OTL logfile created on: 2014-05-14 18:36:04 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\OEM\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 4,00 Gb Total Physical Memory | 2,01 Gb Available Physical Memory | 50,37% Memory free 10,00 Gb Paging File | 7,74 Gb Available in Paging File | 77,44% Paging File free Paging file location(s): c:\pagefile.sys 6144 12288 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 100,02 Gb Total Space | 27,70 Gb Free Space | 27,69% Space Free | Partition Type: NTFS Drive D: | 132,77 Gb Total Space | 132,64 Gb Free Space | 99,91% Space Free | Partition Type: NTFS Drive E: | 125,00 Gb Total Space | 120,71 Gb Free Space | 96,57% Space Free | Partition Type: NTFS Drive F: | 125,00 Gb Total Space | 117,80 Gb Free Space | 94,24% Space Free | Partition Type: NTFS Drive J: | 250,00 Gb Total Space | 90,88 Gb Free Space | 36,35% Space Free | Partition Type: NTFS Drive K: | 250,00 Gb Total Space | 115,39 Gb Free Space | 46,16% Space Free | Partition Type: NTFS Drive L: | 181,51 Gb Total Space | 165,33 Gb Free Space | 91,09% Space Free | Partition Type: NTFS Computer Name: OEM-KOMPUTER | User Name: OEM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2014-05-14 18:18:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\OEM\Downloads\OTL.exe PRC - [2014-05-14 17:27:54 | 003,873,704 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2014-05-14 17:27:54 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2014-05-08 23:24:13 | 002,561,560 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe PRC - [2014-05-08 23:24:13 | 002,447,896 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\18.1.5\ScriptHelper.exe PRC - [2014-05-08 23:24:13 | 001,801,752 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe PRC - [2014-05-08 23:24:13 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe PRC - [2014-04-24 02:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2014-04-18 22:09:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013-12-10 04:15:27 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2013-12-10 04:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2013-10-11 21:59:14 | 001,958,288 | ---- | M] () -- C:\Windows\Temp\PowerMon\PowerMon.exe PRC - [2013-05-16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2012-02-02 17:16:56 | 002,671,936 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\Daemon Tools Pro\DTShellHlp.exe PRC - [2010-11-21 05:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-05-14 17:27:55 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll MOD - [2014-05-08 23:24:13 | 002,561,560 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe MOD - [2014-05-08 23:24:13 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\log4cplusU.dll MOD - [2014-04-24 02:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll MOD - [2014-04-24 02:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll MOD - [2014-04-24 02:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll MOD - [2014-04-24 02:33:05 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll MOD - [2014-04-24 02:33:04 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll MOD - [2014-04-24 02:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll MOD - [2014-04-24 02:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014-05-14 17:27:54 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b]64bit:[/b] - [2014-05-14 17:27:44 | 000,109,048 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV:[b]64bit:[/b] - [2014-01-16 02:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService) SRV:[b]64bit:[/b] - [2013-12-10 04:14:39 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV:[b]64bit:[/b] - [2010-11-21 05:23:55 | 000,345,088 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\cmd.exe -- (PowerMon) SRV - [2014-05-14 18:06:42 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-05-10 22:05:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014-05-08 23:24:13 | 001,801,752 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe -- (vToolbarUpdater18.1.5) SRV - [2014-04-24 00:01:04 | 000,572,096 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2014-04-18 22:09:08 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2014-03-04 13:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013-12-21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-12-10 04:14:56 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2013-10-23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-02-17 12:18:06 | 000,137,336 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2012-07-09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-11-21 05:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWow64\cmd.exe -- (PowerMon) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007-12-17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007-01-11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014-05-14 17:27:58 | 001,039,096 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b]64bit:[/b] - [2014-05-14 17:27:58 | 000,423,240 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b]64bit:[/b] - [2014-05-14 17:27:58 | 000,208,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:[b]64bit:[/b] - [2014-05-14 17:27:58 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b]64bit:[/b] - [2014-05-14 17:27:58 | 000,085,328 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm) DRV:[b]64bit:[/b] - [2014-05-14 17:27:58 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b]64bit:[/b] - [2014-05-14 17:27:58 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:[b]64bit:[/b] - [2014-05-14 17:27:58 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid) DRV:[b]64bit:[/b] - [2014-05-14 17:27:50 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:[b]64bit:[/b] - [2014-05-14 17:27:45 | 000,447,888 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt) DRV:[b]64bit:[/b] - [2014-05-08 23:24:13 | 000,050,464 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:[b]64bit:[/b] - [2014-03-14 17:53:39 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:[b]64bit:[/b] - [2013-12-05 10:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:[b]64bit:[/b] - [2013-01-31 11:50:58 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple) DRV:[b]64bit:[/b] - [2012-12-16 23:13:29 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2012-10-11 05:08:10 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam) DRV:[b]64bit:[/b] - [2012-04-16 15:56:34 | 000,018,456 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs) DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2012-02-24 16:13:06 | 000,129,560 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsdiag.sys -- (zghsdiag) DRV:[b]64bit:[/b] - [2011-11-03 04:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2011-09-02 09:32:02 | 000,280,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\V0520Vid.sys -- (V0520Vid) DRV:[b]64bit:[/b] - [2011-05-11 18:06:52 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2011-05-11 18:06:52 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-11-21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2010-07-01 16:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc) DRV:[b]64bit:[/b] - [2010-03-04 19:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:[b]64bit:[/b] - [2009-07-16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008-12-26 13:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) DRV - [2013-08-09 00:06:16 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\nocashio.sys -- (nocashio) DRV - [2013-03-20 10:07:16 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1390604799&from=cor&uid=395049983_397234_1C8C6C2C IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1390604799&from=cor&uid=395049983_397234_1C8C6C2C&q={searchTerms} IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1390604799&from=cor&uid=395049983_397234_1C8C6C2C&q={searchTerms} IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.sweet-page.com/web/?type=ds&ts=1390604799&from=cor&uid=395049983_397234_1C8C6C2C&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1390604799&from=cor&uid=395049983_397234_1C8C6C2C IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1390604799&from=cor&uid=395049983_397234_1C8C6C2C&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1390604799&from=cor&uid=395049983_397234_1C8C6C2C&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:tabs IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:tabs IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:tabs IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.sweet-page.com/web/?type=ds&ts=1390604799&from=cor&uid=395049983_397234_1C8C6C2C&q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hp&ts=1390604799&from=cor&uid=395049983_397234_1C8C6C2C IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1390604799&from=cor&uid=395049983_397234_1C8C6C2C&q={searchTerms} IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1390604799&from=cor&uid=395049983_397234_1C8C6C2C&q={searchTerms} IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:tabs IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:tabs IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:tabs IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={8DB11069-4C0C-4117-97CF-7EF746977CBC}&mid=0840d4a0772647d086d9d1568027c34b-54e456de474e5148b7a2012dcce6f966901e3107&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-14 16:36:30&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://mysearch.avg.com?cid={8DB11069-4C0C-4117-97CF-7EF746977CBC}&mid=0840d4a0772647d086d9d1568027c34b-54e456de474e5148b7a2012dcce6f966901e3107&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-14 16:36:30&v=18.0.5.292&pid=safeguard&sg=&sap=hp" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1 FF - prefs.js..keyword.URL: "" FF - prefs.js..keyword.enabled: false FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll File not found FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3: C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9: C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\OEM\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\OEM\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\OEM\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.512 [2014-05-08 23:24:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-14 17:28:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014-05-10 22:04:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-12-07 16:47:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OEM\AppData\Roaming\mozilla\Extensions [2014-03-20 22:59:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OEM\AppData\Roaming\mozilla\Firefox\Profiles\u54spn29.default-1381653775217\extensions [2014-02-21 00:04:49 | 000,191,940 | ---- | M] () (No name found) -- C:\Users\OEM\AppData\Roaming\mozilla\firefox\profiles\u54spn29.default-1381653775217\extensions\jid1-0xtMKhXFEs4jIg@jetpack.xpi [2014-03-19 12:47:11 | 000,019,530 | ---- | M] () (No name found) -- C:\Users\OEM\AppData\Roaming\mozilla\firefox\profiles\u54spn29.default-1381653775217\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-05-10 22:04:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014-05-10 22:05:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: [ browsingData, cookies, history, management, nativeMessaging, tabs, unlimitedStorage, webNavigation, webRequest, webRequestBlocking, webRequestInternal, homepage, startupPages ] CHR - homepage: http://mysearch.avg.com?cid={8DB11069-4C0C-4117-97CF-7EF746977CBC}&mid=0840d4a0772647d086d9d1568027c34b-54e456de474e5148b7a2012dcce6f966901e3107&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-14 16:36:30&v=18.1.5.512&pid=safeguard&sg=&sap=hp CHR - homepage: http://mysearch.avg.com?cid={8DB11069-4C0C-4117-97CF-7EF746977CBC}&mid=0840d4a0772647d086d9d1568027c34b-54e456de474e5148b7a2012dcce6f966901e3107&lang=pl&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-14 16:36:30&v=18.1.5.512&pid=safeguard&sg=&sap=hp CHR - plugin: Error reading preferences file CHR - Extension: AVG SafeGuard = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\18.1.5.512_0\ CHR - Extension: Google Wallet = C:\Users\OEM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\ O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) O3 - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\..\Toolbar\WebBrowser: (no name) - {4D594333-0076-A76A-76A7-7A786E7484D7} - No CLSID value found. O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe File not found O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1948933813-2092389452-934283344-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-1948933813-2092389452-934283344-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\Daemon Tools Pro\DTAgent.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1948933813-2092389452-934283344-1000..\Run: [Java] %APPDATA%\Microsoft\jushed.exe File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: 3212083974 = 50 4B 03 04 C2 39 B7 F8 06 83 74 BF B5 11 00 00 00 40 00 00 E2 69 F6 3D 73 59 4F 62 02 C9 69 42 80 CC 96 A2 8B BD 63 51 6F E3 C2 D5 F7 A2 FF 87 AC 3A 99 0C 3E C3 B2 ED 7B 07 71 62 37 A0 DF B1 DF B6 51 F6 7E 31 CB 2E 76 49 F9 8D 5E 55 E9 B2 5B 1A 57 97 94 98 9B 17 6C 35 7B DC C1 12 26 BD 6E CB 7D E8 A6 3E A2 16 5F 6B 31 EA D6 B0 A2 A9 6A 6E 9D 04 B9 B3 9F 19 4E F5 2D 48 B0 88 D4 B6 59 7F 68 5A 70 FF 69 12 91 4F 86 D8 23 56 81 74 7D A2 6C FD 83 22 3D 3D 24 88 72 C5 10 95 48 46 34 EB F9 76 E4 59 5F 73 4B D3 5C AF 42 B3 8D CF 9E 87 8A F0 BE 0A 5E 84 B2 29 40 F7 21 E8 BB CD CB AA 3E 53 60 73 59 25 2D B1 6C 0D 6C 38 A1 42 26 1B B4 89 6D 12 A4 8C 00 6C C3 C2 1F DF 71 7C 15 5B 2A F0 37 5D 25 45 EE 28 6C 2A EC B2 95 52 06 EF 25 C8 2D C6 86 F7 EB 83 BB 30 72 E9 4E 1E 59 25 4B 11 A2 E3 62 8E 1D 98 E1 77 37 5B 54 E6 82 A1 C7 7F 98 6E 19 07 FF CB 78 4A CC AC B1 24 18 97 51 D7 EB BA FC 91 D3 A1 27 F1 34 A8 5E 27 F8 C2 01 D9 08 2F 62 1F 5F FF AC 09 D2 AA B9 4A 62 F9 0B D7 4D 6C 96 A8 DB 6D 42 E4 E9 83 16 44 9D 20 2A 4E 24 85 76 73 E2 A5 0B 7D FD 9D 5A F7 2A 21 A1 9A 92 2A CC 96 75 BA 93 3A 1C 6A D4 E0 A1 14 70 FB B8 2E ED 7A 79 C5 CA 2D BB 0B EC 5B 2B 43 BA A3 73 73 D3 EF 49 47 26 D7 CF 4A 4A A8 A3 D6 A5 C2 06 CE D4 91 48 C0 10 0B FA 96 B7 07 BE 91 B8 55 15 1D 8D A8 E0 72 3D D1 30 33 25 01 1B 39 51 C9 DF 7B 10 E9 B1 53 BC ED 98 37 6C 4D 75 17 F2 E0 E2 3A 98 69 14 B2 B0 F9 78 45 44 41 C4 7B 57 97 D9 24 CE 9C D1 86 D7 4D 30 80 99 EE 52 F2 26 E9 2D E6 B5 0E 4A 06 91 F7 5C FA 9C E7 33 49 4B 8C AF AE B4 BE 4C 65 F6 C9 DF FA 34 A3 C2 ED 9D 14 F5 84 41 64 BE 79 B7 A9 04 95 29 03 50 17 7B 03 AE FA 77 7F F5 19 B6 24 E3 C7 5C 21 92 60 AC 44 7B BA 9A 6D B5 6F 34 B3 40 A5 F7 58 37 FA B3 C3 38 31 A3 BC 39 C2 91 4A EB 87 A3 95 45 BD 7E D5 24 50 EB 7E 94 D5 38 0E 2B AB CE 3F 8E E6 E3 CD C9 D4 ED 54 D9 88 9D 9D BD 0D C8 79 CA A2 B1 21 04 8A 30 8A 7F 87 32 52 DA D2 4E A8 F8 91 1E A0 A3 B2 02 DE 93 0A 9F C8 82 CF 13 49 FF E2 29 01 6B 2E BF D7 82 1B 89 86 D3 1D EC CB C2 96 BA 54 FD 6D 86 4C 91 5F 1D 77 AC 07 34 D9 6F E0 BA 43 A6 69 FA B1 28 02 6C 7F 90 E9 E1 E0 A7 04 7F 5A 23 78 E4 DE 09 66 EB 6C 21 7B 34 83 19 4B 2B 21 A3 FA 8A 1C BE F1 D6 6A 3F C8 A5 C8 63 BC EA 61 57 98 1A 11 44 9B AE 33 57 F3 28 75 01 CB 9C 24 E0 AF B1 56 F5 DD FD 68 55 CD 8B 7B 43 FE AB D9 41 2C 1C 20 8B 5D E2 33 0C 46 9A 59 DE 5B 49 0C C0 6B FD 5A 49 00 CB 12 1E B9 67 BC 71 85 A9 F0 01 12 A5 B1 E8 D8 02 8C A0 2B 0F 2B 19 4A F0 3C C1 E1 72 B7 0C 9B 88 64 3E 3C 06 4B 54 06 CF 18 4A D9 EB A2 67 36 EF 6F EB 30 DA C8 BA 40 09 33 A3 2A 3C 03 23 0B D7 32 FC BE 16 C4 B3 BD CC 0B 50 16 16 CE 95 6D 96 8B 8D A6 8B 4A 9A 64 23 86 01 E8 1E 78 09 59 61 58 04 31 36 1A 4D D9 FE 96 3D 3C EB A5 C2 1B BA 41 6C 1C C9 D9 4B B8 42 C2 5B 2F D1 2C 8B F4 2C 35 94 82 72 96 5A 3F EC F6 E9 B9 2D 32 D7 E8 4A 40 2A 0B 62 14 A4 12 A2 34 27 E4 85 2C E6 07 FD 9F 7F F8 55 9B BB 96 A9 AE 57 7D F0 C1 9D 10 85 87 D3 72 47 0B E0 D3 E2 7E D6 1F EB 44 2C 2D 65 E5 5B AC 81 C2 78 6C F6 B8 37 EE BC 1B 5A F3 56 34 B2 9F D5 D9 63 47 B5 F9 C7 47 C8 A9 A8 3E 7C B3 C1 88 D9 04 2F 08 FB D4 ED EE BD 65 DE 7C 04 B2 75 B7 FD 74 06 7A 0A E3 03 37 52 AA 55 A4 5A 05 35 58 11 41 6E A4 A5 10 15 11 E9 93 05 B7 00 BD 44 74 2C BD 6A 92 72 B5 CF 40 01 50 5C 40 57 86 6B 57 E4 DE 5E F0 EE 9F 88 B4 19 86 A8 01 19 C9 62 59 49 72 01 1F C0 C3 9B 4A 74 B7 47 47 F5 11 6D 89 6A 0E BC BB 43 87 68 56 72 89 9A F5 4B 80 AE 07 00 89 71 EA 1C 99 7A 89 8E 33 AA B7 69 E4 E5 2F BB EC 97 EB F1 99 CE 76 45 4B AD BD 4E AB 27 2F 1D 1C AA BB 3B 49 B3 AA FC 1E 67 D0 9E E8 FE B0 58 0E 41 4E B4 5F 3F 0C 25 FE 88 87 23 12 FE C2 34 1E 7A 61 00 B2 E0 4E D2 5F CE 13 A1 46 09 8D CE 98 44 6B 2F 38 75 EC B2 69 A8 86 79 56 98 61 9D 33 7D A6 12 F1 9B F8 D4 FE 30 28 E7 9A 26 54 81 28 D1 59 5A F0 BF 98 FF 32 0D C7 3D 87 3F 05 EB D0 7C 87 CA E2 8D F0 67 C0 0D E3 E5 3C C7 7E 80 1E 13 04 19 2C A7 BF 78 AB 28 DB 40 56 43 28 A1 08 F9 F0 DD D8 E1 B0 BA EC CF 16 BF 1D EB 3C C5 C4 B5 F5 14 0F 6B 8A 25 6E 91 28 C2 03 41 8A A3 D9 3E 3F 08 07 89 77 66 7D C0 2D 83 0B B6 86 9D E9 2F 29 A6 5A C6 D2 68 9D 0A 5A 90 88 7A 86 43 11 9D C9 A6 8B 5B 00 BD 59 D4 5D A9 D7 ED 5D AE 6E E6 DA 61 19 24 3F 77 F5 1B 26 32 00 F9 0A BB B6 1C CE 9A 95 17 81 EA 20 12 A2 C8 D7 20 09 06 43 9B 08 E7 E7 6C F9 C9 53 6B 2E 6B 56 0A FD 7C BA A5 04 47 91 EE 17 DE D4 5A DF D9 D3 59 DA C0 A9 F4 ED 15 BF 2C B2 EA 9B 12 B7 CB 11 B5 97 CF 2E 6E 75 0A 6C 63 6F E2 C4 B1 44 F6 FF 43 CC FF DD AE 78 7B E1 60 B0 A8 B4 28 2B 35 A6 AE EC E1 65 81 4E 95 CE 7A DB E4 16 EF 4E 51 86 0C B4 F5 D5 0A F2 A8 6A A4 EE 60 2A 30 AA 54 85 0E 0C B4 A3 8D C3 A1 C7 11 B5 D0 3B 6A 53 EE 10 2A C6 8E 55 3D 11 E5 FB 3D 0A 8E 0E F3 42 66 26 3C A4 A3 E0 B7 6C 55 A9 2F 75 F9 21 CD 61 A5 36 3E 5D B7 73 78 74 D5 7C 65 3D 63 45 72 60 B6 7B 1D F3 30 82 7B 29 21 C2 9F DA 00 45 BB E7 40 4E 40 98 50 39 F7 DB 15 3F 52 B2 C9 41 A5 6E 92 2D CF B6 0B 89 DB EE 32 7E D6 F5 C1 E4 38 27 0F 76 6A 6E D1 73 0F C5 81 A4 AE BC FE 3B 77 26 B2 7D 6B 09 2C F5 A0 B6 95 41 96 CB 4C C2 78 8B 87 22 33 8E E1 89 D9 E2 26 92 59 5F 0D 5B 33 3B 0F 71 5C B8 D9 4A 08 AF B6 31 DB B1 BE 79 A7 73 E8 F1 A4 EA F7 22 0C 24 22 2D DA 43 1B 91 D9 17 5D FA 0C 6A E8 1E 8C 4C 87 9D 64 44 6C F5 6F AE FE 14 87 CA 67 39 A7 76 AE E4 2E F8 BE 40 A6 12 F9 5C DE 3B 1F EE AC 1E 1E 41 A2 4C 92 ED 8B 01 52 E2 47 23 9E 5A 8B C9 03 67 9C A8 C7 B9 46 59 AD 5B 1D 10 55 1F 46 0D 92 4F B6 08 82 FC 90 50 8C 37 23 42 0F 86 F4 CF 10 03 87 E8 08 13 3C C4 29 88 3C 0E 3A CE 91 65 1C 07 5C D1 9D 10 6E 0B 43 7B 03 63 04 8C A1 FE AA F9 29 B8 7A ED 90 AF DE 28 1E DC A0 FA 0C C7 B5 A7 F0 38 07 FA 5A C4 1B 1E D7 31 30 EA C1 11 7C 63 1C 18 18 14 2F 24 D4 20 F6 77 6C B5 3D 4D 03 26 B9 FC 30 08 C3 CA 03 FC 64 9D 87 D3 7F A6 17 B7 4F 28 65 C7 52 98 BE D5 4B 7D 8D C6 76 E2 21 03 74 D8 BF 19 4A E2 FE DA 62 B4 79 89 33 C7 64 CC DD F8 45 33 07 21 FC 21 E6 8C 06 95 CA 73 28 51 03 E2 2A E6 8D A4 40 32 6D FE F9 A8 0D 17 D0 A7 C3 F9 20 E7 B0 AA 80 6E E9 B7 54 9E D9 87 8B 6C FB 50 5A C6 9E 8E 8D 3C FA 71 86 75 76 4C FB 03 86 1D 32 AF AA E1 D9 18 BE 87 F6 A9 AC 0D 81 5C 57 AD 3E 16 7D 64 2F 5F CD DC 25 D4 BA 3A C3 E6 7C 26 A4 DE AA 17 79 7B 3C 06 54 F2 71 EA AA 44 2A 71 CB E1 93 72 AD CB DE 3D F8 B3 FE 49 1E 5A 76 A7 9D 12 91 A0 DE 31 7F FB F9 27 F4 27 82 FA 48 27 0F 2C 96 95 63 B1 83 A4 B0 11 2F 34 97 DD 3C 2A 42 3E C8 34 98 BD BA AC 92 89 10 A9 FB 7F E5 78 8E 45 4C 02 7A 28 F4 A9 1A F2 BF 09 E2 61 F8 5B 0E EE 4F 79 29 E6 3C 40 62 49 6C B0 95 34 BB 6D 03 FF 69 ED 29 15 D0 EA 21 5B 4F B3 D1 04 4E 86 EB 87 DF B4 89 8B CB D5 0E 5C 4D DF BD B8 3B 94 10 E1 AD F9 14 46 C4 3C 95 9E 0E 34 1D 67 A5 A7 EF 87 12 58 6D E3 B8 B9 C5 B6 F8 0F 42 F2 35 BF 68 90 0E BF E6 30 4B B0 D9 F6 74 08 B7 62 01 EC 26 18 0B 4B D7 65 00 DE 4F 0D F8 6D F4 A0 63 AE CE CC A6 9D DF 8A 16 2B 67 A4 B9 80 0F A7 57 0D 5B 55 1A C2 70 3A DC 0F FC ED 00 65 0A 96 CD 81 EC 41 87 B9 0C 6B 21 40 CE 99 C1 93 7C 40 58 7E A7 28 99 89 7E 62 81 15 BC AB 73 B3 D9 F4 25 86 0B 10 9A 67 34 7B 8A 12 1F 65 D0 96 8D 56 A3 DD E6 B8 17 1C EA 61 B0 8A E5 68 B9 D0 3C 39 89 77 CE 86 F7 50 55 23 0E F3 70 CA BF 67 C9 CF 97 C3 22 37 19 55 54 03 F3 E0 BD 2A F0 E1 E8 74 2D EC B0 5F AD B0 22 7F 15 D4 0E E2 D6 DC 5A 49 FE 1E 6B C9 E6 CE DD E7 42 94 C3 BB 6F D5 C5 FE DF AD 67 2D F1 DF FD 21 9B D8 BC 1E C3 91 58 EA B5 07 99 87 55 F5 53 44 1D 01 CD 26 A5 50 1F 6F B2 DB 4F 35 97 51 0F 85 B9 3A 54 25 14 C8 01 3E ED BB FC 91 3D CC E8 B2 0A 57 59 66 5B DF D9 91 9E B2 2A 89 16 3D 86 56 38 6D 85 7C 5B FC 7C 24 1C 1D 72 6C D9 4A B0 F9 2D 5B 0F EF CF 1D 4A BD D2 6F BC 6C 17 A4 CC AC F2 D3 1E 5E 71 30 59 DE 93 C5 9D 3B 8D 3E 8D 03 B5 D6 63 F9 DF AD B0 3E 09 3C B8 4F CF 50 0A 1F 0E 2E 5B A1 C9 D8 1D B1 2C C7 99 C6 53 9A F0 CC 35 68 2D 95 CB 78 9C 74 5A 45 2B D8 B3 8E 6C F0 8E 05 79 DA 1A B4 3A D0 85 8D 03 05 F9 61 B1 5A 79 C1 09 0F 48 67 04 0E A2 BD 36 CF 65 12 AA B4 4C E5 A1 09 8E FE 03 91 34 F2 3B F0 57 77 7F EF 3E 68 E4 58 27 B0 48 79 24 CA D4 E5 F0 B1 C3 B4 F5 A0 E3 85 3B 39 64 0E B0 78 2D 78 88 8F E9 2C 3B 68 62 4E 84 FF 6A 5E DE D8 7B E6 2D 34 CE 85 8F 34 E5 FF FB BA 75 F0 14 DF 0F 64 89 88 B5 1A 72 DE 1F F5 4D 5C 7A 4B 8E CB 10 C5 E9 EF 51 DE 98 C0 1E F8 C4 06 F9 82 4A 0C 15 A2 9E 16 B5 A5 3E 36 43 B0 06 5A 42 63 EC AE 50 D2 CB 97 6D 3D 2E A6 25 5A 65 F1 C6 CC 86 16 7F 17 84 A2 7B 83 20 37 DB 4C E1 E2 62 47 53 34 F3 B2 43 0F 86 C7 A2 44 56 EE A8 2A B6 78 AB A9 1B B4 C0 CC 82 C8 77 B8 0B 6D 35 74 00 72 57 27 2C 3E 12 6C 17 A8 B3 6A A8 AA 94 31 FF 01 BF 65 8F 82 D8 15 3E DD EA 68 04 CD C5 64 A3 F5 E9 96 7B 08 FE EB 82 3D 3D B9 35 6A 4A CD D8 0E 88 3C A5 8A 1C 66 1D 01 D1 45 F8 0A 3A B6 7E 80 36 C0 BA E1 BB 7B C4 32 04 EB 0C F3 82 14 BC 74 A9 AE F0 36 A3 1D 5A 9C 55 2D 93 A2 5C 0E 84 05 7B CE 54 37 B1 63 46 80 D0 4A 77 47 2D 63 14 32 D2 BA A7 A3 AC D6 42 20 EF CF 9E 78 48 F8 FD 98 01 BE F7 56 1A 47 0A 18 22 03 21 60 EB 59 ED C0 F9 77 88 2D CE 4F B2 87 2D 89 D2 7F F0 76 DB A7 4A 96 72 F8 69 09 95 65 79 C2 88 53 FA 8D E7 00 2C C8 45 8D 09 25 6D 42 A3 9F 1A 4B DB 6B 56 D3 6D 51 48 8E 73 68 68 6E 54 C1 BB BF FF 48 88 4E 0D 53 6B E3 62 E5 9B D7 F1 83 29 A4 B8 2A ED 39 6E 4F 92 86 5F 59 4D 0D A3 8F 7C AC E7 A4 60 3A F6 0C 1A 53 BD FD 19 47 60 94 AA C6 E4 A8 F3 1F C1 25 7D 48 D0 3B B0 EF 51 5D 84 60 B9 44 15 32 C8 B5 04 3D 05 31 D5 88 1A DB 6D 99 7B B1 84 FD 8C AF 4D 8E 6C 75 9C 3F 71 43 B9 E3 2B C7 A0 EC 62 34 B6 8A DF 41 11 CA 1D 13 67 21 43 8E 5E 6D 71 25 D4 80 CE 98 2D 84 AE A7 70 3B 40 10 CD 27 86 7D 6D DC 5E 0C 97 03 85 19 6F 02 0E 48 ED DB 24 C5 69 72 F9 E6 1E 6C C2 9C 17 12 55 15 83 82 8F 89 95 34 AA CF FF C6 6F 99 99 9E A2 BA 27 31 D5 2A 7F D2 FA 26 2A 22 B0 75 DA 52 A5 AA 58 F5 B4 1A A9 CD C9 18 14 06 71 7F 3F 75 E7 C4 75 09 01 21 96 68 38 12 52 36 E4 DC 62 91 AE 38 74 96 8E 82 08 B9 83 AA DB 03 CA 60 AC D9 35 E6 DA 1B 82 94 07 F7 0A 77 34 0E 44 39 F2 2F DC 2F C4 21 8D E0 F2 5D 2F 88 6C 0A AE B6 93 C2 B2 3D B0 EA B9 95 3B F8 06 C2 17 3E 0B C9 D0 D7 EF 0E 76 37 75 BC 14 32 FF 48 D6 03 5B 12 14 29 4C 81 B7 1C D9 8C 42 83 10 14 09 0C D9 9C B7 49 29 AE 85 3F 88 13 2E 55 91 04 D4 FE A9 8A D4 0F 17 DA 41 00 A9 09 A6 98 1B AD 9E FB 24 0A 79 52 09 27 AA 12 23 2A 56 F4 D8 89 3B FF 92 BF C2 BD 42 CF 3D C0 9B DC 48 4D FD BA 3A 10 C6 09 18 61 04 CE 33 E3 02 4F 44 00 0B E3 48 14 FF 5D C9 87 2D 44 B4 15 7F B3 A6 65 5B 98 5F 6C C5 EF 45 86 F2 AB FE E1 2D CB DB 90 18 1B 39 6F 95 FE 32 13 F0 94 D1 F3 DD 3D 7F ED 80 0F 4E D2 12 90 F6 13 B6 20 48 E0 FC 1F 13 28 D9 F8 7A 56 53 B4 89 D3 6F 72 7B E9 D7 55 52 3D EF 04 72 F1 C1 D5 AC 90 EE 66 53 79 FF 39 D0 6E 86 3C 24 48 90 F5 33 3A 0B 89 B9 20 22 C1 A8 19 80 29 FE 5F 8C 20 3B 3D D2 11 D4 39 89 58 EE 19 01 08 DD 50 B7 85 0E 20 D8 AB E2 B9 27 D5 3D 28 F3 B8 CA 26 BE 81 BC 6B 83 C0 E2 B3 B1 DD A2 80 66 C6 38 60 CE A8 9D F8 27 08 EF 21 D4 D3 6B 84 66 3E 87 B4 38 5A 3E 37 BD 3F F1 EB 2B F6 41 84 C4 47 23 49 06 69 AF 4D A0 92 D4 5B A2 1A 56 9A 35 2E 51 3D 9A 9B 43 E9 CD 4B 81 20 55 82 26 26 EF C5 5F 95 00 09 23 2B 8B 3B B2 D6 3D 44 A8 B0 BD 9B D4 E8 4C 5A 72 44 96 A2 32 6F 63 C9 7D BC B2 35 36 6E C0 CF 60 96 B5 F4 98 8D 07 3C 34 BD 3A 08 41 30 CE A8 D6 EE 22 E5 42 B4 11 C1 E1 85 99 66 7B 3F D6 DD E0 66 9A D8 2C 85 A1 C1 0C A5 86 22 13 CB 1B B2 77 E6 C4 F6 56 4F 20 A9 BC EA 1B 48 17 05 04 C4 72 35 D7 8E D0 A0 44 19 87 C8 C1 7D 90 D7 B5 6C F4 87 C4 67 33 BA 4A 68 48 FE C4 2B 97 CE 40 48 F3 C6 D9 C4 93 32 2F 05 2E F9 3F 02 F1 42 B3 94 0A 10 92 1B D1 5C 91 1E 7A 97 AA 4A 20 DC 38 3C 62 CD 28 8D 25 2B A9 37 B3 F6 07 61 E6 65 35 68 A0 12 41 BB 57 36 64 DE 04 81 1C F3 F5 9B 4C 2D 7E 8A 6C 55 DA 16 F4 68 38 34 56 AA 75 16 97 69 73 97 C2 A5 E5 AB FA 0F 10 99 D8 04 47 D4 9D A5 09 AA 13 47 F3 94 3E E9 BA A1 FD AD 2A 0E 69 41 0B 34 25 3A D4 99 12 82 D0 E9 52 26 0F 52 AB 9F 02 A3 D0 0B 37 09 8C F6 03 54 42 4F 86 20 66 E4 5E 92 AC 47 5C 99 A0 0E 73 80 76 6E 58 9A BF 66 27 16 19 14 27 95 CF 7A 7F BD 13 8A 6C C5 BD 7E 13 51 22 34 1D 1F 06 EB 5B 43 6C 59 BE 0A DE DC 71 BC 03 D7 C6 3C 16 75 1A D5 6C 69 E3 6D EC FE 9E 82 14 C7 19 FC DF 2E 9F E2 DC 97 1F 03 C1 C2 AD 6B 6D 36 8F E8 B1 1D 03 89 65 0C 73 D1 C7 E7 37 08 14 5F A0 59 92 A1 50 E6 A9 09 65 6E A7 86 E2 44 BD F1 CD 71 F4 B0 FD 05 B1 33 5D 70 31 82 FF A9 D9 6C 99 10 82 97 B1 FE 32 7A 83 BF 4F 69 D2 A9 C3 D1 EB 73 A9 DD 8C EE 2B 32 20 90 4A C3 10 11 FD 64 07 A5 BA 42 7F AC B4 62 27 FD ED B1 3D 1C A6 44 3D ED 3D C3 B6 CF 06 A5 9D C9 B9 22 6F BF 35 73 34 AB F5 84 12 60 5F D2 06 E7 B6 12 5F A1 9E 5D 68 F7 57 83 FA 08 20 5B 05 C0 A1 2D 18 30 06 83 17 F6 10 59 58 C4 EB 37 BC B1 BE AE 6A 40 1C 26 76 41 AA 58 27 4A 41 0D 76 B4 D2 A0 3E 41 80 20 86 9B 68 86 BB 81 96 47 61 B3 FC D8 EA 68 05 0A D6 CF F9 96 49 CD E8 FA 53 F0 4B 0C 96 E2 71 C0 B0 92 E2 4D 81 EA 2D 72 37 75 79 9E 71 3E A9 DA 69 67 EF 57 AA AF E1 C6 73 2F 2F 04 75 56 02 7F 02 1C 65 FC 20 C1 C3 BC B3 92 AC F8 FF 7A 9E 14 D9 72 8A 5A AA CD 25 5F C3 86 6B 04 1E 9C 96 DC F5 92 08 3D 78 C9 E4 05 DD D7 99 1D 2E 25 36 D2 EB 1B A0 F0 EC E3 DF B6 A3 4C 26 65 CF AC 2D 18 50 FD 47 8F 61 7F DD 4E 9D D4 49 2C 55 3B D3 75 CF D3 3F 47 44 D6 42 00 6F 3A 52 16 A1 FF 7D 73 64 3E D7 51 CA EC DF DC B5 62 47 AA 2F 66 FB CB 83 15 DA AA 86 00 6A 99 E0 35 0A 72 D5 D5 26 0D 6B B7 7A C5 3C DD 7A BA CB 85 95 86 C2 79 B7 FA CD F0 76 C9 22 AC 27 F3 E9 07 FB 3B 4E C9 77 CA 63 4A 28 DF 06 41 62 16 52 22 DC CE 67 4D AB 60 A4 E9 D4 8E 7F CE A2 67 AB B1 F8 E0 A2 01 2A A6 DB 53 2A 4C E7 4F BA F5 83 E2 C2 92 FA 1B 56 BE 58 5D 14 EE 07 3C DA FE 3F C0 C1 90 50 E6 98 EC 41 B9 D2 7F 5D B4 1A 77 92 08 11 8A 5D 3F 8F 74 33 3B 2A D2 FE 3C EE 27 3B BF EA 48 5E AD 81 7E FF ED F1 26 0C 1A 12 50 70 58 9B 6F 0F 31 98 4E D4 98 CB D2 73 E8 4A 71 8F 54 C8 2C BC 27 47 E6 78 F8 43 7D DE 23 C9 EA 3C 87 78 23 03 4B 7C 70 73 1C 2D 01 CC 09 D1 1D 33 64 E7 94 5B 64 80 B9 B4 16 AC B5 4C D1 19 4B 46 C6 D2 E1 47 61 9A C1 C1 FA 91 5A F8 0A 50 98 64 72 47 EB CF 04 49 63 4F 69 C9 6A FC 74 0B CE 61 99 32 28 18 3D 98 D0 F8 54 06 D8 FF D9 34 [Binary data over 200 bytes] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-1948933813-2092389452-934283344-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9D184CC-5805-488C-A3D8-4CC4EEF71B82}: NameServer = 194.204.89.1,194.204.152.34 O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll (AVG Secure Search) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKU\S-1-5-21-1948933813-2092389452-934283344-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O33 - MountPoints2\{187acdce-34bc-11e3-b32a-001fc6c32ab8}\Shell - "" = AutoRun O33 - MountPoints2\{187acdce-34bc-11e3-b32a-001fc6c32ab8}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL P:\autorun.bat O33 - MountPoints2\{8d1dcc4e-41f1-11e2-859b-001fc6c32ab8}\Shell - "" = AutoRun O33 - MountPoints2\{8d1dcc4e-41f1-11e2-859b-001fc6c32ab8}\Shell\AutoRun\command - "" = I:\ZTE_Handset_USB_Driver.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2014-05-14 17:59:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support [2014-05-14 17:48:23 | 000,000,000 | ---D | C] -- C:\Users\OEM\Desktop\Zapora [2014-05-14 17:29:40 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Roaming\AVAST Software [2014-05-14 17:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast [2014-05-14 17:28:28 | 000,085,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys [2014-05-14 17:28:25 | 001,039,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2014-05-14 17:28:22 | 000,423,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2014-05-14 17:28:20 | 000,079,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2014-05-14 17:28:18 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2014-05-14 17:28:12 | 000,028,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2014-05-14 17:28:07 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2014-05-14 17:27:57 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2014-05-14 17:27:45 | 000,447,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys [2014-05-14 17:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2014-05-14 17:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2014-05-10 22:04:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014-05-10 00:19:47 | 000,000,000 | ---D | C] -- C:\Users\OEM\Desktop\fote [2014-05-09 18:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games [2014-05-08 23:24:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2014-05-04 15:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer [2014-04-30 21:02:05 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Roaming\Wargaming.net [2014-04-29 18:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks [2014-04-22 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Roaming\Oracle [2014-04-22 13:08:49 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014-04-22 13:08:40 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014-04-22 13:08:40 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014-04-22 13:08:40 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014-04-19 20:30:16 | 000,000,000 | ---D | C] -- C:\Users\OEM\AppData\Roaming\StunlockStudios [2014-04-18 16:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2014-04-18 16:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2014-05-14 18:36:00 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014-05-14 18:23:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948933813-2092389452-934283344-1000UA.job [2014-05-14 18:11:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job [2014-05-14 18:06:44 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014-05-14 18:06:40 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014-05-14 18:06:40 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014-05-14 18:05:18 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014-05-14 18:05:16 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job [2014-05-14 18:04:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014-05-14 18:04:25 | 3220,725,760 | -HS- | M] () -- C:\hiberfil.sys [2014-05-14 17:52:37 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014-05-14 17:52:37 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014-05-14 17:29:09 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk [2014-05-14 17:29:09 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2014-05-14 17:27:58 | 001,039,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2014-05-14 17:27:58 | 000,423,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2014-05-14 17:27:58 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2014-05-14 17:27:58 | 000,208,416 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2014-05-14 17:27:58 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2014-05-14 17:27:58 | 000,085,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys [2014-05-14 17:27:58 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2014-05-14 17:27:58 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2014-05-14 17:27:58 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014-05-14 17:27:57 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr [2014-05-14 17:27:50 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2014-05-14 17:27:45 | 000,447,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys [2014-05-12 21:59:09 | 000,743,042 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2014-05-12 21:59:09 | 000,156,524 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2014-05-12 21:59:08 | 001,676,610 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014-05-12 21:59:08 | 000,656,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014-05-12 21:59:08 | 000,122,242 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014-05-12 19:58:08 | 000,081,303 | ---- | M] () -- C:\Users\OEM\Desktop\Bez_nazwy.wma [2014-05-12 16:50:15 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn [2014-05-12 14:23:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1948933813-2092389452-934283344-1000Core.job [2014-05-11 12:23:26 | 005,066,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014-05-09 18:11:06 | 000,097,222 | ---- | M] () -- C:\Users\OEM\Desktop\0002Q27XG8SB8543-C116-F4.jpg [2014-05-09 00:20:51 | 000,524,765 | ---- | M] () -- C:\Users\OEM\Desktop\10328025_627550770658812_2113343574_o.jpg [2014-05-09 00:16:21 | 000,534,464 | ---- | M] () -- C:\Users\OEM\Desktop\10327973_627571253990097_292168469_o.jpg [2014-05-08 23:24:33 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2014-05-08 23:24:13 | 000,050,464 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2014-05-06 15:51:06 | 000,000,588 | ---- | M] () -- C:\Users\Public\Desktop\LauncherHERO.lnk [2014-05-04 15:25:43 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk [2014-05-03 17:16:49 | 000,325,937 | ---- | M] () -- C:\Users\OEM\Desktop\10320121_637838642952264_1167659185_o.jpg [2014-05-02 23:28:42 | 000,032,762 | ---- | M] () -- C:\Users\OEM\Desktop\135976679_2_644x461_wydech-stage6-pro-piaggio-gilera-nie-yasuni-malossi-polini-dodaj-zdjecia_rev001.jpg [2014-05-02 22:02:48 | 000,001,143 | ---- | M] () -- C:\Users\OEM\Desktop\GG.lnk [2014-05-02 20:57:06 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for [2014-05-01 21:22:59 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2014-05-01 21:22:59 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2014-05-01 21:22:51 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2014-05-01 16:34:06 | 000,413,605 | ---- | M] () -- C:\Users\OEM\Desktop\10361370_628569597223596_275216591_o.jpg [2014-05-01 16:33:59 | 000,394,399 | ---- | M] () -- C:\Users\OEM\Desktop\10358830_628569590556930_315840551_o.jpg [2014-05-01 15:48:59 | 000,030,747 | ---- | M] () -- C:\Users\OEM\Desktop\10259962_514943895284342_7856171909379962565_n.jpg [2014-04-30 21:10:13 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2014-04-29 18:45:28 | 000,000,583 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk [2014-04-26 18:25:24 | 000,001,596 | ---- | M] () -- C:\Users\OEM\Desktop\Far Cry 2.lnk [2014-04-24 18:25:14 | 000,001,312 | ---- | M] () -- C:\Users\OEM\Documents\Default.sfvidcap [2014-04-23 20:11:41 | 000,114,988 | ---- | M] () -- C:\Users\OEM\Desktop\DSC_0622_zpscb76566a.jpg [2014-04-21 00:13:23 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2014-04-18 22:09:08 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2014-04-18 20:59:36 | 000,000,202 | ---- | M] () -- C:\Users\OEM\Desktop\Tom Clancy's Ghost Recon Phantoms - EU.url [2014-04-18 16:35:36 | 000,001,931 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-04-18 16:26:03 | 000,000,082 | ---- | M] () -- C:\Windows\mafosav.INI [2014-04-14 20:13:43 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014-04-14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014-04-14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014-04-14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2014-05-14 17:29:09 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk [2014-05-14 17:29:09 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2014-05-14 17:28:27 | 000,208,416 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2014-05-14 17:28:21 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys [2014-05-14 17:28:19 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys [2014-05-12 19:58:08 | 000,081,303 | ---- | C] () -- C:\Users\OEM\Desktop\Bez_nazwy.wma [2014-05-09 18:11:05 | 000,097,222 | ---- | C] () -- C:\Users\OEM\Desktop\0002Q27XG8SB8543-C116-F4.jpg [2014-05-08 23:52:10 | 000,534,464 | ---- | C] () -- C:\Users\OEM\Desktop\10327973_627571253990097_292168469_o.jpg [2014-05-08 22:40:28 | 000,524,765 | ---- | C] () -- C:\Users\OEM\Desktop\10328025_627550770658812_2113343574_o.jpg [2014-05-06 15:51:06 | 000,000,588 | ---- | C] () -- C:\Users\Public\Desktop\LauncherHERO.lnk [2014-05-04 15:25:43 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk [2014-05-03 17:16:48 | 000,325,937 | ---- | C] () -- C:\Users\OEM\Desktop\10320121_637838642952264_1167659185_o.jpg [2014-05-02 23:28:42 | 000,032,762 | ---- | C] () -- C:\Users\OEM\Desktop\135976679_2_644x461_wydech-stage6-pro-piaggio-gilera-nie-yasuni-malossi-polini-dodaj-zdjecia_rev001.jpg [2014-05-02 22:02:48 | 000,001,143 | ---- | C] () -- C:\Users\OEM\Desktop\GG.lnk [2014-05-02 20:57:06 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn [2014-05-02 20:57:06 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for [2014-05-01 16:34:05 | 000,413,605 | ---- | C] () -- C:\Users\OEM\Desktop\10361370_628569597223596_275216591_o.jpg [2014-05-01 16:33:58 | 000,394,399 | ---- | C] () -- C:\Users\OEM\Desktop\10358830_628569590556930_315840551_o.jpg [2014-05-01 15:48:57 | 000,030,747 | ---- | C] () -- C:\Users\OEM\Desktop\10259962_514943895284342_7856171909379962565_n.jpg [2014-04-29 18:45:28 | 000,000,583 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk [2014-04-26 18:25:24 | 000,001,596 | ---- | C] () -- C:\Users\OEM\Desktop\Far Cry 2.lnk [2014-04-23 20:11:41 | 000,114,988 | ---- | C] () -- C:\Users\OEM\Desktop\DSC_0622_zpscb76566a.jpg [2014-04-18 20:59:36 | 000,000,202 | ---- | C] () -- C:\Users\OEM\Desktop\Tom Clancy's Ghost Recon Phantoms - EU.url [2014-04-18 16:26:00 | 000,000,082 | ---- | C] () -- C:\Windows\mafosav.INI [2014-04-14 16:35:34 | 000,003,750 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml [2014-04-13 13:44:33 | 000,079,972 | ---- | C] () -- C:\ProgramData\1397388223.240.bin [2014-04-13 13:27:51 | 000,002,246 | ---- | C] () -- C:\ProgramData\1397388223.716.bin [2014-04-13 13:25:49 | 000,001,451 | ---- | C] () -- C:\ProgramData\1397388223.3052.bin [2014-04-13 13:24:16 | 000,139,858 | ---- | C] () -- C:\ProgramData\1397388223.3856.bin [2014-04-13 13:24:16 | 000,017,887 | ---- | C] () -- C:\ProgramData\1397388223.3876.bin [2014-04-13 13:24:16 | 000,017,801 | ---- | C] () -- C:\ProgramData\1397388223.2964.bin [2014-04-13 13:24:16 | 000,010,651 | ---- | C] () -- C:\ProgramData\1397388223.3820.bin [2014-04-13 13:24:16 | 000,001,090 | ---- | C] () -- C:\ProgramData\1397388223.4072.bin [2014-04-13 13:24:16 | 000,001,090 | ---- | C] () -- C:\ProgramData\1397388223.3860.bin [2014-04-13 13:23:57 | 000,003,735 | ---- | C] () -- C:\ProgramData\1397388223.3352.bin [2014-04-13 13:23:48 | 000,151,983 | ---- | C] () -- C:\ProgramData\1397388223.3228.bin [2014-04-13 13:23:48 | 000,034,309 | ---- | C] () -- C:\ProgramData\1397388223.3200.bin [2014-04-13 13:23:43 | 000,187,547 | ---- | C] () -- C:\ProgramData\1397388223.3136.bin [2014-03-18 10:35:44 | 000,020,882 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpowerAMP Music Converter.dat [2014-01-25 01:07:34 | 000,000,346 | ---- | C] () -- C:\Windows\wininit.ini [2013-09-13 22:44:19 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat [2013-09-08 14:35:09 | 000,639,488 | ---- | C] () -- C:\Windows\SysWow64\ficvdec_x86.dll [2013-09-01 14:00:14 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\patterns.ini [2013-08-21 20:42:33 | 000,517,120 | ---- | C] () -- C:\Windows\SysWow64\CLWCP.exe [2013-08-09 00:06:16 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\nocashio.sys [2013-05-01 17:09:09 | 000,828,671 | ---- | C] () -- C:\Users\OEM\AppData\Local\Tempmusic.ogg [2013-04-14 15:29:47 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll [2013-04-14 15:29:47 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys [2013-04-02 16:14:12 | 002,793,768 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013-03-29 17:29:33 | 000,023,624 | ---- | C] () -- C:\Windows\Launcher.exe [2013-03-11 22:35:38 | 000,000,172 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\EEAF.exe [2013-03-11 22:05:38 | 000,000,172 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\778B.exe [2013-03-11 20:35:35 | 000,000,172 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\747.exe [2013-03-09 15:48:25 | 000,000,173 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\F2E7.exe [2013-02-13 20:21:50 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll [2013-02-13 20:21:38 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\nvPhotoshopUtil.dll [2013-02-13 20:21:38 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\nvISWOW64.dll [2013-02-11 15:33:00 | 000,000,132 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe [2013-02-10 15:15:17 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX.INI [2013-02-10 15:11:17 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Internet Plug-Ins [2013-02-10 15:11:17 | 000,000,268 | RH-- | C] () -- C:\Users\OEM\AppData\Roaming\Importer [2013-02-10 15:11:17 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2013-02-10 15:08:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Installer Plugin [2013-02-10 15:08:28 | 000,000,268 | RH-- | C] () -- C:\Users\OEM\AppData\Roaming\Image Units [2013-02-10 15:08:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2013-02-09 18:14:29 | 000,000,132 | ---- | C] () -- C:\Users\OEM\AppData\Roaming\Preferencje formatu BMP CS6 firmy Adobe [2013-02-05 17:45:22 | 000,290,184 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013-02-05 17:45:05 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013-02-05 14:46:37 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI [2013-01-21 22:42:47 | 000,000,640 | RHS- | C] () -- C:\Users\OEM\ntuser.pol [2012-12-30 21:35:04 | 000,013,312 | ---- | C] () -- C:\Users\OEM\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-12-22 20:18:44 | 000,007,604 | ---- | C] () -- C:\Users\OEM\AppData\Local\resmon.resmoncfg [2012-12-13 17:38:15 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012-12-09 21:49:23 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe [2012-12-09 21:49:23 | 000,001,623 | ---- | C] () -- C:\Windows\InnoTipLanguage.ini [2012-12-09 14:27:32 | 001,648,812 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-12-07 17:00:07 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012-12-07 17:00:07 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2012-12-07 16:59:44 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012-12-07 16:59:44 | 000,593,938 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2012-12-07 16:59:44 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012-12-07 16:59:43 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll [2012-12-07 16:59:43 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012-11-28 15:17:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012-11-28 15:17:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012-11-28 15:17:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012-11-28 15:17:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012-09-28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2014-04-24 16:11:16 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2014-04-24 16:11:16 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2014-05-12 15:00:10 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\.minecraft [2014-01-05 17:55:00 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\.technic [2014-03-22 17:16:13 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Atari [2014-05-10 21:22:15 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Audacity [2014-05-14 17:29:40 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\AVAST Software [2013-11-16 23:08:37 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Avnex [2013-02-04 15:32:00 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2013-02-04 21:40:49 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\com.adobe.WidgetBrowser [2012-12-08 11:45:35 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\DAEMON Tools Lite [2013-09-16 19:11:42 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\DAEMON Tools Pro [2014-03-10 15:33:13 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Dropbox [2013-10-19 23:04:44 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\EPSON [2014-04-12 13:38:17 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\FlowStone [2013-06-02 20:37:18 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\ftblauncher [2014-03-02 22:25:12 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\gd.sos.McPixel [2014-05-14 00:57:11 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\GG [2013-03-10 17:04:42 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\GHISLER [2014-04-12 13:38:50 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Image-Line [2013-08-21 20:43:09 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\IObit [2013-10-09 18:46:17 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\mineshafter_squared [2013-09-08 14:35:13 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Mirillis [2012-12-08 12:43:17 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Mount&Blade [2014-01-28 15:14:16 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Mount&Blade Warband [2013-02-10 15:15:18 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Nikon [2014-02-07 19:14:43 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\OBS [2013-08-21 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\OnLive App [2013-10-11 12:17:48 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Opera Software [2014-04-22 14:47:42 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Oracle [2013-07-29 22:48:32 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Origin [2013-02-05 14:46:37 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\PACE Anti-Piracy [2013-12-25 00:28:13 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Publish Providers [2014-04-13 13:23:43 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\QuickScan [2013-05-02 19:10:57 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\RotMG.Production [2014-04-27 23:15:45 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Samsung [2014-01-01 19:57:23 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Sony [2014-01-17 21:18:02 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Sony Creative Software Inc [2013-01-03 19:37:39 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\SplitMediaLabs [2013-02-05 16:34:19 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2014-04-19 20:30:16 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\StunlockStudios [2013-05-11 14:28:01 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\TeamViewer [2014-01-17 21:18:42 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Techland [2012-12-30 16:07:11 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\TechSmith [2014-04-26 19:39:36 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\TS3Client [2014-04-13 14:21:44 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\TuneUp Software [2012-12-09 18:31:07 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Unity [2014-04-30 21:02:05 | 000,000,000 | ---D | M] -- C:\Users\OEM\AppData\Roaming\Wargaming.net [2014-03-21 20:26:17 | 000,000,000 | -HSD | M] -- C:\Users\OEM\AppData\Roaming\wyUpdate AU [2014-04-10 17:10:52 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\DAEMON Tools Pro [2014-05-01 13:49:15 | 000,000,000 | ---D | M] -- C:\Users\Test\AppData\Roaming\Wargaming.net [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT @Alternate Data Stream - 40 bytes -> C:\ProgramData:NT @Alternate Data Stream - 1154 bytes -> C:\ProgramData\Microsoft:L1aFyWqjXYyfeKbc8iV @Alternate Data Stream - 1013 bytes -> C:\ProgramData\Microsoft:qWrQDPQUgMdMiAmmjq4Jl1js < End of report >