CA46-49AC-A6C6-504E0F5D7252&psa=&ind=2010072201&ptnrS=ZVxdm138YYPL&si=gua253401&st=sb&n=77cf4489&searchfor={searchTerms}
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481033
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92260204252769594
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50808
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.1
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=418&systemid=406&sr=0&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\admin\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012-09-11 11:15:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012-09-03 19:46:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-10-14 13:16:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012-08-04 00:16:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions
[2012-10-23 22:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\iv84ogkw.default\extensions
[2012-08-04 23:55:53 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\iv84ogkw.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012-08-04 00:16:31 | 000,002,519 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\iv84ogkw.default\searchplugins\Search_Results.xml
[2012-10-14 13:16:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-10-14 13:16:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012-08-04 23:55:58 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012-10-14 13:16:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012-10-14 13:16:55 | 000,002,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\allegro-pl.xml
[2012-09-03 19:46:03 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-10-14 13:16:55 | 000,001,406 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fbc-pl.xml
[2012-10-14 13:16:55 | 000,003,581 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2012-10-14 13:16:55 | 000,000,917 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\merlin-pl.xml
[2012-10-14 13:16:55 | 000,000,858 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pwn-pl.xml
[2012-08-04 00:16:31 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012-10-14 13:16:55 | 000,001,183 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-pl.xml
[2012-10-14 13:16:55 | 000,001,683 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wp-pl.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - homepage: http://www.google.pl/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.pl/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - Extension: Fabryka s\u0142\u00F3w = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjnhpbcfghhogcjlmoppnlclijbaolep\1.0_0\
CHR - Extension: Springpad = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla\6_0\
CHR - Extension: AVG Safe Search = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Secure Search = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\
CHR - Extension: M\u00F3j motyw Chrome = C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\1.1.0_0\
 
O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Toolbar BHO) - {d6995d07-cd9b-4cc0-a22a-9e14684d6d64} - C:\Program Files (x86)\IWONGIE\bar\1.bin\vrbar.dll (IWON)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (IWON) - {43a3055a-6ff3-4aa5-90e6-18a10297cb53} - C:\Program Files (x86)\IWONGIE\bar\1.bin\vrbar.dll (IWON)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\..\Toolbar\WebBrowser: (IWON) - {43A3055A-6FF3-4AA5-90E6-18A10297CB53} - C:\Program Files (x86)\IWONGIE\bar\1.bin\vrbar.dll (IWON)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IWONGIE Browser Plugin Loader] C:\Program Files (x86)\IWONGIE\bar\1.bin\vrbrmon.exe (IWON)
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [Onet.pl AutoUpdate] "C:\Program Files (x86)\Common Files\Onet.pl\NewAutoUpdate.exe" /updateexetsr File not found
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000..\Run: [ALLUpdate] "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" File not found
O4 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000..\Run: [Expressivo] "C:\Program Files (x86)\ivo\Expressivo\expressivo.exe" -t -nosplash File not found
O4 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000..\Run: [Gadu-Gadu 10] C:\Program Files (x86)\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000..\Run: [GameTracker] C:\Program Files (x86)\GameTracker\GTLite.exe File not found
O4 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000..\Run: [Google Update] C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000..\Run: [MSSMSGS] C:\Windows\SysWow64\winbch32.rom ()
O4 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000..\Run: [OscarX7Mouse5Mode] C:\Program Files (x86)\OscarX7Editor5Mode\OscarX7Editor5Mode\OscarEditor.exe ()
O4 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-1534814987-2836956054-2328687305-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} https://picasaweb.google.com/s/v/71.33/uploader2.cab (UploadListView Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9128085E-D9FC-40D0-AE8A-381D2D2C164D}: DhcpNameServer = 62.179.1.63 62.179.1.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ccb5dfc-bca0-11df-a2bd-00252231b1b2}\Shell - "" = AutoRun
O33 - MountPoints2\{2ccb5dfc-bca0-11df-a2bd-00252231b1b2}\Shell\AutoRun\command - "" = K:\setup.exe -a
O33 - MountPoints2\{2d3f54fb-92aa-11df-959d-00252231b1b2}\Shell - "" = AutoRun
O33 - MountPoints2\{2d3f54fb-92aa-11df-959d-00252231b1b2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{3fd1d047-71b0-11e1-b901-00252231b1b2}\Shell - "" = AutoRun
O33 - MountPoints2\{3fd1d047-71b0-11e1-b901-00252231b1b2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{503d5fb6-9688-11e0-9f5a-00252231b1b2}\Shell - "" = AutoRun
O33 - MountPoints2\{503d5fb6-9688-11e0-9f5a-00252231b1b2}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{5b116920-b13b-11e1-87f7-00252231b1b2}\Shell - "" = AutoRun
O33 - MountPoints2\{5b116920-b13b-11e1-87f7-00252231b1b2}\Shell\AutoRun\command - "" = K:\Startme.exe
O33 - MountPoints2\{f6c8645a-aebf-11df-b724-00252231b1b2}\Shell - "" = AutoRun
O33 - MountPoints2\{f6c8645a-aebf-11df-b724-00252231b1b2}\Shell\AutoRun\command - "" = F:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{f6c8645a-aebf-11df-b724-00252231b1b2}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 7 Days ==========[/color]
 
[2012-10-25 18:36:42 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\syf
[2012-10-25 08:06:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
 
[color=#E56717]========== Files - Modified Within 7 Days ==========[/color]
 
[2012-10-25 18:21:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-10-25 18:21:25 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2012-10-25 18:08:48 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012-10-25 18:07:08 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-10-25 17:51:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1534814987-2836956054-2328687305-1000UA.job
[2012-10-25 12:15:01 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-10-25 08:06:40 | 000,000,820 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012-10-25 08:06:38 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012-10-24 20:51:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1534814987-2836956054-2328687305-1000Core.job
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012-10-25 08:06:40 | 000,000,820 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012-10-25 08:06:39 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012-09-22 11:41:36 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempCk2976.html
[2012-09-22 11:41:36 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempKU2976.html
[2012-09-16 20:44:22 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempJc2904.html
[2012-09-11 11:10:22 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempjD3056.html
[2012-08-14 21:54:49 | 000,027,520 | ---- | C] () -- C:\Users\admin\AppData\Local\dt.dat
[2012-08-09 18:50:38 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempVc2780.html
[2012-08-09 18:50:38 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempSP2780.html
[2012-08-09 11:06:23 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempks2308.html
[2012-08-09 11:06:23 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempZd2308.html
[2012-08-08 11:10:56 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempQK2852.html
[2012-08-08 11:10:56 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Temprd2852.html
[2012-07-16 09:37:36 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempFq2608.html
[2012-07-16 00:00:09 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempKv4912.html
[2012-07-15 23:07:19 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempgA4912.html
[2012-07-15 22:56:48 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempxL4912.html
[2012-07-07 23:19:53 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempbx2984.html
[2012-06-22 18:32:58 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempZU3404.html
[2012-06-12 13:16:58 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempoT3024.html
[2012-06-08 09:30:37 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempQZ2636.html
[2012-06-08 09:30:37 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempFd2636.html
[2012-06-07 12:59:15 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempgW2252.html
[2012-06-07 12:59:15 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempDH2252.html
[2012-06-01 13:05:51 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempVU2468.html
[2012-06-01 13:05:51 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempAS2468.html
[2012-05-30 11:51:17 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempoG5016.html
[2012-05-21 13:03:51 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempRZ2504.html
[2012-05-21 13:03:51 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempLc2504.html
[2012-05-10 14:33:26 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempsn2104.html
[2012-05-10 14:33:26 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempFt2104.html
[2012-05-08 20:48:46 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempiS1972.html
[2012-05-08 12:11:34 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempBB1872.html
[2012-05-08 12:11:34 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempUx1872.html
[2012-05-07 22:23:08 | 000,001,496 | ---- | C] () -- C:\Users\admin\AppData\Local\Adobe Zapisz dla Internetu 12.0 Prefs
[2012-05-07 13:06:24 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempys1980.html
[2012-04-30 11:22:47 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempHS1064.html
[2012-04-24 17:39:17 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempXN2672.html
[2012-04-24 11:24:27 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempfr1436.html
[2012-04-24 11:24:27 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempzo1436.html
[2012-04-19 12:06:42 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempcT1984.html
[2012-04-19 12:06:42 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempLS1984.html
[2012-04-11 16:14:47 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempdS2040.html
[2012-04-08 20:38:18 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempnT4460.html
[2012-04-03 12:04:55 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempbv1144.html
[2012-04-02 19:28:47 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempEx1208.html
[2012-04-02 19:28:47 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempSk1208.html
[2012-04-02 10:06:44 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempjN2056.html
[2012-04-02 10:06:44 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempOj2056.html
[2012-03-26 10:56:16 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempst2072.html
[2012-03-20 12:39:45 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempTd2148.html
[2012-03-20 12:39:45 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempeD2148.html
[2012-03-19 12:45:38 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempPH2128.html
[2012-03-19 12:45:38 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempxG2128.html
[2012-03-16 12:53:15 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempEI2132.html
[2012-03-16 12:53:15 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempQY2132.html
[2012-03-15 21:34:13 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempGV2128.html
[2012-03-15 21:34:13 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempdB2128.html
[2012-03-15 12:12:23 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempMD2836.html
[2012-03-15 12:12:23 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempij2836.html
[2012-03-12 12:04:49 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempTU2124.html
[2012-03-12 12:04:49 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempLT2124.html
[2012-03-07 12:27:09 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempou1708.html
[2012-03-07 12:27:09 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempSt1708.html
[2012-03-06 12:51:50 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempTS1152.html
[2012-03-06 09:28:26 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempRM2132.html
[2012-03-06 09:28:26 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempIq2132.html
[2012-03-05 23:57:01 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempku3620.html
[2012-03-05 13:29:43 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempkS2148.html
[2012-03-01 19:07:29 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempxE2148.html
[2012-03-01 19:07:29 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempBk2148.html
[2012-02-27 13:00:11 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempaz1232.html
[2012-02-25 17:49:56 | 000,066,318 | ---- | C] () -- C:\Users\admin\AppData\Roaming\icarus-dxdiag.xml
[2012-02-23 08:25:30 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempBs2168.html
[2012-02-23 08:25:30 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempII2168.html
[2012-02-17 19:24:51 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempoh2184.html
[2012-02-17 13:16:40 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempCP3732.html
[2012-02-17 13:16:40 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempmv3732.html
[2012-02-16 13:07:56 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TemprA2192.html
[2012-02-16 13:07:56 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Templi2192.html
[2012-02-15 17:20:42 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempIn3472.html
[2012-02-13 13:15:24 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempyy2164.html
[2012-02-13 13:15:24 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempzb2164.html
[2012-02-01 13:26:21 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempnY1504.html
[2012-02-01 13:26:21 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TemplU1504.html
[2012-01-31 19:01:30 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempFL2232.html
[2012-01-30 15:04:29 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempxU2232.html
[2012-01-30 15:04:29 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempKE2232.html
[2012-01-28 18:15:39 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempMC4524.html
[2012-01-27 17:33:14 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempvs2148.html
[2012-01-27 17:33:14 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempMH2148.html
[2012-01-26 14:55:09 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempGG5128.html
[2012-01-26 14:55:09 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempVl5128.html
[2012-01-26 11:26:28 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempwi2168.html
[2012-01-25 13:11:05 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempof2212.html
[2012-01-25 13:11:05 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempNe2212.html
[2012-01-20 18:20:19 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempvb5732.html
[2012-01-19 12:25:09 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempif2232.html
[2012-01-19 12:25:09 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempAX2232.html
[2012-01-18 15:03:23 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TemphB2212.html
[2012-01-18 15:03:23 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempLg2212.html
[2012-01-14 11:07:19 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempPW2656.html
[2012-01-14 11:07:19 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempqO2656.html
[2012-01-12 11:58:37 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Temptf3596.html
[2012-01-11 11:39:05 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempUq2372.html
[2011-12-31 14:51:11 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempXM2128.html
[2011-12-31 14:51:11 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TemptY2128.html
[2011-12-30 16:32:50 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempZE2656.html
[2011-12-29 23:37:30 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempIR2680.html
[2011-12-29 12:20:52 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempKb2432.html
[2011-12-28 13:10:38 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempHY6084.html
[2011-12-28 13:10:38 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempyw6084.html
[2011-12-24 07:07:31 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempQB2324.html
[2011-12-23 18:52:05 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempCb2404.html
[2011-12-23 18:52:05 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempUW2404.html
[2011-12-23 12:33:29 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempRF6052.html
[2011-12-23 12:33:29 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempjn6052.html
[2011-12-22 11:25:00 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempot2348.html
[2011-12-22 11:25:00 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempxf2348.html
[2011-12-21 13:04:10 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempPy2692.html
[2011-12-21 13:04:10 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempKE2692.html
[2011-12-19 12:33:23 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempOX2336.html
[2011-12-18 16:07:55 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempWG5556.html
[2011-12-18 16:07:55 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempXb5556.html
[2011-12-17 23:22:57 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempnr3720.html
[2011-12-17 23:22:57 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TemppW3720.html
[2011-12-17 00:26:33 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempwk2148.html
[2011-12-16 19:14:14 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Temprx2148.html
[2011-12-16 19:14:14 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempyA2148.html
[2011-12-16 12:52:00 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TemprJ2152.html
[2011-12-16 12:52:00 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempTc2152.html
[2011-12-15 00:25:44 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempPU2292.html
[2011-12-14 11:48:03 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempRU2292.html
[2011-12-13 15:53:19 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempZy4764.html
[2011-12-13 15:53:19 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempjQ4764.html
[2011-12-12 12:01:55 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempUl2580.html
[2011-12-11 13:28:43 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempzV1740.html
[2011-12-10 01:04:44 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempVQ2276.html
[2011-12-10 01:04:44 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempLC2276.html
[2011-12-09 14:09:31 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempud2276.html
[2011-12-09 14:09:31 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempdY2276.html
[2011-12-08 12:31:58 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempaT3172.html
[2011-12-08 12:31:58 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Temple3172.html
[2011-12-07 22:48:44 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempod3932.html
[2011-12-06 12:20:13 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempPk2152.html
[2011-12-06 12:20:13 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempwt2152.html
[2011-12-05 12:48:04 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempWv3580.html
[2011-12-04 12:54:10 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempNM5776.html
[2011-12-03 13:06:16 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempyy4284.html
[2011-12-03 13:06:16 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempqk4284.html
[2011-12-02 17:55:11 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempBa3240.html
[2011-12-02 17:55:11 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempiJ3240.html
[2011-12-01 18:41:56 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempZs2100.html
[2011-12-01 18:41:56 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempBp2100.html
[2011-12-01 13:58:01 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempeZ3104.html
[2011-11-30 12:07:34 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TemptG3408.html
[2011-11-30 12:07:34 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempyj3408.html
[2011-11-29 11:35:41 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempEC2140.html
[2011-11-29 11:35:41 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempVa2140.html
[2011-11-28 11:36:22 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempps2344.html
[2011-11-28 11:36:22 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempsL2344.html
[2011-11-27 13:39:06 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TemplR3604.html
[2011-11-25 12:05:13 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempLU3696.html
[2011-11-24 11:00:34 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempmD3804.html
[2011-11-24 11:00:34 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempHF3804.html
[2011-11-24 00:25:11 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempUX2180.html
[2011-11-23 12:06:28 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempzJ2180.html
[2011-11-23 12:06:28 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempKf2180.html
[2011-11-22 12:04:35 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempIO2652.html
[2011-11-21 12:14:26 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempui3196.html
[2011-11-21 12:14:26 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempJp3196.html
[2011-11-20 12:33:05 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Temprv1920.html
[2011-11-20 12:33:05 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempvh1920.html
[2011-11-19 11:57:19 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempeq5200.html
[2011-11-18 20:56:44 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempJt5856.html
[2011-11-18 20:56:44 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempwS5856.html
[2011-11-18 12:30:41 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TemphQ3172.html
[2011-11-17 12:12:58 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Temprw2956.html
[2011-11-17 12:12:58 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempaa2956.html
[2011-11-14 22:42:20 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempBT3364.html
[2011-11-14 22:42:20 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempaz3364.html
[2011-11-14 22:31:41 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempvR3684.html
[2011-11-14 22:31:41 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempzi3684.html
[2011-11-12 23:37:13 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempuA5260.html
[2011-11-12 11:28:59 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TemprZ2180.html
[2011-11-12 11:28:59 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempOn2180.html
[2011-11-11 13:43:58 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempHD4856.html
[2011-11-10 11:56:44 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempDb3180.html
[2011-11-10 11:56:18 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempWY3740.html
[2011-11-10 11:56:18 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempat3740.html
[2011-11-09 12:30:49 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempcL3164.html
[2011-11-09 12:30:49 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempxl3164.html
[2011-11-08 20:45:47 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempuB1392.html
[2011-11-08 14:55:49 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempcI1668.html
[2011-11-08 14:55:49 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempuF1668.html
[2011-11-06 22:11:03 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempPk2188.html
[2011-11-05 07:23:49 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempMf2324.html
[2011-11-05 07:23:49 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempXS2324.html
[2011-11-04 20:45:55 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempPc6068.html
[2011-11-04 14:19:03 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempjR2812.html
[2011-11-04 10:41:30 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempsj2812.html
[2011-11-03 21:29:29 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempZO5040.html
[2011-11-03 18:27:58 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempOb5040.html
[2011-11-03 18:27:58 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempgY5040.html
[2011-11-03 17:37:05 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempLWf412.html
[2011-11-03 12:37:08 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempACa412.html
[2011-11-02 14:26:30 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempNh1588.html
[2011-11-02 14:26:30 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempdf1588.html
[2011-11-02 12:15:05 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempNe1588.html
[2011-11-01 21:20:24 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempHu1896.html
[2011-11-01 14:45:10 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempvX1896.html
[2011-11-01 14:45:10 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempAj1896.html
[2011-10-29 12:06:37 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempEl1828.html
[2011-10-29 12:06:37 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempuK1828.html
[2011-10-28 11:28:34 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempuD2348.html
[2011-10-28 11:28:34 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempOL2348.html
[2011-10-27 10:22:00 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempVF1168.html
[2011-10-27 10:22:00 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempcN1168.html
[2011-10-26 14:48:36 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempgV2256.html
[2011-10-26 12:54:42 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempBZ2256.html
[2011-10-26 12:54:42 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempyQ2256.html
[2011-10-25 20:35:48 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempum5292.html
[2011-10-24 12:44:32 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempXR4204.html
[2011-10-24 12:44:32 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempuX4204.html
[2011-10-23 21:55:49 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempOW3828.html
[2011-10-23 21:55:49 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempwT3828.html
[2011-10-23 21:37:34 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempwn2384.html
[2011-10-22 21:59:21 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempel2436.html
[2011-10-21 20:38:58 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempCN2096.html
[2011-10-21 12:08:08 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempCD2096.html
[2011-10-21 10:21:14 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempQUs436.html
[2011-10-20 10:27:08 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempib2340.html
[2011-10-20 10:27:08 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempBJ2340.html
[2011-10-19 19:48:39 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempAk5668.html
[2011-10-18 09:41:36 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempsi2392.html
[2011-10-18 09:41:36 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempQc2392.html
[2011-10-17 10:57:45 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempek2432.html
[2011-10-17 10:57:45 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempFL2432.html
[2011-10-16 21:14:38 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempVT4680.html
[2011-10-16 11:04:58 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempDF4004.html
[2011-10-16 11:04:58 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempbs4004.html
[2011-09-17 09:10:33 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempdXj576.html
[2011-09-17 09:10:33 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempjwD576.html
[2011-09-07 21:50:43 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Templim472.html
[2011-07-27 10:21:54 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempAuu300.html
[2011-07-20 22:16:02 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempoam432.html
[2011-05-19 22:41:14 | 000,003,360 | ---- | C] () -- C:\Users\admin\AppData\Roaming\3392.4D3
[2011-05-05 18:38:25 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempMKX784.html
[2011-05-05 18:38:25 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempkMV784.html
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011-03-25 17:57:55 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempkAZ352.html
[2011-03-25 11:44:13 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempnqx700.html
[2011-03-20 09:15:29 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011-03-20 09:15:27 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011-02-21 19:45:45 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempcxi992.html
[2011-02-21 19:45:45 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempAwd992.html
[2011-02-21 13:15:22 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempCgG992.html
[2011-02-21 13:15:22 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempxeP992.html
[2011-02-21 10:16:17 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempkjM940.html
[2010-09-28 21:12:04 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempF21168.html
[2010-09-28 21:12:04 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempL21168.html
[2010-09-14 10:06:56 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempxUb120.html
[2010-09-14 10:06:56 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempjRb120.html
[2010-07-16 22:29:34 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempKox204.html
[2010-07-16 22:29:34 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\TempIGO204.html
[2010-06-27 16:25:32 | 000,002,432 | ---- | C] () -- C:\Users\admin\AppData\Local\TempS11360.html
[2010-06-27 16:25:32 | 000,002,089 | ---- | C] () -- C:\Users\admin\AppData\Local\Tempb11360.html
[2010-06-08 23:36:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010-05-30 22:46:04 | 000,073,216 | ---- | C] () -- C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-14 15:55:26 | 000,007,597 | ---- | C] () -- C:\Users\admin\AppData\Local\Resmon.ResmonCfg
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:1A15E356
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:260575F1

< End of report >