[code] HitmanPro 3.7.9.240 www.hitmanpro.com Computer name . . . . : WINXP-47C0FA42D Windows . . . . . . . : 5.1.3.2600.X86/2 User name . . . . . . : WINXP-47C0FA42D\User License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2015-04-16 13:42:54 Scan mode . . . . . . : Normal Scan duration . . . . : 5m 4s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : Yes Threats . . . . . . . : 5 Traces . . . . . . . : 46 Objects scanned . . . : 537 253 Files scanned . . . . : 17 850 Remnants scanned . . : 65 697 files / 453 706 keys Malware _____________________________________________________________________ C:\Documents and Settings\User\Local Settings\Temp{B5992E77-86AF-4208-B9A9-615EBC61D816}\OmigaZip_patch\wz_ydl.exe -> Quarantined Size . . . . . . . : 389 840 bytes Age . . . . . . . : 91.0 days (2015-01-15 13:24:40) Entropy . . . . . : 7.9 SHA-256 . . . . . : 52A46DFFDBAAF31507ED6AA39FB9EE7500EBB202A825CB4D3D5478425B8484D2 Product . . . . . : Func Component Description . . . : func component Version . . . . . : 1.0.0.2 Copyright . . . . : Copyright (C)2014 RSA Key Size . . . : 2048 LanguageID . . . . : 1033 Authenticode . . . : Valid > Bitdefender . . . : Trojan.GenericKD.2078221 Fuzzy . . . . . . : 102.0 C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064496.exe -> Deleted Size . . . . . . . : 264 192 bytes Age . . . . . . . : 0.0 days (2015-04-16 13:19:57) Entropy . . . . . : 5.1 SHA-256 . . . . . : B7EE39353A171925B74C79BD9DCB8F532C903EF361C4323355DD629A267FA1D8 Product . . . . . : egt Publisher . . . . : egt Description . . . : egt Version . . . . . : 1.0.0.1 LanguageID . . . . : 2057 > Bitdefender . . . : Adware.SupSoft.A > Kaspersky . . . . : not-a-virus:Downloader.Win32.AdLoad.plbq Fuzzy . . . . . . : 102.0 Forensic Cluster -9.8s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064678.dir -0.5s C:\Documents and Settings\All Users\Application Data\Sony\Sony PC Companion\PCCompanionInfo\tm20150416.txt 0.0s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064496.exe 0.7s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064497.exe 0.8s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064498.exe 1.4s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064499.exe 2.9s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064500.exe 2.9s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064501.dll 3.0s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064502.exe 3.1s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064503.dll 3.4s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064504.exe 7.1s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064505.exe 7.3s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064506.exe 7.8s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064507.exe 9.5s C:\WINDOWS\Temp\Perflib_Perfdata_8d0.dat 10.9s C:\WINDOWS\Prefetch\NETSH.EXE-085CFFDE.pf C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064499.exe -> Quarantined Size . . . . . . . : 3 868 890 bytes Age . . . . . . . : 0.0 days (2015-04-16 13:19:58) Entropy . . . . . : 8.0 SHA-256 . . . . . : 24D0E5FAF980ECB7F7FFBE263C64C4F5780D58AA2944FFF50128D8EC41135D60 > Bitdefender . . . : Adware.Dropper.AO Fuzzy . . . . . . : 116.0 Forensic Cluster -11.2s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064678.dir -1.9s C:\Documents and Settings\All Users\Application Data\Sony\Sony PC Companion\PCCompanionInfo\tm20150416.txt -1.4s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064496.exe -0.7s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064497.exe -0.7s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064498.exe 0.0s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064499.exe 1.4s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064500.exe 1.5s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064501.dll 1.6s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064502.exe 1.6s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064503.dll 2.0s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064504.exe 5.7s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064505.exe 5.9s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064506.exe 6.4s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064507.exe 8.1s C:\WINDOWS\Temp\Perflib_Perfdata_8d0.dat 9.5s C:\WINDOWS\Prefetch\NETSH.EXE-085CFFDE.pf C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064500.exe -> Quarantined Size . . . . . . . : 131 072 bytes Age . . . . . . . : 0.0 days (2015-04-16 13:20:00) Entropy . . . . . : 6.2 SHA-256 . . . . . : 0D7F25EE0EBFDC4D79BD784829F41CF7A1A0A0CB6C0647F554367160CFABDA8F Description Copyright . . . . : Copyright (C) 2014 > Bitdefender . . . : Application.Generic.662869 Fuzzy . . . . . . : 106.0 Forensic Cluster -12.6s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064678.dir -3.3s C:\Documents and Settings\All Users\Application Data\Sony\Sony PC Companion\PCCompanionInfo\tm20150416.txt -2.9s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064496.exe -2.2s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064497.exe -2.1s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064498.exe -1.4s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064499.exe 0.0s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064500.exe 0.0s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064501.dll 0.2s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064502.exe 0.2s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064503.dll 0.5s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064504.exe 4.3s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064505.exe 4.5s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064506.exe 4.9s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064507.exe 6.7s C:\WINDOWS\Temp\Perflib_Perfdata_8d0.dat 8.0s C:\WINDOWS\Prefetch\NETSH.EXE-085CFFDE.pf C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064502.exe -> Deleted Size . . . . . . . : 180 224 bytes Age . . . . . . . : 0.0 days (2015-04-16 13:20:00) Entropy . . . . . : 6.4 SHA-256 . . . . . : 3E37CA83621D33CF1DA1732A30F60E4EE3B3EAB0F59D4E44308D7974499C8F3A Copyright . . . . : Copyright 2014 > Bitdefender . . . : Application.Generic.663714 > Kaspersky . . . . : not-a-virus:HEUR:AdWare.Win32.Agent.heur Fuzzy . . . . . . : 106.0 Forensic Cluster -12.8s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064678.dir -3.5s C:\Documents and Settings\All Users\Application Data\Sony\Sony PC Companion\PCCompanionInfo\tm20150416.txt -3.0s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064496.exe -2.3s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064497.exe -2.3s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064498.exe -1.6s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064499.exe -0.2s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064500.exe -0.1s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064501.dll 0.0s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064502.exe 0.0s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064503.dll 0.4s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064504.exe 4.1s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064505.exe 4.3s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064506.exe 4.8s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064507.exe 6.5s C:\WINDOWS\Temp\Perflib_Perfdata_8d0.dat 7.9s C:\WINDOWS\Prefetch\NETSH.EXE-085CFFDE.pf Suspicious files ____________________________________________________________ C:\Documents and Settings\Ania i Grześ\Desktop\FRST-OlderVersion\FRST.exe Size . . . . . . . : 1 135 104 bytes Age . . . . . . . : 0.9 days (2015-04-15 16:33:50) Entropy . . . . . : 8.0 SHA-256 . . . . . : 27600BC2D6D1CBBD1FA5BB7A9157ACCCF3A068A6800ED4B6DC50D24A747F6CAB Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Documents and Settings\Ania i Grześ\Desktop\FRST.exe Size . . . . . . . : 1 136 640 bytes Age . . . . . . . : 0.9 days (2015-04-15 16:34:29) Entropy . . . . . : 8.0 SHA-256 . . . . . : 0D67B9A240EDC5A45EE96A33C16ADC90452EA8DBEB7D4C285EAC9995ECA00652 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-527237240-706699826-725345543-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Ania i Grześ\Desktop\FRST.exe Forensic Cluster -1.0s C:\Documents and Settings\Ania i Grześ\Cookies\Q9GI0MK8.txt -1.0s C:\Documents and Settings\Ania i Grześ\Cookies\I9OXPI0X.txt 0.0s C:\Documents and Settings\Ania i Grześ\Desktop\FRST.exe 0.0s C:\Documents and Settings\Ania i Grześ\Local Settings\Temporary Internet Files\Content.IE5\WOR8P5UV\FRST[1].exe 4.2s C:\Documents and Settings\Ania i Grześ\Desktop\FRST-OlderVersion\ 7.2s C:\WINDOWS\Prefetch\FRST.EXE-2AE943AE.pf 10.1s C:\Documents and Settings\Ania i Grześ\Local Settings\Temporary Internet Files\Content.IE5\RV01DIBZ\up32[1] C:\Documents and Settings\Ania i Grześ\Desktop\frst\FRST-OlderVersion\FRST.exe Size . . . . . . . : 1 135 104 bytes Age . . . . . . . : 2.0 days (2015-04-14 14:44:52) Entropy . . . . . : 8.0 SHA-256 . . . . . : 27600BC2D6D1CBBD1FA5BB7A9157ACCCF3A068A6800ED4B6DC50D24A747F6CAB Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. C:\Documents and Settings\Ania i Grześ\Desktop\frst\FRST.exe Size . . . . . . . : 1 135 616 bytes Age . . . . . . . : 2.0 days (2015-04-14 14:45:44) Entropy . . . . . : 8.0 SHA-256 . . . . . : 7EA2441A688661505884EA7FADF1B1E68746DB1A4D01AA8F4506539BBDB99ADB Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-527237240-706699826-725345543-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\Ania i Grześ\Desktop\frst\FRST.exe C:\Documents and Settings\Ania i Grześ\Local Settings\Temporary Internet Files\Content.IE5\WOR8P5UV\FRST[1].exe Size . . . . . . . : 1 136 640 bytes Age . . . . . . . : 0.9 days (2015-04-15 16:34:29) Entropy . . . . . : 8.0 SHA-256 . . . . . : 0D67B9A240EDC5A45EE96A33C16ADC90452EA8DBEB7D4C285EAC9995ECA00652 Needs elevation . : Yes Fuzzy . . . . . . : 24.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster -1.0s C:\Documents and Settings\Ania i Grześ\Cookies\Q9GI0MK8.txt -1.0s C:\Documents and Settings\Ania i Grześ\Cookies\I9OXPI0X.txt 0.0s C:\Documents and Settings\Ania i Grześ\Desktop\FRST.exe 0.0s C:\Documents and Settings\Ania i Grześ\Local Settings\Temporary Internet Files\Content.IE5\WOR8P5UV\FRST[1].exe 4.2s C:\Documents and Settings\Ania i Grześ\Desktop\FRST-OlderVersion\ 7.2s C:\WINDOWS\Prefetch\FRST.EXE-2AE943AE.pf 10.1s C:\Documents and Settings\Ania i Grześ\Local Settings\Temporary Internet Files\Content.IE5\RV01DIBZ\up32[1] C:\Documents and Settings\User\Desktop\frst\FRST-OlderVersion\FRST.exe Size . . . . . . . : 1 136 640 bytes Age . . . . . . . : 8.1 days (2015-04-08 12:08:55) Entropy . . . . . : 8.0 SHA-256 . . . . . : 0D67B9A240EDC5A45EE96A33C16ADC90452EA8DBEB7D4C285EAC9995ECA00652 Needs elevation . : Yes Fuzzy . . . . . . : 23.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Forensic Cluster 0.0s C:\Documents and Settings\User\Desktop\frst\FRST-OlderVersion\FRST.exe 0.0s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP280\A0063919.exe 0.0s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064410.exe C:\Documents and Settings\User\Desktop\frst\FRST.exe Size . . . . . . . : 1 137 152 bytes Age . . . . . . . : 0.1 days (2015-04-16 11:49:42) Entropy . . . . . : 8.0 SHA-256 . . . . . : C170A55C6555C003E1C74FDC526F4ABE7350D3DEE779786D01FA8A7605120B05 Needs elevation . : Yes Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/18a9f353b4f2c87dbd083d1a8584a462/552f85b8/windows/security/security-utilities/f/farbar-recovery-scan-tool/32/FRST.exe Fuzzy . . . . . . : 27.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. The file is downloaded from the Internet to this computer. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. References HKU\S-1-5-21-527237240-706699826-725345543-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\User\Desktop\frst\FRST.exe Forensic Cluster -27.0s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064480.dir -7.8s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064481.dir -0.3s C:\Documents and Settings\User\Cookies\3M60YYH5.txt -0.3s C:\Documents and Settings\User\Cookies\7UOQ4RWB.txt -0.0s C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\Y8QM962M\FRST[1].exe 0.0s C:\Documents and Settings\User\Desktop\frst\FRST.exe 2.2s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064482.dir 12.2s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064483.dir 22.2s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064484.dir 24.5s C:\RECYCLER\S-1-5-21-527237240-706699826-725345543-1003\Dc6.txt 24.9s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064411.cfg 26.8s C:\Program Files\AVAST Software\Avast\defs\15041600_stream\pkg1504160000000032.bin 37.8s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064412.ini 41.2s C:\System Volume Information\_restore{C0D49A16-F007-4AA9-9EBB-FD5AC3268CA2}\RP281\A0064413.ini C:\Documents and Settings\User\My Documents\Pobrane\FRST.exe Size . . . . . . . : 1 135 104 bytes Age . . . . . . . : 8.1 days (2015-04-08 12:08:23) Entropy . . . . . : 8.0 SHA-256 . . . . . : 27600BC2D6D1CBBD1FA5BB7A9157ACCCF3A068A6800ED4B6DC50D24A747F6CAB Needs elevation . : Yes Fuzzy . . . . . . : 23.0 Program has no publisher information but prompts the user for permission elevation. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Potential Unwanted Programs _________________________________________________ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ) -> Deleted HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ) -> Deleted HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> Deleted HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\winzipersvc\ (AirZip) -> Deleted HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> Deleted HKLM\SYSTEM\ControlSet002\Services\Eventlog\Application\winzipersvc\ (AirZip) -> Deleted HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISAFENETFILTER\ (NationZoom) -> PendingDelete HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\winzipersvc\ (AirZip) -> PendingDelete HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> Deleted HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> PendingDelete HKU\S-1-5-21-527237240-706699826-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\YAC\ (NationZoom) -> Deleted Cookies _____________________________________________________________________ C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2xnp05xh.default-1428015754187\cookies.sqlite:ad.adocean.pl C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2xnp05xh.default-1428015754187\cookies.sqlite:ads.businessclick.com C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2xnp05xh.default-1428015754187\cookies.sqlite:ads.pubmatic.com C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2xnp05xh.default-1428015754187\cookies.sqlite:doubleclick.net C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\2xnp05xh.default-1428015754187\cookies.sqlite:stat.4u.pl C:\Documents and Settings\User\Cookies\09HUUHZ6.txt C:\Documents and Settings\User\Cookies\18YASCTQ.txt C:\Documents and Settings\User\Cookies\6NO27MAE.txt C:\Documents and Settings\User\Cookies\B3IGMQJV.txt C:\Documents and Settings\User\Cookies\BM40P04P.txt C:\Documents and Settings\User\Cookies\FJW9LD3D.txt C:\Documents and Settings\User\Cookies\LNF7YF5C.txt C:\Documents and Settings\User\Cookies\NG6DW7ZO.txt C:\Documents and Settings\User\Cookies\OV09PCBK.txt C:\Documents and Settings\User\Cookies\S0C3DDDY.txt C:\Documents and Settings\User\Cookies\SDT2LIWZ.txt C:\Documents and Settings\User\Cookies\THR4Q294.txt C:\Documents and Settings\User\Cookies\WO4UFZ2T.txt C:\Documents and Settings\User\Cookies\X366OAEM.txt [/code]