x-kom hosting

System odmawia posłuszeństwa

legendk
utworzono
utworzono (edytowane)

Witam
Mam problem, pojawił się nagle.
Kiedy próbuje dostać się do Mój Komputer to otwiera się tylko okno z eksploratorem Windows i coś tam się ładuje i nic, ledwo uruchomiłem Opere, żeby tu napisać, dodam że ostatnio coś ściągałem i jadę bez antyvira. (tak jestem debilem) :) Restartowałem już komputer i nic nie pomogło.
Co się dzieje? Czy to wirus?

Już wiem co jest.. wnr231.exe w procesach, tylko jak go tu teraz usunąć bez wejścia do Mój komputer i antyvira?

kelloco2
komentarz
komentarz

weź zamknij proces. Może wejdziesz, możesz spróbować w trybie awaryjnym i załatw sobie antywirusa. Jak jakiegoś masz to uruchom go przez menadżer zadań Plik>Nowe zadanie

Tomek01
komentarz
komentarz

Wstaw logi OTL i RSIT zgodnie z poniższym opisem.
Przenoszę do odpowiedniego działu.

legendk
komentarz
komentarz (edytowane)

OLT.txt
[log]OTL logfile created on: 2011-02-06 22:12:31 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = D:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,13 Gb Total Space | 29,83 Gb Free Space | 39,70% Space Free | Partition Type: NTFS
Drive D: | 195,32 Gb Total Space | 71,08 Gb Free Space | 36,39% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 94,46 Gb Free Space | 48,37% Space Free | Partition Type: NTFS

Computer Name: USER-KOMPUTER | User Name: User | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-02-06 16:58:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2010-09-15 04:50:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2010-06-16 10:57:22 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2009-07-14 02:14:42 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskmgr.exe
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-07-14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2009-07-14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-07-14 02:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ctfmon.exe
PRC - [2009-07-14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-02-06 16:58:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2010-06-29 06:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010-04-07 08:10:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2010-03-24 07:37:04 | 001,286,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2009-12-08 12:33:31 | 000,857,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2009-12-08 12:32:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009-07-14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-07-14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2009-07-14 02:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-07-14 02:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2009-07-14 02:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010-11-18 07:21:40 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-11-02 05:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010-06-20 16:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010-06-17 22:04:52 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-06-16 21:31:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-06-07 16:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)
SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007-05-31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2005-03-09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-02-05 13:28:13 | 000,007,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Cabal Unlimited\Byakko.K32 -- (ByakkoDriver)
DRV - [2010-06-24 15:26:15 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-06-08 16:19:26 | 003,112,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010-06-08 00:57:00 | 010,888,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-12-11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009-07-13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007-06-29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006-09-24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2005-03-09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [1996-04-03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.wp.pl/ [binary data]
IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-08-20 21:33:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-11-03 18:47:49 | 000,000,000 | ---D | M]

[2010-06-28 08:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011-02-05 17:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions
[2010-12-12 22:35:00 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010-12-12 20:41:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010-08-24 20:02:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010-08-12 22:22:20 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2010-08-07 22:16:28 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\illimitux@illimitux.net
[2010-04-12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xawtbya3.default\searchplugins\BearShareWebSearch.xml
[2010-12-15 15:22:16 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xawtbya3.default\searchplugins\conduit.xml
[2011-02-05 17:49:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-23 22:36:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-12-06 19:37:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010-06-26 08:59:22 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-04-12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2010-06-26 08:59:22 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2010-06-26 08:59:22 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2010-06-26 08:59:22 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2010-06-26 08:59:22 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2010-06-26 08:59:22 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2008-12-03 14:51:12 | 000,000,799 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nssvc32.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvcs.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wnr231.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LogonInit: DllName - logonInit.dll - C:\Program Files\Common Files\logonInit.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4ce1c075-b803-11df-b027-0016e6ddf839}\Shell - "" = AutoRun
O33 - MountPoints2\{4ce1c075-b803-11df-b027-0016e6ddf839}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{eda7b191-7f9c-11df-b68e-0016e6ddf839}\Shell - "" = AutoRun
O33 - MountPoints2\{eda7b191-7f9c-11df-b68e-0016e6ddf839}\Shell\AutoRun\command - "" = J:\autorun.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-02-06 22:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011-02-06 22:13:36 | 000,000,000 | ---D | C] -- C:\rsit
[2011-02-06 16:42:44 | 003,006,368 | ---- | C] (Piriform Ltd) -- C:\Users\User\Desktop\ccsetup303.exe
[2011-02-06 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\do nauki
[2011-02-05 22:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011-02-05 22:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2011-02-05 22:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011-02-05 22:52:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Google
[2011-02-05 22:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011-02-05 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PandoraRecovery
[2011-02-05 22:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Recovery
[2011-02-05 22:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery
[2011-02-05 22:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UndeleteMyFiles
[2011-02-05 22:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\UndeleteMyFiles
[2011-02-05 11:38:19 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\luty 2011
[2011-02-03 21:44:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\testdisk-6.11.3
[2011-01-30 22:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt
[2011-01-23 21:16:41 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Deluxe Ski Jump 4
[2011-01-23 21:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
[2011-01-23 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4
[2011-01-23 10:42:28 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\kmeaw
[2011-01-16 17:12:54 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Nowy folder
[2011-01-14 15:21:00 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ikonki
[2011-01-12 21:03:29 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\ubki
[2010-12-30 13:37:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{789F916F-CD1D-44F8-B59F-5AAF7B9912AC}
[2010-12-30 13:37:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{292012BA-D6C1-45D0-9B09-C6AA5240581A}
[2010-12-27 19:23:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010-12-25 11:49:56 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\prog
[2010-12-25 11:49:12 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{4099443F-E2AE-42B8-92FF-4B6EFEF3A091}
[2010-12-25 11:43:44 | 000,000,000 | ---D | C] -- C:\Windows\pl
[2010-12-25 11:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010-12-25 11:34:25 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010-12-25 11:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010-12-25 11:29:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Windows Live
[2010-12-25 11:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010-12-21 22:28:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2010-12-21 22:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2010-12-21 22:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2010-12-21 22:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2010-12-21 22:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010-12-21 21:08:31 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\BioWare
[2010-12-21 21:04:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010-12-21 21:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mass Effect
[2010-12-21 21:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2010-12-21 20:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect
[2010-12-19 20:52:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2010-12-19 20:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2010-12-19 20:52:01 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\VirtualDJ
[2010-12-19 20:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010-12-15 20:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 5.6.1
[2010-12-15 20:47:09 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\System32\D3DX81ab.dll
[2010-12-15 20:47:09 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine
[2010-12-13 18:48:50 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\geo
[2010-12-12 22:35:02 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010-12-12 22:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoftTB
[2010-12-12 20:41:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2010-12-12 20:41:25 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\DVDVideoSoft
[2010-12-12 20:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2010-12-12 20:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010-12-12 20:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010-12-10 16:04:33 | 000,000,000 | ---D | C] -- C:\Program Files\RapidShareManager
[2010-12-10 16:04:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RapidShare Manager
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-02-06 21:55:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-02-06 21:55:20 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2011-02-06 21:51:43 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemplM2056.html
[2011-02-06 21:51:43 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempie2056.html
[2011-02-06 21:51:29 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-02-06 18:19:20 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-02-06 18:19:20 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-02-06 17:50:25 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempiL2908.html
[2011-02-06 17:50:25 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempgQ2908.html
[2011-02-06 17:33:12 | 000,648,748 | ---- | M] () -- C:\Users\User\Documents\BioWare.rar
[2011-02-06 17:33:02 | 000,000,020 | ---- | M] () -- C:\Users\User\Documents\Nowy Archiwum WinRARa.rar
[2011-02-06 17:10:31 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempSi3592.html
[2011-02-06 17:10:31 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempWf3592.html
[2011-02-06 17:10:05 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempQg3020.html
[2011-02-06 17:10:05 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempfj3020.html
[2011-02-06 17:00:14 | 000,171,180 | ---- | M] () -- C:\Users\User\Desktop\OTL.exe
[2011-02-06 16:57:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-02-06 16:54:29 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempWm3172.html
[2011-02-06 16:54:29 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempyt3172.html
[2011-02-06 16:51:23 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempvo3152.html
[2011-02-06 16:51:23 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TemptN3152.html
[2011-02-06 16:43:02 | 003,006,368 | ---- | M] (Piriform Ltd) -- C:\Users\User\Desktop\ccsetup303.exe
[2011-02-06 16:27:32 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempjx2624.html
[2011-02-06 16:27:32 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempZf2624.html
[2011-02-06 16:25:28 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemprN3092.html
[2011-02-06 16:25:28 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempLb3092.html
[2011-02-06 16:22:07 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempJl4596.html
[2011-02-06 16:22:07 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempLi4596.html
[2011-02-06 15:17:07 | 004,352,601 | ---- | M] () -- C:\Users\User\Desktop\sieci.rar
[2011-02-06 15:04:45 | 000,746,594 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-02-06 15:04:44 | 000,632,146 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-02-06 15:04:44 | 000,150,920 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-02-06 15:04:44 | 000,121,758 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-02-06 11:50:51 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempLa4724.html
[2011-02-05 23:13:43 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempPO2384.html
[2011-02-05 22:57:52 | 000,002,207 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011-02-05 11:44:45 | 000,247,612 | ---- | M] () -- C:\Users\User\Desktop\Sony-Playstation.ico
[2011-02-04 21:15:27 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempPE3028.html
[2011-02-04 12:04:29 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempeV2064.html
[2011-02-04 10:01:43 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemptE2204.html
[2011-02-03 22:43:15 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempyb3056.html
[2011-02-03 22:43:15 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempbU3056.html
[2011-02-03 21:46:22 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempnR2680.html
[2011-02-03 21:46:22 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempNF2680.html
[2011-02-03 20:56:31 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemplW3312.html
[2011-02-03 20:56:31 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempyR3312.html
[2011-02-03 16:31:48 | 226,173,471 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-01-31 08:40:36 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempqb2992.html
[2011-01-31 00:44:51 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempUQ2288.html
[2011-01-31 00:22:49 | 000,057,476 | ---- | M] () -- C:\Users\User\Desktop\ddd33.png
[2011-01-30 22:18:16 | 000,085,693 | ---- | M] () -- C:\Users\User\Desktop\pulpfiction.png
[2011-01-30 22:02:31 | 000,000,951 | ---- | M] () -- C:\Users\User\Desktop\NapiProjekt.lnk
[2011-01-30 19:20:27 | 000,416,508 | ---- | M] () -- C:\Users\User\Desktop\friday_gif_collection_10.gif
[2011-01-30 16:12:21 | 023,345,299 | ---- | M] () -- C:\Users\User\Desktop\tapeta.psd
[2011-01-30 15:52:22 | 001,463,320 | ---- | M] () -- C:\Users\User\Desktop\Untitled-3.jpg
[2011-01-30 15:48:14 | 000,000,122 | ---- | M] () -- C:\Users\User\Desktop\3-2-45-1-569179-1-4ACE99-DDEE1E-DDEE1E-DDEE1E-DDEE1E-B3F1D5-78D316-78D316-78D316-78D316-yes-yes-yes-yes-yes-.png
[2011-01-30 15:40:54 | 000,080,744 | ---- | M] () -- C:\Users\User\Desktop\PlayStation_1_Logo.png
[2011-01-30 15:34:42 | 001,347,382 | ---- | M] () -- C:\Users\User\Desktop\Crysis2.png
[2011-01-30 15:33:02 | 001,016,441 | ---- | M] () -- C:\Users\User\Desktop\Crysis render 1 .png
[2011-01-30 15:31:13 | 001,381,719 | ---- | M] () -- C:\Users\User\Desktop\Crysis_Render~0.png
[2011-01-30 15:10:24 | 002,256,246 | ---- | M] () -- C:\Users\User\Desktop\ddd.psd
[2011-01-30 12:10:45 | 000,056,680 | ---- | M] () -- C:\Users\User\Desktop\ddd.png
[2011-01-29 23:55:41 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temphh2692.html
[2011-01-29 23:23:54 | 000,055,716 | ---- | M] () -- C:\Users\User\Desktop\dddd.png
[2011-01-29 23:14:15 | 000,166,821 | ---- | M] () -- C:\Users\User\Desktop\Assassinscreed1.png
[2011-01-29 23:10:27 | 000,686,644 | ---- | M] () -- C:\Users\User\Desktop\Dead_Space_2_Render.png
[2011-01-29 23:09:05 | 000,085,871 | ---- | M] () -- C:\Users\User\Desktop\normal_Bioshock_2.png
[2011-01-29 23:07:31 | 000,044,328 | ---- | M] () -- C:\Users\User\Desktop\normal_thro_dv_render.png
[2011-01-29 17:17:04 | 005,392,880 | ---- | M] () -- C:\Users\User\Desktop\trondp.psd
[2011-01-29 16:29:09 | 000,067,741 | ---- | M] () -- C:\Users\User\Desktop\trondp.jpg
[2011-01-29 09:18:35 | 002,216,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-01-29 00:15:11 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempef2348.html
[2011-01-28 22:01:17 | 000,067,100 | ---- | M] () -- C:\Users\User\Desktop\logo.png
[2011-01-28 21:59:51 | 000,230,635 | ---- | M] () -- C:\Users\User\Desktop\20091226100915!Normandy_Render.png
[2011-01-27 23:16:55 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempAH4004.html
[2011-01-27 15:50:52 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempqg2640.html
[2011-01-27 15:50:52 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempcn2640.html
[2011-01-26 22:53:04 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempzy1656.html
[2011-01-25 16:41:16 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempmGK588.html
[2011-01-25 14:22:00 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempXm2468.html
[2011-01-24 22:35:15 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemppX2696.html
[2011-01-24 20:13:59 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempRE4060.html
[2011-01-24 17:41:41 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempVK3644.html
[2011-01-24 14:13:50 | 000,041,916 | ---- | M] () -- C:\Users\User\Desktop\pko_trans_details_110124_141346.pdf
[2011-01-23 22:29:23 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempyp3784.html
[2011-01-23 21:16:20 | 000,001,010 | ---- | M] () -- C:\Users\User\Desktop\DSJ4.lnk
[2011-01-23 17:03:13 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempxp1604.html
[2011-01-23 14:47:44 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZQ2600.html
[2011-01-23 10:34:25 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemprU2260.html
[2011-01-23 09:52:35 | 178,890,320 | ---- | M] () -- C:\Users\User\Desktop\PS3UPDAT.PUP
[2011-01-22 23:37:54 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempOU4048.html
[2011-01-22 20:20:25 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZd3672.html
[2011-01-22 18:09:20 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempFQa516.html
[2011-01-21 20:22:07 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempWe2200.html
[2011-01-21 17:21:41 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempFd3292.html
[2011-01-21 11:05:57 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemprD2416.html
[2011-01-20 23:29:08 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempYz2400.html
[2011-01-20 23:29:08 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Temphk2400.html
[2011-01-20 22:34:53 | 000,879,402 | ---- | M] () -- C:\Users\User\Desktop\sieci.zip
[2011-01-19 22:36:32 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempWl3960.html
[2011-01-19 19:02:11 | 009,435,984 | ---- | M] () -- C:\Users\User\Desktop\UP0001-BLES00896_00-0000000000000000.pkg
[2011-01-19 18:03:14 | 007,799,392 | ---- | M] () -- C:\Users\User\Desktop\UP0001-BLES00952_00-0000111122223333.pkg
[2011-01-19 17:08:14 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempoF2476.html
[2011-01-18 23:19:51 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemprP3132.html
[2011-01-18 06:28:07 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempAM2512.html
[2011-01-18 06:28:07 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempEY2512.html
[2011-01-17 22:35:06 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempYa2168.html
[2011-01-17 19:41:11 | 003,330,304 | ---- | M] () -- C:\Users\User\Desktop\BLUS30566V100.pkg
[2011-01-17 12:35:52 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempAg2464.html
[2011-01-17 12:35:52 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempfE2464.html
[2011-01-16 22:12:55 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempjx2292.html
[2011-01-16 17:57:26 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempPl4164.html
[2011-01-16 17:57:26 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempXg4164.html
[2011-01-16 17:28:56 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempas2664.html
[2011-01-16 17:10:07 | 003,120,012 | ---- | M] () -- C:\Users\User\Documents\Nowy folder.rar
[2011-01-16 15:35:10 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temphl2204.html
[2011-01-16 03:11:17 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempgB2108.html
[2011-01-16 03:11:17 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempLc2108.html
[2011-01-15 11:50:46 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempAO2632.html
[2011-01-14 23:25:13 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempBP2604.html
[2011-01-14 22:02:16 | 000,055,626 | ---- | M] () -- C:\Mass_Effect_N7_Logo_Edition_2_by_lincer556.jpg
[2011-01-14 21:57:53 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemptA3752.html
[2011-01-14 15:40:44 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempsN2728.html
[2011-01-13 23:03:26 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempYo2256.html
[2011-01-12 22:51:05 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempUH3092.html
[2011-01-12 19:05:51 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Templr2400.html
[2011-01-12 17:48:18 | 000,103,345 | ---- | M] () -- C:\Users\User\Desktop\Untitled-2.gif
[2011-01-12 08:25:45 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempwb2572.html
[2011-01-12 08:25:45 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempkZ2572.html
[2011-01-11 22:17:04 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempMH3004.html
[2011-01-11 18:44:14 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempTR3004.html
[2011-01-11 18:06:15 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempKx2340.html
[2011-01-11 16:40:53 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempTk2340.html
[2011-01-11 06:44:30 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempRp2428.html
[2011-01-11 06:44:30 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempGJ2428.html
[2011-01-10 22:18:15 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempto3188.html
[2011-01-09 21:57:16 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempCZ2452.html
[2011-01-09 00:16:21 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempJm2492.html
[2011-01-08 00:28:49 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempbW3240.html
[2011-01-07 21:17:08 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempmR2188.html
[2011-01-07 08:24:21 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempoW2396.html
[2011-01-07 08:24:21 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempCd2396.html
[2011-01-06 17:38:56 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempWST992.html
[2011-01-06 17:38:56 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempYZb992.html
[2011-01-05 22:05:19 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempdU2520.html
[2011-01-05 09:05:48 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempUE2660.html
[2011-01-05 09:05:48 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempaE2660.html
[2011-01-04 22:49:05 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempLx2092.html
[2011-01-04 20:22:14 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempts2884.html
[2011-01-04 17:41:32 | 061,002,212 | ---- | M] () -- C:\Users\User\Documents\0UpAB12_t34.rar
[2011-01-04 17:16:30 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempxB2144.html
[2011-01-04 06:14:48 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempfm2460.html
[2011-01-04 06:14:48 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempnJ2460.html
[2011-01-03 21:52:04 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZp3276.html
[2011-01-03 21:47:33 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempSL2660.html
[2011-01-02 22:55:29 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempUg2104.html
[2011-01-02 13:08:24 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempMh2928.html
[2011-01-02 00:07:14 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempDU3268.html
[2011-01-02 00:07:14 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempsf3268.html
[2011-01-01 00:46:04 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempKE3456.html
[2011-01-01 00:46:04 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempaw3456.html
[2010-12-30 23:40:56 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempYK2168.html
[2010-12-30 08:24:07 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempIO2196.html
[2010-12-30 08:24:07 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempCK2196.html
[2010-12-29 21:38:08 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempcp2444.html
[2010-12-28 23:47:29 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempfr2220.html
[2010-12-28 23:47:29 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempCr2220.html
[2010-12-28 15:34:25 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZs2208.html
[2010-12-28 15:34:25 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempuQ2208.html
[2010-12-28 12:00:16 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempGh2488.html
[2010-12-28 12:00:16 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempmx2488.html
[2010-12-28 08:21:46 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempdG2380.html
[2010-12-28 08:21:46 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempce2380.html
[2010-12-27 23:43:43 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempkq1864.html
[2010-12-27 23:00:34 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temphf1904.html
[2010-12-27 19:21:10 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temppb2760.html
[2010-12-27 17:35:51 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempcH2312.html
[2010-12-27 11:59:39 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempdg2176.html
[2010-12-27 11:59:39 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\Tempql2176.html
[2010-12-27 10:07:18 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempcB2192.html
[2010-12-27 00:02:36 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempDA2268.html
[2010-12-26 22:27:38 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempDg2568.html
[2010-12-26 08:29:28 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempeD2868.html
[2010-12-25 22:59:23 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempvj2020.html
[2010-12-25 17:09:17 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempjn3632.html
[2010-12-25 17:09:17 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempUy3632.html
[2010-12-25 14:26:54 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempIc2512.html
[2010-12-25 12:55:49 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempFi4072.html
[2010-12-25 12:55:49 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempGS4072.html
[2010-12-25 12:16:10 | 000,006,341 | ---- | M] () -- C:\Users\User\Documents\Mój film.wlmp
[2010-12-25 12:15:58 | 036,631,171 | ---- | M] () -- C:\Users\User\Desktop\Mój film.wmv
[2010-12-25 11:36:44 | 000,000,020 | ---- | M] () -- C:\Windows\„ö›
[2010-12-25 11:32:55 | 000,004,309 | -H-- | M] () -- C:\Users\User\Documents\21_Going Wrong (Acoustic Version).mp3.jpg
[2010-12-25 11:32:45 | 000,004,309 | -H-- | M] () -- C:\Users\User\Documents\07_Going Wrong (Original Mix).mp3.jpg
[2010-12-25 11:32:44 | 000,009,554 | -H-- | M] () -- C:\Users\User\Documents\06 gorillaz - feel good inc.[www.mixermusic.net].mp3.jpg
[2010-12-25 11:32:43 | 000,009,554 | -H-- | M] () -- C:\Users\User\Documents\05 gorillaz - dirty harry.[www.mixermusic.net].mp3.jpg
[2010-12-25 11:17:47 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempGp2440.html
[2010-12-25 01:38:42 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempFY3428.html
[2010-12-24 23:12:31 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temprd1456.html
[2010-12-24 22:17:04 | 000,056,655 | ---- | M] () -- C:\Users\User\Documents\090403_105719.jpg
[2010-12-24 22:15:34 | 000,046,014 | ---- | M] () -- C:\Users\User\Documents\090403_105815.jpg
[2010-12-24 22:14:03 | 000,069,861 | ---- | M] () -- C:\Users\User\Documents\090403_105656.jpg
[2010-12-24 12:45:19 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempjJ3728.html
[2010-12-24 08:38:38 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempuO2136.html
[2010-12-24 00:21:29 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempwmt532.html
[2010-12-23 21:44:31 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Templa2508.html
[2010-12-23 19:50:46 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempbO2284.html
[2010-12-23 19:50:46 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempIc2284.html
[2010-12-23 15:05:40 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempUF2256.html
[2010-12-23 15:05:40 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempGD2256.html
[2010-12-23 11:48:11 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempOG1824.html
[2010-12-23 11:48:11 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempoF1824.html
[2010-12-23 10:19:30 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempxM2248.html
[2010-12-22 23:46:01 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempyI2248.html
[2010-12-22 16:04:41 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempLm3300.html
[2010-12-22 08:23:23 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempfZ2124.html
[2010-12-22 08:23:23 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempYJ2124.html
[2010-12-21 22:41:05 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempnu2120.html
[2010-12-21 22:28:32 | 000,000,971 | ---- | M] () -- C:\Users\User\Desktop\SpeedFan.lnk
[2010-12-21 22:28:31 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2010-12-21 22:28:30 | 000,000,000 | ---- | M] () -- C:\Users\User\Desktop\initdebug.nfo
[2010-12-21 22:15:33 | 000,001,078 | ---- | M] () -- C:\Users\User\Desktop\EVEREST Home Edition.lnk
[2010-12-21 21:04:32 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect.lnk
[2010-12-20 22:05:18 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempkn1228.html
[2010-12-20 17:46:47 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempsg1968.html
[2010-12-20 16:55:17 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempXD2288.html
[2010-12-20 15:20:18 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempAx1812.html
[2010-12-20 06:34:19 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempaS3044.html
[2010-12-20 06:08:02 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempHW2296.html
[2010-12-19 22:22:02 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempgr3520.html
[2010-12-19 21:15:36 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TemptD3932.html
[2010-12-19 20:52:05 | 000,001,008 | ---- | M] () -- C:\Users\User\Desktop\Virtual DJ Home.lnk
[2010-12-19 08:22:01 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZy2624.html
[2010-12-18 23:57:11 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempqR2732.html
[2010-12-18 22:25:06 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempmD2868.html
[2010-12-18 17:08:11 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempKR2480.html
[2010-12-18 17:08:11 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempSM2480.html
[2010-12-17 23:48:56 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempky2072.html
[2010-12-17 15:58:16 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Temppu2072.html
[2010-12-16 22:39:07 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempLE3968.html
[2010-12-16 19:14:21 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempsB2552.html
[2010-12-15 22:30:05 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempCl3940.html
[2010-12-15 20:47:11 | 000,000,959 | ---- | M] () -- C:\Users\User\Desktop\Cheat Engine.lnk
[2010-12-15 19:35:24 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZM2112.html
[2010-12-14 22:26:38 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempWL1104.html
[2010-12-14 21:08:50 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempZG2328.html
[2010-12-14 18:53:22 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempSK2132.html
[2010-12-14 18:53:22 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempPu2132.html
[2010-12-14 06:48:22 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempGZ2356.html
[2010-12-14 06:48:22 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempnU2356.html
[2010-12-13 22:10:13 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempkp2340.html
[2010-12-12 22:34:52 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempXf2168.html
[2010-12-12 20:41:32 | 000,001,203 | ---- | M] () -- C:\Users\User\Desktop\DVDVideoSoft Free Studio.lnk
[2010-12-12 20:41:18 | 000,001,362 | ---- | M] () -- C:\Users\User\Desktop\Free YouTube to MP3 Converter.lnk
[2010-12-11 23:39:31 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempYp1888.html
[2010-12-11 21:45:21 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempCB2016.html
[2010-12-11 20:44:43 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempRk3264.html
[2010-12-11 15:15:57 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\Tempxn1616.html
[2010-12-11 09:58:45 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempgC2392.html
[2010-12-11 09:58:45 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempcE2392.html
[2010-12-10 23:32:12 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempqO3492.html
[2010-12-10 20:31:52 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempFns608.html
[2010-12-10 16:04:33 | 000,001,053 | ---- | M] () -- C:\Users\User\Desktop\RapidShare Manager.lnk
[2010-12-10 15:50:16 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempXO2068.html
[2010-12-10 08:17:37 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempJs2412.html
[2010-12-10 08:17:37 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempkA2412.html
[2010-12-09 21:57:18 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempPr2416.html
[2010-12-09 16:39:46 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempIS2072.html
[2010-12-09 16:39:46 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempKn2072.html
[2010-12-09 06:19:15 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempBP2084.html
[2010-12-09 06:19:15 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempRx2084.html
[2010-12-08 22:27:14 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempwV3928.html
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-02-06 21:51:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemplM2056.html
[2011-02-06 21:51:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempie2056.html
[2011-02-06 17:50:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempiL2908.html
[2011-02-06 17:50:25 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempgQ2908.html
[2011-02-06 17:33:12 | 000,648,748 | ---- | C] () -- C:\Users\User\Documents\BioWare.rar
[2011-02-06 17:33:02 | 000,000,020 | ---- | C] () -- C:\Users\User\Documents\Nowy Archiwum WinRARa.rar
[2011-02-06 17:10:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSi3592.html
[2011-02-06 17:10:31 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWf3592.html
[2011-02-06 17:06:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQg3020.html
[2011-02-06 17:06:05 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfj3020.html
[2011-02-06 16:59:54 | 000,171,180 | ---- | C] () -- C:\Users\User\Desktop\OTL.exe
[2011-02-06 16:54:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWm3172.html
[2011-02-06 16:54:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyt3172.html
[2011-02-06 16:34:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvo3152.html
[2011-02-06 16:34:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemptN3152.html
[2011-02-06 16:27:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjx2624.html
[2011-02-06 16:27:32 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempZf2624.html
[2011-02-06 16:24:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprN3092.html
[2011-02-06 16:24:10 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLb3092.html
[2011-02-06 16:16:59 | 004,352,601 | ---- | C] () -- C:\Users\User\Desktop\sieci.rar
[2011-02-06 13:07:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJl4596.html
[2011-02-06 13:07:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLi4596.html
[2011-02-06 11:47:23 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLa4724.html
[2011-02-05 22:57:52 | 000,002,207 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011-02-05 22:52:59 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-02-05 22:52:57 | 000,001,028 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-02-05 20:46:57 | 000,049,233 | ---- | C] () -- C:\Windows\System32\fat32format.exe
[2011-02-05 11:43:57 | 000,247,612 | ---- | C] () -- C:\Users\User\Desktop\Sony-Playstation.ico
[2011-02-05 07:51:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPO2384.html
[2011-02-04 13:49:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPE3028.html
[2011-02-04 10:13:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempeV2064.html
[2011-02-04 09:16:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemptE2204.html
[2011-02-03 21:53:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyb3056.html
[2011-02-03 21:53:33 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempbU3056.html
[2011-02-03 21:01:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnR2680.html
[2011-02-03 21:01:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempNF2680.html
[2011-02-03 16:39:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemplW3312.html
[2011-02-03 16:39:56 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempyR3312.html
[2011-01-31 07:35:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqb2992.html
[2011-01-31 00:22:46 | 000,057,476 | ---- | C] () -- C:\Users\User\Desktop\ddd33.png
[2011-01-30 22:18:16 | 000,085,693 | ---- | C] () -- C:\Users\User\Desktop\pulpfiction.png
[2011-01-30 22:02:31 | 000,000,951 | ---- | C] () -- C:\Users\User\Desktop\NapiProjekt.lnk
[2011-01-30 19:20:27 | 000,416,508 | ---- | C] () -- C:\Users\User\Desktop\friday_gif_collection_10.gif
[2011-01-30 16:12:20 | 023,345,299 | ---- | C] () -- C:\Users\User\Desktop\tapeta.psd
[2011-01-30 15:52:20 | 001,463,320 | ---- | C] () -- C:\Users\User\Desktop\Untitled-3.jpg
[2011-01-30 15:48:14 | 000,000,122 | ---- | C] () -- C:\Users\User\Desktop\3-2-45-1-569179-1-4ACE99-DDEE1E-DDEE1E-DDEE1E-DDEE1E-B3F1D5-78D316-78D316-78D316-78D316-yes-yes-yes-yes-yes-.png
[2011-01-30 15:40:54 | 000,080,744 | ---- | C] () -- C:\Users\User\Desktop\PlayStation_1_Logo.png
[2011-01-30 15:34:42 | 001,347,382 | ---- | C] () -- C:\Users\User\Desktop\Crysis2.png
[2011-01-30 15:33:02 | 001,016,441 | ---- | C] () -- C:\Users\User\Desktop\Crysis render 1 .png
[2011-01-30 15:31:13 | 001,381,719 | ---- | C] () -- C:\Users\User\Desktop\Crysis_Render~0.png
[2011-01-30 12:10:44 | 000,056,680 | ---- | C] () -- C:\Users\User\Desktop\ddd.png
[2011-01-30 12:02:27 | 002,256,246 | ---- | C] () -- C:\Users\User\Desktop\ddd.psd
[2011-01-30 11:14:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUQ2288.html
[2011-01-29 23:23:53 | 000,055,716 | ---- | C] () -- C:\Users\User\Desktop\dddd.png
[2011-01-29 23:14:15 | 000,166,821 | ---- | C] () -- C:\Users\User\Desktop\Assassinscreed1.png
[2011-01-29 23:10:27 | 000,686,644 | ---- | C] () -- C:\Users\User\Desktop\Dead_Space_2_Render.png
[2011-01-29 23:09:05 | 000,085,871 | ---- | C] () -- C:\Users\User\Desktop\normal_Bioshock_2.png
[2011-01-29 23:07:31 | 000,044,328 | ---- | C] () -- C:\Users\User\Desktop\normal_thro_dv_render.png
[2011-01-29 16:29:08 | 000,067,741 | ---- | C] () -- C:\Users\User\Desktop\trondp.jpg
[2011-01-29 15:33:29 | 005,392,880 | ---- | C] () -- C:\Users\User\Desktop\trondp.psd
[2011-01-29 09:19:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphh2692.html
[2011-01-28 22:01:17 | 000,067,100 | ---- | C] () -- C:\Users\User\Desktop\logo.png
[2011-01-28 21:59:51 | 000,230,635 | ---- | C] () -- C:\Users\User\Desktop\20091226100915!Normandy_Render.png
[2011-01-28 13:20:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempef2348.html
[2011-01-27 15:52:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAH4004.html
[2011-01-27 15:50:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqg2640.html
[2011-01-27 15:50:34 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcn2640.html
[2011-01-26 15:51:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzy1656.html
[2011-01-25 15:20:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmGK588.html
[2011-01-25 13:43:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXm2468.html
[2011-01-24 20:46:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemppX2696.html
[2011-01-24 18:05:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRE4060.html
[2011-01-24 14:13:50 | 000,041,916 | ---- | C] () -- C:\Users\User\Desktop\pko_trans_details_110124_141346.pdf
[2011-01-24 09:21:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVK3644.html
[2011-01-23 21:16:20 | 000,001,010 | ---- | C] () -- C:\Users\User\Desktop\DSJ4.lnk
[2011-01-23 17:46:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyp3784.html
[2011-01-23 15:47:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxp1604.html
[2011-01-23 11:04:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZQ2600.html
[2011-01-23 09:26:36 | 178,890,320 | ---- | C] () -- C:\Users\User\Desktop\PS3UPDAT.PUP
[2011-01-23 08:45:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprU2260.html
[2011-01-22 21:35:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOU4048.html
[2011-01-22 19:11:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZd3672.html
[2011-01-22 08:21:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFQa516.html
[2011-01-21 17:38:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWe2200.html
[2011-01-21 11:39:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFd3292.html
[2011-01-21 09:31:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprD2416.html
[2011-01-20 22:34:51 | 000,879,402 | ---- | C] () -- C:\Users\User\Desktop\sieci.zip
[2011-01-20 20:45:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYz2400.html
[2011-01-20 20:45:27 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Temphk2400.html
[2011-01-19 18:58:33 | 009,435,984 | ---- | C] () -- C:\Users\User\Desktop\UP0001-BLES00896_00-0000000000000000.pkg
[2011-01-19 18:01:28 | 007,799,392 | ---- | C] () -- C:\Users\User\Desktop\UP0001-BLES00952_00-0000111122223333.pkg
[2011-01-19 17:57:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWl3960.html
[2011-01-19 15:39:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoF2476.html
[2011-01-18 16:06:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprP3132.html
[2011-01-18 06:06:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAM2512.html
[2011-01-18 06:06:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempEY2512.html
[2011-01-17 19:40:23 | 003,330,304 | ---- | C] () -- C:\Users\User\Desktop\BLUS30566V100.pkg
[2011-01-17 19:31:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYa2168.html
[2011-01-17 12:34:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAg2464.html
[2011-01-17 12:34:24 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempfE2464.html
[2011-01-16 18:52:44 | 013,335,424 | ---- | C] () -- C:\Users\User\Desktop\EBOOT.BIN
[2011-01-16 18:00:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjx2292.html
[2011-01-16 17:52:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPl4164.html
[2011-01-16 17:52:04 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempXg4164.html
[2011-01-16 17:08:55 | 003,120,012 | ---- | C] () -- C:\Users\User\Documents\Nowy folder.rar
[2011-01-16 15:53:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempas2664.html
[2011-01-16 07:52:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphl2204.html
[2011-01-15 22:25:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempgB2108.html
[2011-01-15 22:25:08 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLc2108.html
[2011-01-15 09:36:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAO2632.html
[2011-01-14 22:30:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBP2604.html
[2011-01-14 22:02:28 | 000,055,626 | ---- | C] () -- C:\Mass_Effect_N7_Logo_Edition_2_by_lincer556.jpg
[2011-01-14 16:04:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemptA3752.html
[2011-01-14 15:12:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempsN2728.html
[2011-01-13 19:17:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYo2256.html
[2011-01-12 19:21:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUH3092.html
[2011-01-12 17:48:18 | 000,103,345 | ---- | C] () -- C:\Users\User\Desktop\Untitled-2.gif
[2011-01-12 14:42:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Templr2400.html
[2011-01-12 08:16:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwb2572.html
[2011-01-12 08:16:53 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempkZ2572.html
[2011-01-11 18:43:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTR3004.html
[2011-01-11 18:43:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMH3004.html
[2011-01-11 16:37:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTk2340.html
[2011-01-11 16:07:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKx2340.html
[2011-01-11 06:43:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRp2428.html
[2011-01-11 06:43:35 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGJ2428.html
[2011-01-10 14:49:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempto3188.html
[2011-01-09 12:13:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCZ2452.html
[2011-01-08 13:18:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJm2492.html
[2011-01-07 22:09:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempbW3240.html
[2011-01-07 15:50:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmR2188.html
[2011-01-07 07:58:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoW2396.html
[2011-01-07 07:58:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCd2396.html
[2011-01-06 13:20:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWST992.html
[2011-01-06 13:20:11 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempYZb992.html
[2011-01-05 15:00:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempdU2520.html
[2011-01-05 08:30:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUE2660.html
[2011-01-05 08:30:04 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempaE2660.html
[2011-01-04 20:22:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLx2092.html
[2011-01-04 19:23:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempts2884.html
[2011-01-04 17:30:03 | 061,002,212 | ---- | C] () -- C:\Users\User\Documents\0UpAB12_t34.rar
[2011-01-04 16:12:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxB2144.html
[2011-01-04 06:07:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfm2460.html
[2011-01-04 06:07:00 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempnJ2460.html
[2011-01-03 21:48:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZp3276.html
[2011-01-03 15:20:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSL2660.html
[2011-01-02 16:40:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUg2104.html
[2011-01-02 12:29:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMh2928.html
[2011-01-01 11:21:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDU3268.html
[2011-01-01 11:21:30 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsf3268.html
[2011-01-01 00:37:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKE3456.html
[2011-01-01 00:37:52 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempaw3456.html
[2010-12-30 12:57:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYK2168.html
[2010-12-30 08:10:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIO2196.html
[2010-12-30 08:10:05 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCK2196.html
[2010-12-29 10:37:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcp2444.html
[2010-12-28 15:34:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfr2220.html
[2010-12-28 15:34:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCr2220.html
[2010-12-28 15:33:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZs2208.html
[2010-12-28 15:33:38 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempuQ2208.html
[2010-12-28 11:20:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGh2488.html
[2010-12-28 11:20:50 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempmx2488.html
[2010-12-28 08:02:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempdG2380.html
[2010-12-28 08:02:50 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempce2380.html
[2010-12-27 23:36:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkq1864.html
[2010-12-27 20:33:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphf1904.html
[2010-12-27 17:49:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppb2760.html
[2010-12-27 14:44:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempcH2312.html
[2010-12-27 11:50:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempdg2176.html
[2010-12-27 11:50:04 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempql2176.html
[2010-12-27 08:23:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempcB2192.html
[2010-12-26 23:35:19 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDA2268.html
[2010-12-26 11:31:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDg2568.html
[2010-12-26 08:11:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempeD2868.html
[2010-12-25 18:02:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvj2020.html
[2010-12-25 14:55:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjn3632.html
[2010-12-25 14:55:09 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempUy3632.html
[2010-12-25 14:11:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIc2512.html
[2010-12-25 12:46:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFi4072.html
[2010-12-25 12:46:48 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGS4072.html
[2010-12-25 12:16:10 | 000,006,341 | ---- | C] () -- C:\Users\User\Documents\Mój film.wlmp
[2010-12-25 12:13:08 | 036,631,171 | ---- | C] () -- C:\Users\User\Desktop\Mój film.wmv
[2010-12-25 11:41:16 | 000,001,261 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2010-12-25 11:38:25 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2010-12-25 11:36:44 | 000,000,020 | ---- | C] () -- C:\Windows\„ö›
[2010-12-25 11:32:55 | 000,004,309 | -H-- | C] () -- C:\Users\User\Documents\21_Going Wrong (Acoustic Version).mp3.jpg
[2010-12-25 11:32:45 | 000,004,309 | -H-- | C] () -- C:\Users\User\Documents\07_Going Wrong (Original Mix).mp3.jpg
[2010-12-25 11:32:44 | 000,009,554 | -H-- | C] () -- C:\Users\User\Documents\06 gorillaz - feel good inc.[www.mixermusic.net].mp3.jpg
[2010-12-25 11:32:43 | 000,009,554 | -H-- | C] () -- C:\Users\User\Documents\05 gorillaz - dirty harry.[www.mixermusic.net].mp3.jpg
[2010-12-25 11:05:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGp2440.html
[2010-12-25 01:27:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFY3428.html
[2010-12-24 22:16:49 | 000,056,655 | ---- | C] () -- C:\Users\User\Documents\090403_105719.jpg
[2010-12-24 22:15:20 | 000,046,014 | ---- | C] () -- C:\Users\User\Documents\090403_105815.jpg
[2010-12-24 22:13:49 | 000,069,861 | ---- | C] () -- C:\Users\User\Documents\090403_105656.jpg
[2010-12-24 14:41:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temprd1456.html
[2010-12-24 11:54:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjJ3728.html
[2010-12-24 08:29:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuO2136.html
[2010-12-23 21:49:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwmt532.html
[2010-12-23 20:29:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Templa2508.html
[2010-12-23 19:03:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempbO2284.html
[2010-12-23 19:03:40 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempIc2284.html
[2010-12-23 15:05:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUF2256.html
[2010-12-23 15:05:40 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGD2256.html
[2010-12-23 11:17:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOG1824.html
[2010-12-23 11:17:54 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempoF1824.html
[2010-12-23 10:00:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxM2248.html
[2010-12-22 19:10:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempyI2248.html
[2010-12-22 14:54:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLm3300.html
[2010-12-22 07:57:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempfZ2124.html
[2010-12-22 07:57:07 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempYJ2124.html
[2010-12-21 22:28:32 | 000,000,971 | ---- | C] () -- C:\Users\User\Desktop\SpeedFan.lnk
[2010-12-21 22:28:30 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2010-12-21 22:28:30 | 000,000,000 | ---- | C] () -- C:\Users\User\Desktop\initdebug.nfo
[2010-12-21 22:15:33 | 000,001,078 | ---- | C] () -- C:\Users\User\Desktop\EVEREST Home Edition.lnk
[2010-12-21 21:04:32 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect.lnk
[2010-12-21 15:58:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempnu2120.html
[2010-12-20 18:16:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkn1228.html
[2010-12-20 17:09:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsg1968.html
[2010-12-20 15:37:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXD2288.html
[2010-12-20 15:01:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAx1812.html
[2010-12-20 06:33:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempaS3044.html
[2010-12-20 06:06:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHW2296.html
[2010-12-19 21:28:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgr3520.html
[2010-12-19 20:52:05 | 000,001,008 | ---- | C] () -- C:\Users\User\Desktop\Virtual DJ Home.lnk
[2010-12-19 08:51:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemptD3932.html
[2010-12-19 07:55:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZy2624.html
[2010-12-18 23:54:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqR2732.html
[2010-12-18 17:15:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmD2868.html
[2010-12-18 08:24:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKR2480.html
[2010-12-18 08:24:12 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempSM2480.html
[2010-12-17 15:58:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempky2072.html
[2010-12-17 15:53:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppu2072.html
[2010-12-16 20:27:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLE3968.html
[2010-12-16 15:54:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempsB2552.html
[2010-12-15 20:47:11 | 000,000,959 | ---- | C] () -- C:\Users\User\Desktop\Cheat Engine.lnk
[2010-12-15 20:47:10 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010-12-15 20:26:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCl3940.html
[2010-12-15 14:50:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZM2112.html
[2010-12-14 21:31:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWL1104.html
[2010-12-14 20:44:57 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZG2328.html
[2010-12-14 15:57:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSK2132.html
[2010-12-14 15:57:42 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempPu2132.html
[2010-12-14 06:12:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGZ2356.html
[2010-12-14 06:12:16 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempnU2356.html
[2010-12-13 16:34:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkp2340.html
[2010-12-12 20:41:26 | 000,001,203 | ---- | C] () -- C:\Users\User\Desktop\DVDVideoSoft Free Studio.lnk
[2010-12-12 20:41:18 | 000,001,362 | ---- | C] () -- C:\Users\User\Desktop\Free YouTube to MP3 Converter.lnk
[2010-12-12 09:13:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXf2168.html
[2010-12-11 22:21:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYp1888.html
[2010-12-11 21:44:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCB2016.html
[2010-12-11 15:29:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRk3264.html
[2010-12-11 14:48:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxn1616.html
[2010-12-11 09:16:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempgC2392.html
[2010-12-11 09:16:41 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempcE2392.html
[2010-12-10 22:21:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqO3492.html
[2010-12-10 15:56:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFns608.html
[2010-12-10 13:45:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXO2068.html
[2010-12-10 08:09:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJs2412.html
[2010-12-10 08:09:39 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempkA2412.html
[2010-12-09 18:31:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPr2416.html
[2010-12-09 15:55:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIS2072.html
[2010-12-09 15:55:53 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempKn2072.html
[2010-12-09 06:11:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBP2084.html
[2010-12-09 06:11:59 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempRx2084.html
[2010-12-08 20:17:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempwV3928.html
[2010-12-08 19:09:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempdg2320.html
[2010-12-08 14:59:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempeg2364.html
[2010-12-08 14:59:26 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAN2364.html
[2010-12-08 07:43:19 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAp2368.html
[2010-12-08 07:43:19 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempMJ2368.html
[2010-12-07 19:55:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLf2984.html
[2010-12-07 19:11:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvl2228.html
[2010-12-06 21:42:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQh2304.html
[2010-12-06 21:08:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempeP2960.html
[2010-12-06 21:08:08 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempur2960.html
[2010-12-06 16:26:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempbs2500.html
[2010-12-06 06:06:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempcF2408.html
[2010-12-05 19:24:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMS1804.html
[2010-12-05 16:36:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMG4028.html
[2010-12-05 14:33:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOr2136.html
[2010-12-05 11:20:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJd2872.html
[2010-12-05 09:33:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprX3016.html
[2010-12-05 08:18:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvg2280.html
[2010-12-04 22:08:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTH2364.html
[2010-12-04 21:09:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempnx2092.html
[2010-12-04 11:30:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEZ2320.html
[2010-12-04 09:25:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUQ3356.html
[2010-12-04 09:25:38 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemphK3356.html
[2010-12-04 07:37:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTj2328.html
[2010-12-03 16:21:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKX2132.html
[2010-12-02 20:13:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWS3356.html
[2010-12-02 17:37:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPPH996.html
[2010-12-02 16:24:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDR2296.html
[2010-12-01 22:56:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqO2140.html
[2010-12-01 19:48:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temprj1088.html
[2010-12-01 17:24:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempsL3868.html
[2010-12-01 16:06:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcf1616.html
[2010-12-01 13:55:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempce2228.html
[2010-11-30 20:43:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXT3376.html
[2010-11-30 19:03:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGi2284.html
[2010-11-30 15:52:57 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSF2212.html
[2010-11-30 15:52:57 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempfF2212.html
[2010-11-30 06:04:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwv2268.html
[2010-11-30 06:04:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwl2268.html
[2010-11-29 21:54:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVm2080.html
[2010-11-29 21:18:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKH3420.html
[2010-11-29 19:18:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxz1880.html
[2010-11-29 17:46:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLm1208.html
[2010-11-29 16:51:57 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLq2300.html
[2010-11-29 06:06:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCo2968.html
[2010-11-29 06:06:40 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWc2968.html
[2010-11-28 21:22:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempiD2736.html
[2010-11-28 19:42:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCC3008.html
[2010-11-28 19:03:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDp3528.html
[2010-11-28 15:20:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkx2092.html
[2010-11-28 13:49:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJp2064.html
[2010-11-28 10:06:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEr1592.html
[2010-11-28 08:52:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAw2076.html
[2010-11-27 20:44:23 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuD2408.html
[2010-11-27 16:39:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPU2060.html
[2010-11-27 10:36:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHM3840.html
[2010-11-27 10:36:38 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempmL3840.html
[2010-11-27 09:23:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzz2596.html
[2010-11-27 08:26:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPt2812.html
[2010-11-26 21:08:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSN1560.html
[2010-11-26 18:50:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempvB3064.html
[2010-11-26 16:18:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGr2548.html
[2010-11-26 08:36:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempie2268.html
[2010-11-26 08:36:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempab2268.html
[2010-11-25 22:35:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempes2632.html
[2010-11-25 20:17:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEk3428.html
[2010-11-25 18:27:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemppA2972.html
[2010-11-25 17:33:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTF2972.html
[2010-11-25 15:40:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temprs1464.html
[2010-11-25 15:04:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcz3872.html
[2010-11-25 14:46:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTh2392.html
[2010-11-24 19:21:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYN3964.html
[2010-11-24 14:50:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXj2816.html
[2010-11-24 07:50:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWa3084.html
[2010-11-24 07:50:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBF3084.html
[2010-11-23 19:28:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXH1264.html
[2010-11-23 16:08:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnJ1104.html
[2010-11-23 15:52:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIS2292.html
[2010-11-23 15:52:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempdH2292.html
[2010-11-23 08:18:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppkz352.html
[2010-11-23 08:18:28 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAXP352.html
[2010-11-22 21:13:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGT1980.html
[2010-11-22 16:46:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoY2412.html
[2010-11-22 06:13:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDJ2324.html
[2010-11-21 20:58:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGJ2172.html
[2010-11-21 20:58:48 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempKf2172.html
[2010-11-21 19:54:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUk2956.html
[2010-11-21 19:21:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvt2604.html
[2010-11-21 17:16:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCH3136.html
[2010-11-21 16:21:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWPC608.html
[2010-11-21 10:04:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempge3468.html
[2010-11-21 10:04:50 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJM3468.html
[2010-11-21 09:10:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBp3132.html
[2010-11-20 22:28:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempaN2124.html
[2010-11-20 22:28:18 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDk2124.html
[2010-11-20 21:49:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAQ2696.html
[2010-11-20 20:39:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempeb3144.html
[2010-11-20 19:54:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPo2732.html
[2010-11-20 19:54:11 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempoM2732.html
[2010-11-20 09:27:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemplT3048.html
[2010-11-20 09:27:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempNC3048.html
[2010-11-19 18:33:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgp3680.html
[2010-11-18 23:01:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemplP3012.html
[2010-11-18 19:34:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvm3924.html
[2010-11-18 07:22:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLx2620.html
[2010-11-18 07:22:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGA2620.html
[2010-11-17 18:54:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJM1888.html
[2010-11-17 17:55:57 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQr2004.html
[2010-11-17 16:02:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempNG1896.html
[2010-11-16 16:13:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempuq2692.html
[2010-11-16 06:12:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemplU3852.html
[2010-11-15 21:53:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemphS1176.html
[2010-11-15 19:23:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIV2920.html
[2010-11-15 19:22:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXq3632.html
[2010-11-15 19:22:30 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCn3632.html
[2010-11-15 15:22:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphl2644.html
[2010-11-15 06:11:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKv3456.html
[2010-11-15 06:11:22 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAs3456.html
[2010-11-14 21:20:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTS2724.html
[2010-11-14 20:33:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwt3184.html
[2010-11-14 18:10:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjN2948.html
[2010-11-14 16:56:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYb2760.html
[2010-11-14 14:05:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRz3908.html
[2010-11-14 11:26:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempaH3768.html
[2010-11-14 11:26:46 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJL3768.html
[2010-11-14 11:24:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBl1172.html
[2010-11-14 11:24:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempMy1172.html
[2010-11-14 09:26:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfn3740.html
[2010-11-13 21:17:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqu1492.html
[2010-11-13 17:55:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRw2984.html
[2010-11-13 17:51:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuJ3072.html
[2010-11-13 10:23:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfy2660.html
[2010-11-12 16:06:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzr2984.html
[2010-11-12 16:06:35 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemphU2984.html
[2010-11-12 07:37:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHr2084.html
[2010-11-12 07:37:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemppS2084.html
[2010-11-11 22:22:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Templv2040.html
[2010-11-11 18:58:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMoN968.html
[2010-11-11 18:16:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDl2032.html
[2010-11-11 08:58:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvd2704.html
[2010-11-10 22:02:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTw3392.html
[2010-11-10 14:48:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempzR2676.html
[2010-11-10 07:38:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBs2592.html
[2010-11-10 07:38:24 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJR2592.html
[2010-11-09 21:07:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjfp584.html
[2010-11-09 15:53:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyv2744.html
[2010-11-09 06:07:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTg2624.html
[2010-11-09 06:07:40 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAo2624.html
[2010-11-08 15:33:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTG2024.html
[2010-11-08 15:33:07 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBn2024.html
[2010-11-08 12:38:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoA3272.html
[2010-11-08 06:08:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKP3228.html
[2010-11-08 06:08:22 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDX3228.html
[2010-11-07 20:31:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPG2960.html
[2010-11-07 11:18:23 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temprt1132.html
[2010-11-07 08:49:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKah700.html
[2010-11-06 13:23:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWh2664.html
[2010-11-06 09:48:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempNMS792.html
[2010-11-05 22:03:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempgE3252.html
[2010-11-05 17:22:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRQ2716.html
[2010-11-05 16:27:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCF2616.html
[2010-11-05 08:05:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKt3268.html
[2010-11-05 08:05:31 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempTz3268.html
[2010-11-04 16:06:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqM2908.html
[2010-11-04 06:08:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAY3212.html
[2010-11-04 06:08:46 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempuu3212.html
[2010-11-03 15:07:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFx2644.html
[2010-11-03 07:23:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppw2028.html
[2010-11-02 14:55:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempsR2456.html
[2010-11-02 08:27:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwn3124.html
[2010-11-02 08:27:51 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcj3124.html
[2010-11-01 22:31:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempno3028.html
[2010-11-01 13:26:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEg2248.html
[2010-11-01 08:59:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempoi3104.html
[2010-10-31 08:35:19 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkk2432.html
[2010-10-30 09:03:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDq2432.html
[2010-10-30 09:03:46 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempeq2432.html
[2010-10-30 07:54:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFD3268.html
[2010-10-30 07:54:05 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempos3268.html
[2010-10-29 23:04:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoW3592.html
[2010-10-29 23:04:03 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDd3592.html
[2010-10-29 14:55:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOY1924.html
[2010-10-29 06:38:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppk3096.html
[2010-10-29 06:38:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQt3096.html
[2010-10-28 15:07:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDS2972.html
[2010-10-28 05:04:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsr2884.html
[2010-10-28 05:04:59 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempul2884.html
[2010-10-27 19:14:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQr1736.html
[2010-10-27 14:24:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxU2744.html
[2010-10-27 06:30:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempID1588.html
[2010-10-27 06:30:17 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempym1588.html
[2010-10-26 14:15:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTt2624.html
[2010-10-26 14:15:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJS2624.html
[2010-10-26 05:05:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempoc2808.html
[2010-10-25 05:58:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXH2512.html
[2010-10-25 05:58:45 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzc2512.html
[2010-10-24 07:38:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGl2372.html
[2010-10-23 20:42:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTV2408.html
[2010-10-23 08:44:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEy2268.html
[2010-10-23 08:44:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDI2268.html
[2010-10-22 18:15:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDu2312.html
[2010-10-22 18:15:10 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVv2312.html
[2010-10-22 06:29:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempil2280.html
[2010-10-22 06:29:39 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempwU2280.html
[2010-10-21 19:41:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQu2368.html
[2010-10-21 19:41:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemprQ2368.html
[2010-10-21 05:04:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjt2692.html
[2010-10-21 05:04:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempno2692.html
[2010-10-20 12:57:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYB2240.html
[2010-10-20 06:36:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempyD2424.html
[2010-10-20 06:36:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQz2424.html
[2010-10-19 17:37:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmZ2516.html
[2010-10-19 15:15:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyc1176.html
[2010-10-19 15:15:47 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBf1176.html
[2010-10-19 05:06:19 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkj1188.html
[2010-10-19 05:06:19 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempSF1188.html
[2010-10-18 19:43:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAX2556.html
[2010-10-18 17:05:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDrW628.html
[2010-10-18 05:06:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIB2340.html
[2010-10-17 17:36:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempiM2260.html
[2010-10-17 17:36:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempPY2260.html
[2010-10-17 10:11:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHN2796.html
[2010-10-17 10:11:51 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempkD2796.html
[2010-10-16 16:12:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJI2032.html
[2010-10-16 12:37:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvu3112.html
[2010-10-16 12:37:00 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWZ3112.html
[2010-10-16 08:31:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXh2480.html
[2010-10-16 08:31:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemphM2480.html
[2010-10-15 14:55:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTs2532.html
[2010-10-15 06:32:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemppK2660.html
[2010-10-15 06:32:18 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemphD2660.html
[2010-10-14 17:10:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuRz648.html
[2010-10-14 17:10:33 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBqG648.html
[2010-10-14 13:51:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprE2180.html
[2010-10-14 07:41:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzh2208.html
[2010-10-14 07:41:38 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Templw2208.html
[2010-10-13 22:27:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxP2440.html
[2010-10-13 06:28:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGN2256.html
[2010-10-13 06:28:02 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempKj2256.html
[2010-10-12 20:05:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgc2512.html
[2010-10-12 20:05:42 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempik2512.html
[2010-10-12 17:31:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempovi540.html
[2010-10-12 17:31:30 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempabs540.html
[2010-10-12 14:59:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsk2612.html
[2010-10-12 14:59:22 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDS2612.html
[2010-10-11 18:58:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempzK2232.html
[2010-10-11 18:58:05 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempnM2232.html
[2010-10-11 13:41:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempNN2328.html
[2010-10-11 13:41:31 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfy2328.html
[2010-10-10 07:24:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAs2536.html
[2010-10-09 07:31:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempam2332.html
[2010-10-08 14:38:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemphX4076.html
[2010-10-08 06:59:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempcV2200.html
[2010-10-08 06:59:34 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJG2200.html
[2010-10-07 05:04:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCQ2684.html
[2010-10-07 05:04:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempiX2684.html
[2010-10-05 17:56:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprH1196.html
[2010-10-04 13:56:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHz2212.html
[2010-10-03 17:53:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempNA3552.html
[2010-10-03 07:54:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temptk2324.html
[2010-10-02 22:29:19 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAJ3384.html
[2010-10-02 08:34:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempbF2448.html
[2010-10-01 15:13:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqs2280.html
[2010-09-30 17:37:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUV3348.html
[2010-09-30 17:37:31 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemphP3348.html
[2010-09-29 16:04:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgd3092.html
[2010-09-29 06:49:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempkL3536.html
[2010-09-28 17:31:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQP2264.html
[2010-09-28 05:05:56 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzb2772.html
[2010-09-28 05:05:56 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVb2772.html
[2010-09-27 13:50:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJl2644.html
[2010-09-27 13:50:49 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempOd2644.html
[2010-09-27 05:04:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempra2492.html
[2010-09-27 05:04:00 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLg2492.html
[2010-09-26 17:27:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWq3836.html
[2010-09-26 06:54:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHA2212.html
[2010-09-25 20:00:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqPN888.html
[2010-09-25 17:22:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxg2692.html
[2010-09-25 11:02:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnH3640.html
[2010-09-25 07:45:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempbf3404.html
[2010-09-24 21:58:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempca2212.html
[2010-09-24 15:09:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempaJ2492.html
[2010-09-24 06:29:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLg2700.html
[2010-09-23 15:12:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjv2276.html
[2010-09-22 06:34:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempfO3324.html
[2010-09-21 14:50:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEp2000.html
[2010-09-21 05:06:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTd2832.html
[2010-09-21 05:06:11 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempMQ2832.html
[2010-09-20 05:06:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvs3128.html
[2010-09-20 05:06:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempHV3128.html
[2010-09-19 09:44:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzv2548.html
[2010-09-19 09:44:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempdN2548.html
[2010-09-19 05:33:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempNS2296.html
[2010-09-19 05:33:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempUO2296.html
[2010-09-18 22:01:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZu2248.html
[2010-09-18 11:37:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDs3804.html
[2010-09-18 08:15:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDt2732.html
[2010-09-17 14:54:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmT2248.html
[2010-09-17 14:54:20 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempKp2248.html
[2010-09-17 06:30:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKK2552.html
[2010-09-17 06:30:27 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempHT2552.html
[2010-09-16 14:57:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temprh2592.html
[2010-09-16 14:57:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgz2592.html
[2010-09-16 05:07:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUh3128.html
[2010-09-16 05:07:41 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempnI3128.html
[2010-09-15 19:34:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwc2780.html
[2010-09-15 19:34:25 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGB2780.html
[2010-09-15 13:11:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXd2376.html
[2010-09-15 06:56:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEG3448.html
[2010-09-15 06:56:15 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCe3448.html
[2010-09-14 19:27:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfl3536.html
[2010-09-14 19:27:39 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDG3536.html
[2010-09-14 18:00:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempiO2088.html
[2010-09-14 15:24:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMG2248.html
[2010-09-14 05:08:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVi2824.html
[2010-09-14 05:08:51 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQO2824.html
[2010-09-13 19:15:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPE3312.html
[2010-09-13 19:15:13 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgj3312.html
[2010-09-13 14:31:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnH2052.html
[2010-09-13 05:45:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempvY2752.html
[2010-09-13 05:45:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempKQ2752.html
[2010-09-12 07:49:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKc2540.html
[2010-09-11 21:56:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempve1356.html
[2010-09-11 21:56:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxx1356.html
[2010-09-11 07:36:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempzC2156.html
[2010-09-10 13:07:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempkK2216.html
[2010-09-10 06:37:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGA2688.html
[2010-09-10 06:37:21 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempPd2688.html
[2010-09-09 05:13:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnU2648.html
[2010-09-09 05:13:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqb2648.html
[2010-09-08 15:47:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxm2768.html
[2010-09-08 15:47:02 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempXB2768.html
[2010-09-07 15:11:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempow2208.html
[2010-09-07 15:11:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCG2208.html
[2010-09-06 14:08:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHF2176.html
[2010-09-06 14:08:13 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempSq2176.html
[2010-09-05 14:11:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphe1328.html
[2010-09-05 08:35:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWJ2136.html
[2010-09-05 08:35:39 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempbS2136.html
[2010-09-04 14:48:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempih1228.html
[2010-09-04 14:48:32 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Temprg1228.html
[2010-09-04 13:32:33 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2010-09-04 12:56:57 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempor2348.html
[2010-09-04 10:04:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Templb2332.html
[2010-09-04 10:04:33 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempIj2332.html
[2010-09-01 07:49:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjL2228.html
[2010-09-01 07:49:21 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempIG2228.html
[2010-08-31 17:25:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempiu2148.html
[2010-08-31 17:25:59 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempXp2148.html
[2010-08-30 20:24:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRO2860.html
[2010-08-30 20:24:52 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempeL2860.html
[2010-08-30 08:22:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVD2168.html
[2010-08-29 22:58:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEFw312.html
[2010-08-29 22:58:05 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQOA312.html
[2010-08-29 15:06:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempmz3036.html
[2010-08-29 10:18:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKQ2272.html
[2010-08-29 10:18:05 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempMf2272.html
[2010-08-28 17:35:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSq2804.html
[2010-08-28 14:39:09 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBl2172.html
[2010-08-27 12:20:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempft3988.html
[2010-08-27 07:44:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempdr2192.html
[2010-08-26 19:25:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuU3632.html
[2010-08-24 07:05:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempnx2204.html
[2010-08-20 21:31:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempzZ2624.html
[2010-08-20 14:16:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprZ2408.html
[2010-08-20 14:16:20 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempEH2408.html
[2010-08-20 07:32:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnI2544.html
[2010-08-20 07:32:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempmq2544.html
[2010-08-19 20:33:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuW3492.html
[2010-08-19 20:33:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempSJ3492.html
[2010-08-19 15:26:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempML2388.html
[2010-08-19 14:44:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGW1496.html
[2010-08-19 14:44:54 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempRi1496.html
[2010-08-19 10:05:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBC3908.html
[2010-08-19 10:05:48 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGq3908.html
[2010-08-19 07:41:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempdkR572.html
[2010-08-18 16:23:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXEa912.html
[2010-08-18 16:22:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZb2920.html
[2010-08-18 16:22:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempkA2920.html
[2010-08-18 10:37:15 | 000,027,958 | ---- | C] () -- C:\Program Files\Common Files\logonInit.dll
[2010-08-17 20:05:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXYN948.html
[2010-08-17 20:05:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVqk948.html
[2010-08-17 07:37:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempss1040.html
[2010-08-16 16:26:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempft2516.html
[2010-08-16 16:26:52 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempIJ2516.html
[2010-08-16 15:31:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempbP2104.html
[2010-08-16 15:31:45 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempIL2104.html
[2010-08-16 14:32:23 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprR2664.html
[2010-08-16 14:32:23 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempiU2664.html
[2010-08-16 08:10:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjL2956.html
[2010-08-16 08:10:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempnB2956.html
[2010-08-15 14:30:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGq1384.html
[2010-08-15 14:30:12 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWe1384.html
[2010-08-15 13:37:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRU2844.html
[2010-08-15 13:37:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempxN2844.html
[2010-08-15 13:21:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempiiW328.html
[2010-08-14 22:28:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphk3764.html
[2010-08-14 22:28:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempGR3764.html
[2010-08-14 08:20:50 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZz1632.html
[2010-08-14 07:20:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPRH460.html
[2010-08-14 07:20:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzzd460.html
[2010-08-13 17:20:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAV2192.html
[2010-08-13 17:20:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcg2192.html
[2010-08-13 17:17:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempnj1912.html
[2010-08-13 17:17:04 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempkI1912.html
[2010-08-13 13:10:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxF2140.html
[2010-08-13 13:10:53 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempqV2140.html
[2010-08-13 09:39:23 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempMF2124.html
[2010-08-13 09:39:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVn2124.html
[2010-08-13 07:38:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVy2196.html
[2010-08-13 07:38:55 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Temppw2196.html
[2010-08-12 20:23:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRg2164.html
[2010-08-12 20:23:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDt2164.html
[2010-08-12 07:40:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUX2164.html
[2010-08-12 07:40:31 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsv2164.html
[2010-08-11 07:06:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBf2176.html
[2010-08-11 07:06:06 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempFQ2176.html
[2010-08-10 07:59:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYm2116.html
[2010-08-09 17:02:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempir2164.html
[2010-08-09 14:45:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqh1776.html
[2010-08-09 14:45:47 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemptG1776.html
[2010-08-09 07:39:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempto1828.html
[2010-08-09 07:39:32 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfx1828.html
[2010-08-08 19:25:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqC2120.html
[2010-08-08 19:25:27 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempUC2120.html
[2010-08-08 17:24:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsx2116.html
[2010-08-08 17:24:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempHd2116.html
[2010-08-08 15:13:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPl2228.html
[2010-08-08 15:13:20 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLM2228.html
[2010-08-08 11:17:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkh2124.html
[2010-08-08 11:17:40 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempEm2124.html
[2010-08-08 10:13:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempgS2088.html
[2010-08-08 10:13:25 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzc2088.html
[2010-08-07 19:06:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYe2112.html
[2010-08-07 11:16:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppt2120.html
[2010-08-07 11:16:21 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempuQ2120.html
[2010-08-07 07:13:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHU2116.html
[2010-08-07 07:13:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempCT2116.html
[2010-08-06 21:56:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempul3348.html
[2010-08-06 21:38:42 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLO2076.html
[2010-08-06 13:45:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempft2104.html
[2010-08-06 13:45:18 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempUp2104.html
[2010-08-06 12:49:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempap2092.html
[2010-08-06 12:49:08 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVw2092.html
[2010-08-06 12:24:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSTW672.html
[2010-08-06 12:24:24 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDGF672.html
[2010-08-06 10:51:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Templa2072.html
[2010-08-06 08:32:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuW2092.html
[2010-08-06 08:32:21 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDa2092.html
[2010-08-05 15:24:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCs2180.html
[2010-08-05 08:49:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyw2140.html
[2010-08-05 08:49:12 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyl2140.html
[2010-08-04 13:19:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfv3540.html
[2010-08-04 13:19:24 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempEI3540.html
[2010-08-04 07:28:19 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDH2132.html
[2010-08-03 20:08:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempgK2200.html
[2010-08-03 20:08:03 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempOB2200.html
[2010-08-03 16:30:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVL2112.html
[2010-08-03 14:42:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfk1228.html
[2010-08-03 14:42:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempqE1228.html
[2010-08-03 13:44:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGVE808.html
[2010-08-03 13:44:21 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLrs808.html
[2010-08-03 09:03:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempvL2096.html
[2010-08-03 09:03:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVB2096.html
[2010-08-02 16:13:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempou3352.html
[2010-08-02 11:41:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDN2104.html
[2010-08-02 09:49:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemplX2192.html
[2010-08-02 09:49:35 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemplF2192.html
[2010-08-02 07:09:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempaT2200.html
[2010-08-02 07:09:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempZG2200.html
[2010-08-01 07:50:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXu2084.html
[2010-08-01 07:50:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempbT2084.html
[2010-08-01 07:50:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemppW2084.html
[2010-07-31 17:52:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuB2632.html
[2010-07-31 17:52:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempDy2632.html
[2010-07-31 17:52:46 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemppR2632.html
[2010-07-31 14:24:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempcJ2188.html
[2010-07-31 12:58:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempzF3836.html
[2010-07-31 12:58:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temphh3836.html
[2010-07-31 12:58:10 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempuz3836.html
[2010-07-31 12:58:10 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempSw3836.html
[2010-07-31 10:31:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKS3816.html
[2010-07-31 10:31:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcp3816.html
[2010-07-31 07:19:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsz2120.html
[2010-07-31 07:19:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIj2120.html
[2010-07-30 20:04:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempsMh420.html
[2010-07-30 10:33:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgi2064.html
[2010-07-30 10:33:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempqP2064.html
[2010-07-30 10:33:40 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXw2064.html
[2010-07-30 06:41:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQM2156.html
[2010-07-30 06:41:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHq2156.html
[2010-07-30 06:41:38 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempcS2156.html
[2010-07-29 21:45:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXb2676.html
[2010-07-29 21:45:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRO2676.html
[2010-07-29 21:45:26 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAl2676.html
[2010-07-29 20:16:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAT2156.html
[2010-07-29 20:16:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLR2156.html
[2010-07-29 16:38:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVJ2956.html
[2010-07-29 16:38:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTU2956.html
[2010-07-29 16:38:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemppE2956.html
[2010-07-29 07:22:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempak1956.html
[2010-07-28 15:15:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprO1780.html
[2010-07-28 15:15:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOZ1780.html
[2010-07-28 10:45:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUr1744.html
[2010-07-28 08:08:17 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJqG920.html
[2010-07-28 08:08:17 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempfUt920.html
[2010-07-28 08:08:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYNu920.html
[2010-07-27 13:38:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyj3676.html
[2010-07-27 13:38:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnL3676.html
[2010-07-27 13:37:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqEf660.html
[2010-07-27 07:15:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempvh2184.html
[2010-07-27 07:15:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temppv2184.html
[2010-07-27 07:15:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Temptj2184.html
[2010-07-27 07:15:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJx2184.html
[2010-07-26 12:29:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCf2120.html
[2010-07-26 12:29:26 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempXu2120.html
[2010-07-26 12:29:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYz2120.html
[2010-07-26 07:29:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqk2120.html
[2010-07-26 07:29:26 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempXw2120.html
[2010-07-26 07:29:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKs2120.html
[2010-07-26 07:29:24 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempgr2120.html
[2010-07-25 17:51:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLm2096.html
[2010-07-25 17:51:04 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJE2096.html
[2010-07-25 17:25:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOu2320.html
[2010-07-25 17:25:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempfb2320.html
[2010-07-25 17:25:00 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWN2320.html
[2010-07-25 17:25:00 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempge2320.html
[2010-07-25 11:22:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqo2176.html
[2010-07-25 11:22:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCl2176.html
[2010-07-25 10:27:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempbV2128.html
[2010-07-25 10:27:33 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempYn2128.html
[2010-07-25 10:27:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempiy2128.html
[2010-07-25 07:39:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxZ2136.html
[2010-07-25 07:39:53 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAg2136.html
[2010-07-25 07:39:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCT2136.html
[2010-07-24 16:46:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempvO2136.html
[2010-07-24 16:46:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempaZ2136.html
[2010-07-24 16:46:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempNQ2136.html
[2010-07-24 07:08:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWe2124.html
[2010-07-24 07:08:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMj2124.html
[2010-07-23 20:14:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVQ2660.html
[2010-07-23 20:14:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempnd2660.html
[2010-07-23 17:35:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsu2112.html
[2010-07-23 17:35:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBw2112.html
[2010-07-23 14:10:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLA2104.html
[2010-07-23 14:10:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyd2104.html
[2010-07-23 06:58:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAfP428.html
[2010-07-23 06:58:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempayH428.html
[2010-07-23 06:58:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcle428.html
[2010-07-23 06:58:55 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemppOC428.html
[2010-07-22 18:51:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqH2220.html
[2010-07-22 18:51:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAH2220.html
[2010-07-22 12:51:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKR2168.html
[2010-07-22 12:51:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempdw2168.html
[2010-07-22 12:51:11 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxa2168.html
[2010-07-22 11:15:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempcR1776.html
[2010-07-22 11:15:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVX1776.html
[2010-07-22 11:15:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjE1776.html
[2010-07-22 11:15:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemptP1776.html
[2010-07-22 08:11:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempId2092.html
[2010-07-22 08:11:59 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJH2092.html
[2010-07-22 08:11:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFI2092.html
[2010-07-22 08:11:58 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempTS2092.html
[2010-07-21 18:34:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHv2092.html
[2010-07-21 18:34:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQs2092.html
[2010-07-21 13:00:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHt1212.html
[2010-07-21 13:00:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBs1212.html
[2010-07-21 08:05:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempqz1212.html
[2010-07-21 08:05:07 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempwL1212.html
[2010-07-21 08:05:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIS1212.html
[2010-07-20 20:18:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempuX2136.html
[2010-07-20 20:18:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxp2136.html
[2010-07-20 14:19:36 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemppB1764.html
[2010-07-20 14:19:36 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQA1764.html
[2010-07-20 14:19:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempkj1764.html
[2010-07-20 08:21:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemprX2072.html
[2010-07-20 08:21:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQo2072.html
[2010-07-19 10:24:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUw2200.html
[2010-07-19 10:24:24 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempTO2200.html
[2010-07-19 10:24:23 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempUS2200.html
[2010-07-19 07:26:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZO2068.html
[2010-07-19 07:26:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIw2068.html
[2010-07-19 07:26:33 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Temptq2068.html
[2010-07-19 07:26:33 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempdI2068.html
[2010-07-18 22:12:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempfZ2084.html
[2010-07-18 22:12:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempdM2084.html
[2010-07-18 21:35:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsl2252.html
[2010-07-18 21:35:34 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWw2252.html
[2010-07-18 21:35:33 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRo2252.html
[2010-07-18 14:59:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempze1740.html
[2010-07-18 14:59:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHG1740.html
[2010-07-18 14:59:18 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempPW1740.html
[2010-07-18 14:59:18 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempHI1740.html
[2010-07-18 07:23:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGS2216.html
[2010-07-18 07:23:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVN2216.html
[2010-07-17 21:28:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempNm2276.html
[2010-07-17 21:28:25 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwy2276.html
[2010-07-17 21:28:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempjj2276.html
[2010-07-17 21:28:22 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQf2276.html
[2010-07-17 18:11:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxj2196.html
[2010-07-17 18:11:51 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempod2196.html
[2010-07-17 18:11:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempeK2196.html
[2010-07-17 18:11:49 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLO2196.html
[2010-07-17 14:29:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQP2088.html
[2010-07-17 14:29:10 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDR2088.html
[2010-07-17 14:29:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempLc2088.html
[2010-07-17 14:29:07 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempaw2088.html
[2010-07-17 08:03:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempdc2204.html
[2010-07-17 08:03:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempbr2204.html
[2010-07-16 18:15:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTm2172.html
[2010-07-16 07:41:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempeY2068.html
[2010-07-16 07:41:30 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempDJ2068.html
[2010-07-16 07:41:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempBz2068.html
[2010-07-16 07:41:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVx2068.html
[2010-07-15 20:40:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempvN2168.html
[2010-07-15 17:53:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempGA2168.html
[2010-07-15 12:26:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTj1348.html
[2010-07-15 12:26:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempLm1348.html
[2010-07-15 08:18:00 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsh2060.html
[2010-07-15 08:18:00 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempei2060.html
[2010-07-14 20:33:53 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKi2456.html
[2010-07-14 17:53:20 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwa2332.html
[2010-07-14 07:43:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAz2104.html
[2010-07-13 17:42:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempai2064.html
[2010-07-13 17:42:10 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempxS2064.html
[2010-07-13 15:29:18 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temptd2140.html
[2010-07-13 07:56:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQF2120.html
[2010-07-12 11:24:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMe1288.html
[2010-07-12 07:11:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAG1572.html
[2010-07-11 16:10:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempkZH288.html
[2010-07-11 15:13:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempiw1876.html
[2010-07-11 15:13:06 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempwE1876.html
[2010-07-11 10:26:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempZy2092.html
[2010-07-11 10:26:34 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempxM2092.html
[2010-07-11 08:29:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmW1952.html
[2010-07-11 08:29:11 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempzd1952.html
[2010-07-11 07:52:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TemphR2156.html
[2010-07-10 22:36:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMU3508.html
[2010-07-10 19:40:26 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWF2112.html
[2010-07-10 09:55:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVF2152.html
[2010-07-10 08:04:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRw1224.html
[2010-07-10 08:04:14 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempol1224.html
[2010-07-09 18:35:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempTnI944.html
[2010-07-09 13:23:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxa3764.html
[2010-07-09 13:23:13 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempxo3764.html
[2010-07-09 12:56:55 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEKU796.html
[2010-07-09 09:52:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEC2072.html
[2010-07-09 07:45:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAO1620.html
[2010-07-08 16:18:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempkQ2124.html
[2010-07-08 16:18:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemplB2124.html
[2010-07-08 07:17:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoT1724.html
[2010-07-08 07:17:32 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVy1724.html
[2010-07-07 20:06:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempdg1884.html
[2010-07-07 08:21:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempwg1432.html
[2010-07-07 08:21:32 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempvT1432.html
[2010-07-06 07:41:58 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempmh1752.html
[2010-07-05 20:57:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOY3760.html
[2010-07-05 20:57:44 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWo3760.html
[2010-07-05 16:49:47 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHn1516.html
[2010-07-05 13:05:05 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempREi984.html
[2010-07-05 11:49:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHM1544.html
[2010-07-05 11:49:51 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempAo1544.html
[2010-07-05 11:06:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIf2820.html
[2010-07-05 07:28:16 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempWL2032.html
[2010-07-04 18:53:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempfE1768.html
[2010-07-04 10:45:52 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHnO732.html
[2010-07-04 10:45:52 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempnZj732.html
[2010-07-03 12:27:54 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempuo2096.html
[2010-07-03 12:27:54 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempvA2096.html
[2010-07-03 06:21:25 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOT1848.html
[2010-07-02 16:57:41 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoC2580.html
[2010-07-02 16:57:41 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBm2580.html
[2010-07-02 15:23:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempac3096.html
[2010-07-02 06:16:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempoE1976.html
[2010-07-01 06:12:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempmO1732.html
[2010-07-01 06:12:13 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempVN1732.html
[2010-06-30 06:21:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempws1500.html
[2010-06-29 14:30:14 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempre1548.html
[2010-06-29 10:25:51 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjA1560.html
[2010-06-29 10:25:51 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempQj1560.html
[2010-06-28 22:02:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKu2592.html
[2010-06-28 22:02:48 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempcq2592.html
[2010-06-28 21:05:48 | 000,007,597 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
[2010-06-28 20:57:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempmc3580.html
[2010-06-28 10:11:24 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempjA1984.html
[2010-06-28 07:37:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempMr1448.html
[2010-06-27 18:20:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempElU796.html
[2010-06-27 18:20:30 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempBEt796.html
[2010-06-27 16:04:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPd2700.html
[2010-06-27 08:39:23 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempxPP412.html
[2010-06-27 06:40:30 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPE1388.html
[2010-06-26 21:57:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempXV3032.html
[2010-06-26 20:09:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHy1556.html
[2010-06-26 19:09:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempOc1516.html
[2010-06-26 19:09:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempjX1516.html
[2010-06-26 13:00:13 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSC1264.html
[2010-06-26 13:00:13 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempFJ1264.html
[2010-06-26 11:13:15 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFd3848.html
[2010-06-26 09:09:44 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKvY108.html
[2010-06-26 06:00:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqCi284.html
[2010-06-25 22:36:28 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSX2356.html
[2010-06-25 22:36:28 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempUE2356.html
[2010-06-25 06:45:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempQq1988.html
[2010-06-25 06:45:49 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempEM1988.html
[2010-06-24 18:18:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempJa1844.html
[2010-06-24 18:18:49 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempNl1844.html
[2010-06-24 16:06:35 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempfK3240.html
[2010-06-24 15:30:12 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempPf1988.html
[2010-06-24 15:30:12 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempRi1988.html
[2010-06-24 15:02:43 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempsK2016.html
[2010-06-24 15:02:43 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempkH2016.html
[2010-06-24 09:27:48 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempdV1960.html
[2010-06-24 09:27:48 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempUR1960.html
[2010-06-23 20:32:49 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqR2464.html
[2010-06-23 17:25:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKe1992.html
[2010-06-23 12:59:45 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempCm4076.html
[2010-06-23 12:59:45 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempWz4076.html
[2010-06-23 09:02:46 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempIX2088.html
[2010-06-23 07:04:29 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVM1812.html
[2010-06-23 07:04:29 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempjI1812.html
[2010-06-22 20:31:27 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFnS396.html
[2010-06-22 19:02:01 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempyd3732.html
[2010-06-22 19:02:01 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempJN3732.html
[2010-06-22 07:05:10 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempnR2000.html
[2010-06-21 06:24:11 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFX1032.html
[2010-06-21 06:24:11 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempIj1032.html
[2010-06-20 18:17:08 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempvB1872.html
[2010-06-20 13:44:34 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempqS3280.html
[2010-06-20 11:45:22 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEAj908.html
[2010-06-20 08:51:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempAzJ404.html
[2010-06-20 07:07:21 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temprm1912.html
[2010-06-20 07:07:21 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemptW1912.html
[2010-06-19 19:06:07 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempKd1476.html
[2010-06-19 19:06:07 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempiJ1476.html
[2010-06-19 16:14:39 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHS2120.html
[2010-06-19 13:35:31 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempRz3468.html
[2010-06-19 09:05:02 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Tempaq1472.html
[2010-06-18 16:10:59 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\Temptl1692.html
[2010-06-18 16:10:59 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\Tempsn1692.html
[2010-06-17 14:09:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempVWs272.html
[2010-06-17 13:54:38 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempEk1064.html
[2010-06-17 13:54:38 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TemphX1064.html
[2010-06-17 07:14:37 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempFQq404.html
[2010-06-17 07:14:37 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempmQT404.html
[2010-06-17 06:40:03 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempHk1124.html
[2010-06-17 06:40:03 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempID1124.html
[2010-06-16 19:16:06 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempYJ3576.html
[2009-07-14 01:55:09 | 000,585,216 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2004-09-24 00:31:08 | 000,233,472 | ---- | C] () -- C:\Windows\System32\libmySQL.dll
[2004-07-29 18:08:30 | 000,024,633 | ---- | C] () -- C:\Windows\php.ini
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010-08-26 09:48:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2010-06-24 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2010-12-12 20:41:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2011-01-11 16:37:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Gadu-Gadu 10
[2010-06-21 18:40:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2010-06-28 17:01:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Need for Speed World
[2010-06-17 08:14:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenFM
[2010-07-12 13:22:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
[2011-02-05 22:49:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PandoraRecovery
[2010-09-27 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thinstall
[2010-12-27 19:22:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tibia
[2011-01-30 11:13:56 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2010-07-28 12:00:22 | 000,182,324 | ---- | M] () -- C:\38856.rar
[2010-08-13 17:13:38 | 000,000,039 | ---- | M] () -- C:\597.ini
[2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010-06-16 16:29:56 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010-11-18 23:15:13 | 000,296,482 | RHS- | M] () -- C:\CBYIQ
[2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010-09-05 10:58:03 | 000,000,453 | ---- | M] () -- C:\Gry (D).lnk
[2011-02-06 21:55:20 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-28 11:26:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011-01-14 22:02:16 | 000,055,626 | ---- | M] () -- C:\Mass_Effect_N7_Logo_Edition_2_by_lincer556.jpg
[2010-06-28 11:26:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-02-06 21:55:21 | 2147,016,704 | -HS- | M] () -- C:\pagefile.sys
[2010-11-18 23:15:13 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010-07-28 11:29:52 | 000,002,033 | ---- | M] () -- C:\wsite.lnk


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< End of report >[/log]

info.txt
[log]info.txt logfile of random's system information tool 1.08 2011-02-06 22:13:56

======Uninstall list======

-->MsiExec /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Audacity 1.3.12 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
BearShare-->"C:\ProgramData\{37490DE3-F7B0-4FFB-ACAD-E9674CA2AD24}\BearShare_V9_pl_Setup.exe" REMOVE=TRUE MODIFY=FALSE
BearShare-->C:\ProgramData\{37490DE3-F7B0-4FFB-ACAD-E9674CA2AD24}\BearShare_V9_pl_Setup.exe
Cabal Online Europe - Radiant Hall-->"D:\patch\unins000.exe"
Centrum obsługi urządzeń z systemem Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Cheat Engine 5.6.1-->"C:\Program Files\Cheat Engine\unins000.exe"
Combined Community Codec Pack 2009-09-09-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Counter-Strike: Source-->"D:\Steam\steam.exe" steam://uninstall/240
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Deluxe Ski Jump 4 Beta-1-->"C:\Program Files\Deluxe Ski Jump 4\Uninstall\unins000.exe"
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
DVDVideoSoftTB Toolbar-->C:\PROGRA~1\DVDVID~2\UNWISE.EXE /U C:\PROGRA~1\DVDVID~2\INSTALL.LOG
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Free Audio CD Burner version 1.4.7-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free YouTube to MP3 Converter version 3.9.31-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe
Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}
Google Chrome-->"C:\Program Files\Google\Chrome\Application\9.0.597.84\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Half-Life 2: Episode One-->"D:\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"D:\Steam\steam.exe" steam://uninstall/420
Half-Life 2-->"D:\Steam\steam.exe" steam://uninstall/220
Harry Potter i Książę Półkrwi™-->MsiExec.exe /X{FD1B1980-8CAB-4474-89F8-1245AF657AD1}
Harry Potter TM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F50AF3B-8997-4916-0095-99D63DDB785A}\setup.exe" -l0x15 Uninstall
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe"
Mad Catz Xbox PC Driver-->MsiExec.exe /I{47A85B97-AE27-4963-A839-9B454A7E73A7}
Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
MediaBar-->"C:\Program Files\BearShare Applications\MediaBar\UnwiseLauncher.exe" /A "C:\Program Files\BearShare Applications\MediaBar\\INSTALL.LOG"
Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Moonbase Alpha-->"D:\Steam\steam.exe" steam://uninstall/39000
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
NapiProjekt 1.0.6.9-->"C:\Program Files\NAPI-PROJEKT\unins000.exe"
NCsoft Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
Need for Speed™ Most Wanted-->D:\Need for Speed Most Wanted\EAUninstall.exe
NSIS Example2-->"C:\Program Files\Tibia Auto\uninstall.exe"
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
Opera 10.54-->MsiExec.exe /X{C441297F-C9F2-4177-9D5F-1B10F0358E32}
PandoraRecovery (Remove Only)-->"C:\Program Files\Pandora Recovery\Uninstall.exe"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Podstawowe programy Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383}
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP
Portal-->"D:\Steam\steam.exe" steam://uninstall/400
psp ebook creator v1.0.3-->"C:\Program Files\psp ebook creator\unins000.exe"
Python 2.4.4-->MsiExec.exe /I{60E2C8C9-6CF3-4B1A-9618-E304946C94E6}
RapidShare Manager-->C:\Program Files\RapidShareManager\uninstall.exe
Real Alternative 1.9.0 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Recuva-->"C:\Program Files\Recuva\uninst.exe"
San Andreas Mod Installer-->"C:\Windows\San Andreas Mod Installer\uninstall.exe" "/U:C:\Program Files\San Andreas Mod Installer\Uninstall\uninstall.xml"
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Star Wars(TM): Knights of the Old Republic (TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\Setup.exe" -l0x15
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SubEdit - Vista WMP Patch-->"C:\Program Files\SubEdit-Player\WMP6_4\unins000.exe"
SubEdit-Player-->"C:\Program Files\SubEdit-Player\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Team Fortress 2-->"D:\Steam\steam.exe" steam://uninstall/440
The Sims Zwierzaki-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\Setup.exe" -l0015
Tibia MULTI-ip changer-->C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe
Tibia-->"E:\Program Files\Tibia2222323\unins000.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
UndeleteMyFiles-->"C:\Program Files\UndeleteMyFiles\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unlimited Cabal-->MsiExec.exe /I{454070F6-2CAF-49DE-84E7-07DC177789FB}
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Virtual DJ Home - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Winamp 5.58 PL-->"C:\Program Files\Winamp\UninstWA_PL.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}
Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

======Hosts File======

127.0.0.1 activate.adobe.com

======System event log======

Computer Name: User-Komputer
Event Code: 7036
Message: Usługa Klient DNS weszła w stan uruchomienia.
Record Number: 41961
Source Name: Service Control Manager
Time Written: 20100926055308.399624-000
Event Type: Informacje
User:

Computer Name: User-Komputer
Event Code: 7036
Message: Usługa Klient DHCP weszła w stan uruchomienia.
Record Number: 41960
Source Name: Service Control Manager
Time Written: 20100926055308.384024-000
Event Type: Informacje
User:

Computer Name: User-Komputer
Event Code: 51046
Message: Usługa klienta DHCPv6 została uruchomiona
Record Number: 41959
Source Name: Microsoft-Windows-DHCPv6-Client
Time Written: 20100926055308.384024-000
Event Type: Informacje
User: ZARZĄDZANIE NT\USŁUGA LOKALNA

Computer Name: User-Komputer
Event Code: 7036
Message: Usługa Izolacja klucza CNG weszła w stan uruchomienia.
Record Number: 41958
Source Name: Service Control Manager
Time Written: 20100926055308.384024-000
Event Type: Informacje
User:

Computer Name: User-Komputer
Event Code: 50036
Message: Usługa klienta DHCPv4 została uruchomiona
Record Number: 41957
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20100926055308.368424-000
Event Type: Informacje
User: ZARZĄDZANIE NT\USŁUGA LOKALNA

=====Application event log=====

Computer Name: User-Komputer
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 6011
Source Name: Microsoft-Windows-WMI
Time Written: 20100808115711.000000-000
Event Type: Informacje
User:

Computer Name: User-Komputer
Event Code: 5611
Message: The Windows Management Instrumentation service has detected an inconsistent system shutdown.
Record Number: 6010
Source Name: Microsoft-Windows-WMI
Time Written: 20100808115708.000000-000
Event Type: Informacje
User:

Computer Name: User-Komputer
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 6009
Source Name: Microsoft-Windows-WMI
Time Written: 20100808115707.000000-000
Event Type: Informacje
User:

Computer Name: User-Komputer
Event Code: 1531
Message: Usługa profilów użytkowników została uruchomiona pomyślnie.


Record Number: 6008
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100808115705.415224-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: USER-KOMPUTER
Event Code: 4625
Message: System podrzędny EventSystem pomija zduplikowane wpisy dziennika zdarzeń przez okres 86400 sekund. Limit czasu pomijania można kontrolować za pomocą wartości REG_DWORD o nazwie SuppressDuplicateDuration w następującym kluczu rejestru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 6007
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100808115705.000000-000
Event Type: Informacje
User:

=====Security event log=====

Computer Name: User-Komputer
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7

Uprawnienia: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 6527
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100808113617.170418-000
Event Type: Sukcesy inspekcji
User:

Computer Name: User-Komputer
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: USER-KOMPUTER$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 5

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x200
Nazwa procesu: C:\Windows\System32\services.exe

Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: Advapi
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 6526
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100808113617.170418-000
Event Type: Sukcesy inspekcji
User:

Computer Name: User-Komputer
Event Code: 4902
Message: Utworzono tabelę zasad inspekcji użytkownika.

Liczba elementów: 0
Identyfikator zasad: 0x95b4
Record Number: 6525
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100808113616.998818-000
Event Type: Sukcesy inspekcji
User:

Computer Name: User-Komputer
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-0-0
Nazwa konta: -
Domena konta: -
Identyfikator logowania: 0x0

Typ logowania: 0

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x4
Nazwa procesu:

Informacje o sieci:
Nazwa stacji roboczej: -
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: -
Pakiet uwierzytelniania: -
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 6524
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100808113616.889618-000
Event Type: Sukcesy inspekcji
User:

Computer Name: User-Komputer
Event Code: 4608
Message: Trwa uruchamianie systemu Windows.

To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji.
Record Number: 6523
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100808113616.889618-000
Event Type: Sukcesy inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;c:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files;C:\Program Files\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------
[/log]

log.txt
[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by User at 2011-02-06 22:13:36
Microsoft Windows 7 Ultimate
System drive C: has 31 GB (40%) free of 77 GB
Total RAM: 2048 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:13:53, on 2011-02-06
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\explorer.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Opera\opera.exe
D:\OTL.exe
C:\Windows\system32\taskmgr.exe
C:\Users\User\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O1 - Hosts: ::1 localhost
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe"
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O4 - Startup: nssvc32.exe
O4 - Startup: spoolsvcs.exe
O4 - Startup: wnr231.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CF21BF2-34CB-448C-9D78-22E9766A3440}: NameServer = 213.241.79.37,83.238.255.76
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll
O20 - Winlogon Notify: LogonInit - logonInit.dll (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 6680 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
MediaBar - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll [2009-12-20 87480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
UrlHelper Class - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll [2010-06-06 392112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-05-04 42080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{0974BA1E-64EC-11DE-B2A5-E43756D89593} - MediaBar - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll [2009-12-20 87480]
{872b5b88-9db5-4310-bdd0-ac189557e5f5} - DVDVideoSoftTB Toolbar - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll [2010-04-27 2393184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-05-25 37888]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-06-08 9267816]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"DataMngr"=C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe [2010-06-06 796600]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-05-04 11981408]
"Steam"=D:\Steam\steam.exe [2010-11-17 1242448]
"AdobeBridge"= []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"PlayNC Launcher"= []

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
nssvc32.exe
spoolsvcs.exe
wnr231.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LogonInit]
C:\Program Files\Common Files\logonInit.dll [2010-08-18 27958]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-02-06 22:13:37 ----D---- C:\Program Files\trend micro
2011-02-06 22:13:36 ----D---- C:\rsit
2011-02-06 17:01:31 ----A---- C:\Windows\ntbtlog.txt
2011-02-05 22:54:55 ----D---- C:\Program Files\Recuva
2011-02-05 22:52:53 ----D---- C:\Program Files\Google
2011-02-05 22:49:27 ----D---- C:\Users\User\AppData\Roaming\PandoraRecovery
2011-02-05 22:49:24 ----D---- C:\Program Files\Pandora Recovery
2011-02-05 22:45:56 ----D---- C:\Program Files\UndeleteMyFiles
2011-02-05 20:46:57 ----A---- C:\Windows\system32\fat32format.exe
2011-01-23 21:16:19 ----D---- C:\Program Files\Deluxe Ski Jump 4
2011-01-12 14:48:09 ----A---- C:\Windows\system32\odbc32.dll
2011-01-12 14:48:05 ----A---- C:\Windows\system32\XpsPrint.dll
2011-01-12 14:48:05 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-01-12 14:48:05 ----A---- C:\Windows\system32\FntCache.dll
2011-01-12 14:48:05 ----A---- C:\Windows\system32\DWrite.dll
2011-01-12 14:48:05 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-01-12 14:48:05 ----A---- C:\Windows\system32\d3d10warp.dll
2011-01-12 14:48:05 ----A---- C:\Windows\system32\d2d1.dll
2011-01-12 14:48:04 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-01-12 14:48:04 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-01-12 14:48:04 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-01-12 14:48:04 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-01-12 14:48:04 ----A---- C:\Windows\system32\d3d10_1.dll
2011-01-12 14:48:04 ----A---- C:\Windows\system32\cdd.dll

======List of files/folders modified in the last 1 months======

2011-02-06 22:13:50 ----D---- C:\Windows\Temp
2011-02-06 22:13:37 ----RD---- C:\Program Files
2011-02-06 21:52:40 ----D---- C:\Windows\Prefetch
2011-02-06 21:49:38 ----D---- C:\ProgramData\NVIDIA
2011-02-06 18:08:43 ----D---- C:\Windows\system32\catroot2
2011-02-06 17:01:31 ----D---- C:\Windows
2011-02-06 16:56:11 ----D---- C:\Windows\system32\config
2011-02-06 15:04:44 ----D---- C:\Windows\System32
2011-02-06 15:04:44 ----D---- C:\Windows\inf
2011-02-06 15:04:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-02-05 22:53:10 ----SHD---- C:\Windows\Installer
2011-02-05 22:52:59 ----D---- C:\Windows\Tasks
2011-02-05 22:52:59 ----D---- C:\Windows\system32\Tasks
2011-02-05 22:36:37 ----SHD---- C:\System Volume Information
2011-02-05 22:36:36 ----D---- C:\Windows\Logs
2011-02-05 21:35:32 ----D---- C:\Users\User\AppData\Roaming\Winamp
2011-02-05 17:39:39 ----D---- C:\Program Files\Mozilla Firefox
2011-02-03 21:00:18 ----D---- C:\Windows\winsxs
2011-02-03 16:31:57 ----D---- C:\Windows\Minidump
2011-02-03 16:21:58 ----D---- C:\Windows\system32\catroot
2011-01-30 22:02:30 ----D---- C:\Program Files\NAPI-PROJEKT
2011-01-28 22:02:53 ----RSD---- C:\Windows\Fonts
2011-01-22 17:22:25 ----D---- C:\Program Files\SpeedFan
2011-01-16 16:11:06 ----D---- C:\Windows\system32\drivers
2011-01-14 15:21:54 ----D---- C:\Users\User\AppData\Roaming\Adobe
2011-01-11 16:37:58 ----D---- C:\Users\User\AppData\Roaming\Gadu-Gadu 10

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 speedfan;speedfan; C:\Windows\system32\speedfan.sys [2006-09-24 5248]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 netr73;Sterownik karty RT73 USB Wireless LAN dla systemu Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 RTL8167;Sterownik Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-24 691696]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 ByakkoDriver;ByakkoDriver; \??\D:\Cabal Unlimited\Byakko.K32 [2011-02-05 7936]
S3 cpuz132;cpuz132; \??\C:\Users\User\AppData\Local\Temp\cpuz132\cpuz132_x32.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 10752]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 GPU-Z;GPU-Z; \??\C:\Users\User\AppData\Local\Temp\GPU-Z.sys []
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-06-08 3112360]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Karta USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 XDva332;XDva332; \??\C:\Windows\system32\XDva332.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 gupdate;Usługa Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-02-05 136176]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\Windows\system32\libusbd-nt.exe [2005-03-09 18944]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-06-07 129640]
S2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-17 655624]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2010-06-20 3813096]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-11-18 403240]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400]

-----------------EOF-----------------
[/log]

Pliku extras.txt niestety nie było.. :(

Tomek01
komentarz
komentarz

Odinstaluj: DAEMON Tools Toolbar, DVDVideoSoftTB Toolbar, Conduit Engine, BearShare MediaBar.

W OTL, w oknie Custom scan/fixes wklej:
[code]
:OTL
DRV - [2011-02-05 13:28:13 | 000,007,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Cabal Unlimited\Byakko.K32 -- (ByakkoDriver)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nssvc32.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\spoolsvcs.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wnr231.exe ()
O20 - Winlogon\Notify\LogonInit: DllName - logonInit.dll - C:\Program Files\Common Files\logonInit.dll ()

:Files
C:\Users\User\AppData\Local\Temp*.html
C:\Program Files\Common Files\logonInit.dll
C:\Program Files\Common Files\UserInit.dll
C:\Windows\system32\XDva332.sys

:Services
XDva332

:Commands
[emptytemp][/code]

Klikasz run fix, komputer uruchamia się ponownie.
Wrzuć log z usuwania oraz nowe logi: OTL i RSIT




Poniższy plik przeskanuj na virustotal:
C:\Windows\System32\fat32format.exe

  • Dobra wypowiedź 1
legendk
komentarz
komentarz

Dziękuje bardzo, gdybym Cię znał na rl to postawił bym ci browara. ;]

Tomek01
komentarz
komentarz

Ale czekam aż mi wrzucisz logi. Trzeba będzie jeszcze co nieco usunąć ;)

  • 1 miesiąc później...
legendk
komentarz
komentarz (edytowane)

To znowu ja i ten sam błąd.
Przepraszam, że potem nie wrzuciłem logów, ale poprostu nie przeczytałem. Jestem poprostu kolejną osobą, która wchodzi na forum tylko po to aby ktoś jej pomógł. (przepraszam, wiem coś o tym z forum graficznego)

OTL.txt
[log]OTL logfile created on: 2011-03-20 20:15:25 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = D:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,13 Gb Total Space | 28,07 Gb Free Space | 37,36% Space Free | Partition Type: NTFS
Drive D: | 195,32 Gb Total Space | 84,03 Gb Free Space | 43,02% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 21,17 Gb Free Space | 10,84% Space Free | Partition Type: NTFS

Computer Name: USER-KOMPUTER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-02-06 16:58:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
PRC - [2010-11-17 16:03:06 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2010-11-11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2010-11-11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2010-11-11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2010-11-11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2010-11-11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010-09-21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010-09-21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010-09-20 23:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010-08-21 06:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2010-06-16 10:57:22 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010-06-08 16:19:14 | 009,267,816 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010-06-07 16:47:34 | 000,129,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2010-06-07 16:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010-06-06 15:38:28 | 000,796,600 | ---- | M] () -- C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe
PRC - [2010-05-25 17:08:42 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010-05-14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010-05-14 10:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010-05-04 15:05:48 | 011,981,408 | ---- | M] (GG Network S.A.) -- C:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2010-04-01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010-03-02 17:10:24 | 000,138,072 | ---- | M] () -- C:\Program Files\Netia\Mobilny Internet\UIExec.exe
PRC - [2010-03-02 17:03:18 | 000,247,152 | ---- | M] () -- C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe
PRC - [2009-10-31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-07-14 02:14:50 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
PRC - [2009-07-14 02:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-07-14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2009-07-14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2009-07-14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-07-14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-07-14 02:14:35 | 000,428,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009-07-14 02:14:23 | 000,261,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2009-07-14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-07-14 02:14:19 | 000,092,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2009-07-14 02:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2007-05-31 08:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-02-06 16:58:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- D:\OTL.exe
MOD - [2010-10-27 05:40:24 | 001,289,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2010-08-21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010-07-27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2010-06-29 06:02:02 | 001,413,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010-04-07 08:10:36 | 000,571,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2009-12-08 12:33:31 | 000,857,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2009-12-08 12:32:02 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2009-07-14 02:16:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2009-07-14 02:16:17 | 001,123,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009-07-14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2009-07-14 02:16:17 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-07-14 02:16:17 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2009-07-14 02:16:17 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2009-07-14 02:16:17 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-07-14 02:16:15 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009-07-14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-14 02:16:15 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2009-07-14 02:16:14 | 001,668,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2009-07-14 02:16:14 | 000,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2009-07-14 02:16:14 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2009-07-14 02:16:13 | 000,652,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-07-14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-14 02:16:13 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-07-14 02:16:12 | 000,988,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-07-14 02:16:12 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2009-07-14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-14 02:16:12 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2009-07-14 02:16:11 | 000,121,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-07-14 02:15:50 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-07-14 02:15:43 | 000,828,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-07-14 02:15:36 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-07-14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-14 02:15:32 | 000,118,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2009-07-14 02:15:22 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-07-14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-14 02:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2009-07-14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-14 02:15:03 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2009-07-14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-07-14 02:14:53 | 000,640,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2009-07-14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009-07-14 02:14:08 | 000,319,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011-02-19 06:33:11 | 000,802,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010-11-18 07:21:40 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010-11-11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010-11-11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2010-11-11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010-11-11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010-08-19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010-06-20 16:41:00 | 003,813,096 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010-06-17 22:04:52 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-06-16 21:31:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010-06-07 16:05:06 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-03-02 17:03:18 | 000,247,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe -- (UI Assistant Service)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-07-14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalator formantów ActiveX (AxInstSV)
SRV - [2009-07-14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007-05-31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007-05-31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010-11-11 13:32:10 | 000,070,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2010-11-11 13:32:08 | 000,854,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2010-11-11 13:31:34 | 000,023,792 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmparport.sys -- (VMparport)
DRV - [2010-11-11 13:30:34 | 000,024,688 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010-11-11 13:29:26 | 000,026,352 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010-11-11 12:31:28 | 000,032,368 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2010-11-11 10:04:52 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010-11-11 10:04:52 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010-08-19 13:56:38 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010-06-24 15:26:15 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010-06-08 16:19:26 | 003,112,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010-06-08 00:57:00 | 010,888,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010-01-18 11:20:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010-01-18 11:20:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010-01-18 11:20:58 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010-01-18 11:20:58 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009-12-11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009-07-14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009-07-14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009-07-14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Sterownik audio USB (WDM)
DRV - [2009-07-14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009-07-13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009-07-13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007-06-29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2005-03-09 19:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.wp.pl/ [binary data]
IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2786678
IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {3e9a3920-1b27-11da-8cd6-0800200c9a66}:3.4.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-11 15:10:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-11 15:10:35 | 000,000,000 | ---D | M]

[2010-06-28 08:07:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011-03-20 12:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions
[2011-02-15 20:24:06 | 000,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66}
[2010-12-12 22:35:00 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010-12-12 20:41:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010-08-24 20:02:17 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011-03-20 12:09:57 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010-08-12 22:22:20 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2011-03-20 12:09:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com
[2010-08-07 22:16:28 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\illimitux@illimitux.net
[2010-04-12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xawtbya3.default\searchplugins\BearShareWebSearch.xml
[2010-12-15 15:22:16 | 000,000,873 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\xawtbya3.default\searchplugins\conduit.xml
[2011-03-13 09:43:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-07-23 22:36:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010-12-06 19:37:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010-09-15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011-03-11 15:10:33 | 000,002,767 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml
[2010-04-12 13:01:54 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2011-03-11 15:10:33 | 000,001,406 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml
[2011-03-11 15:10:33 | 000,000,917 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml
[2011-03-11 15:10:33 | 000,000,858 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml
[2011-03-11 15:10:33 | 000,001,183 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml
[2011-03-11 15:10:33 | 000,001,683 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml

O1 HOSTS File: ([2008-12-03 14:51:12 | 000,000,799 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Netia\Mobilny Internet\UIExec.exe ()
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [Gadu-Gadu 10] C:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4ce1c074-b803-11df-b027-0016e6ddf839}\Shell - "" = AutoRun
O33 - MountPoints2\{4ce1c074-b803-11df-b027-0016e6ddf839}\Shell\AutoRun\command - "" = G:\autorun.exe -auto
O33 - MountPoints2\{4ce1c075-b803-11df-b027-0016e6ddf839}\Shell - "" = AutoRun
O33 - MountPoints2\{4ce1c075-b803-11df-b027-0016e6ddf839}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{eda7b191-7f9c-11df-b68e-0016e6ddf839}\Shell - "" = AutoRun
O33 - MountPoints2\{eda7b191-7f9c-11df-b68e-0016e6ddf839}\Shell\AutoRun\command - "" = J:\autorun.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-03-20 20:07:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\VMware
[2011-03-20 12:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011-03-20 12:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2011-03-18 21:29:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gamez Aion
[2011-03-18 21:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gamez Aion
[2011-03-17 19:26:29 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\flash
[2011-03-16 14:51:56 | 000,114,688 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbnet.sys
[2011-03-16 14:51:56 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2011-03-16 14:51:56 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2011-03-16 14:51:56 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2011-03-16 14:51:56 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2011-03-16 14:51:48 | 000,471,040 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmnet.dll
[2011-03-16 14:51:48 | 000,022,528 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\BMLoad.sys
[2011-03-16 14:51:48 | 000,018,816 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\drivers\tcpipBM.sys
[2011-03-16 14:51:47 | 000,294,912 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bminstall.dll
[2011-03-16 14:51:47 | 000,126,976 | ---- | C] (Bytemobile, Inc.) -- C:\Windows\System32\bmdumpd.bin
[2011-03-16 14:51:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppCB
[2011-03-16 14:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netia
[2011-03-16 14:51:38 | 000,000,000 | ---D | C] -- C:\Program Files\Netia
[2011-03-14 14:36:46 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\BioWare - Kopia
[2011-03-12 22:52:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\.minecraft
[2011-03-10 22:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011-03-10 21:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011-03-06 17:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011-02-26 19:20:18 | 000,000,000 | ---D | C] -- C:\Windows\usgwmt
[2011-02-20 11:23:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{6A3F98AF-D67D-41FB-8A06-D6D933149296}
[2011-02-19 20:32:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{863D2C0A-24F7-4242-BB1A-6980D649AC15}
[2011-02-16 15:56:19 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\fz3-12978681792780
[2011-02-16 15:43:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FileZilla
[2011-02-16 15:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2011-02-15 20:24:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Charles
[2011-02-15 20:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Charles
[2011-02-13 21:09:41 | 000,334,448 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
[2011-02-13 21:09:37 | 000,404,080 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
[2011-02-13 21:09:36 | 000,026,352 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys
[2011-02-13 21:09:31 | 000,760,432 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll
[2011-02-13 21:08:46 | 000,024,688 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys
[2011-02-13 21:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2011-02-13 21:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2011-02-13 21:08:12 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2011-02-13 21:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2011-02-10 17:34:37 | 000,000,000 | ---D | C] -- C:\Program Files\Tibia86
[2011-02-09 03:01:06 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011-02-09 03:01:06 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011-02-07 07:57:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011-02-06 22:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011-02-06 22:13:36 | 000,000,000 | ---D | C] -- C:\rsit
[2011-02-06 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\do nauki
[2011-02-05 22:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2011-02-05 22:52:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Google
[2011-02-05 22:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011-02-05 22:49:27 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\PandoraRecovery
[2011-02-05 22:49:24 | 000,000,000 | ---D | C] -- C:\Program Files\Pandora Recovery
[2011-02-05 22:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UndeleteMyFiles
[2011-02-05 22:45:56 | 000,000,000 | ---D | C] -- C:\Program Files\UndeleteMyFiles
[2011-01-30 22:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt
[2011-01-23 21:16:41 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Deluxe Ski Jump 4
[2011-01-23 21:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluxe Ski Jump 4
[2011-01-23 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Deluxe Ski Jump 4

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-03-20 20:10:32 | 000,002,432 | ---- | M] () -- C:\Users\User\AppData\Local\TempSA3004.html
[2011-03-20 20:10:32 | 000,002,089 | ---- | M] () -- C:\Users\User\AppData\Local\TempvC3004.html
[2011-03-20 20:10:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-03-20 20:10:03 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2011-03-20 19:54:45 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-03-20 19:54:45 | 000,014,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-03-20 15:31:51 | 000,749,278 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-03-20 15:31:51 | 000,634,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-03-20 15:31:51 | 000,152,130 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-03-20 15:31:51 | 000,122,968 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-03-18 21:29:40 | 000,000,885 | ---- | M] () -- C:\Users\User\Desktop\GamezAion Launcher.lnk
[2011-03-16 14:52:06 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\Mobilny Internet.lnk
[2011-03-12 11:57:09 | 192,426,527 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011-03-04 22:54:35 | 000,002,008 | ---- | M] () -- C:\Users\User\Desktop\Aion.lnk
[2011-02-22 23:06:36 | 002,216,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-02-20 11:37:13 | 020,678,507 | ---- | M] () -- C:\Users\User\Desktop\Mój film2.wmv
[2011-02-19 20:58:46 | 022,149,918 | ---- | M] () -- C:\Users\User\Desktop\Mój film.wmv
[2011-02-13 21:08:40 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011-02-13 21:08:24 | 000,001,999 | ---- | M] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2011-02-10 17:55:51 | 000,002,149 | ---- | M] () -- C:\Users\Public\Desktop\Tibia MULTI-IP Changer.lnk
[2011-02-10 17:34:42 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\Tibia.lnk
[2011-02-08 23:19:47 | 002,507,957 | ---- | M] () -- C:\Users\User\Documents\Legendary_Tags_by_1LegenD1.png
[2011-02-08 08:40:09 | 000,001,178 | ---- | M] () -- C:\Users\User\Desktop\Mass Effect 2.lnk
[2011-02-06 17:33:12 | 000,648,748 | ---- | M] () -- C:\Users\User\Documents\BioWare.rar
[2011-02-06 17:33:02 | 000,000,020 | ---- | M] () -- C:\Users\User\Documents\Nowy Archiwum WinRARa.rar
[2011-01-30 22:02:31 | 000,000,951 | ---- | M] () -- C:\Users\User\Desktop\NapiProjekt.lnk
[2011-01-23 21:16:20 | 000,001,010 | ---- | M] () -- C:\Users\User\Desktop\DSJ4.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-03-20 20:10:32 | 000,002,432 | ---- | C] () -- C:\Users\User\AppData\Local\TempSA3004.html
[2011-03-20 20:10:32 | 000,002,089 | ---- | C] () -- C:\Users\User\AppData\Local\TempvC3004.html
[2011-03-18 21:29:40 | 000,000,885 | ---- | C] () -- C:\Users\User\Desktop\GamezAion Launcher.lnk
[2011-03-16 14:53:54 | 000,000,628 | ---- | C] () -- C:\NetworkCfg.xml
[2011-03-16 14:51:39 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\Mobilny Internet.lnk
[2011-03-10 21:55:36 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash Professional CS5.lnk
[2011-03-10 21:55:07 | 000,001,133 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2011-03-10 21:53:57 | 000,001,469 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit 2.lnk
[2011-03-10 21:53:42 | 000,001,483 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2011-03-10 21:53:00 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011-03-04 22:54:35 | 000,002,008 | ---- | C] () -- C:\Users\User\Desktop\Aion.lnk
[2011-02-20 17:13:00 | 000,049,233 | ---- | C] () -- C:\Windows\System32\fat32format.exe
[2011-02-20 11:25:22 | 020,678,507 | ---- | C] () -- C:\Users\User\Desktop\Mój film2.wmv
[2011-02-19 20:46:04 | 022,149,918 | ---- | C] () -- C:\Users\User\Desktop\Mój film.wmv
[2011-02-15 20:23:36 | 000,001,829 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charles.lnk
[2011-02-13 21:08:40 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011-02-13 21:08:24 | 000,001,999 | ---- | C] () -- C:\Users\Public\Desktop\VMware Player.lnk
[2011-02-08 23:19:47 | 002,507,957 | ---- | C] () -- C:\Users\User\Documents\Legendary_Tags_by_1LegenD1.png
[2011-02-08 08:40:09 | 000,001,178 | ---- | C] () -- C:\Users\User\Desktop\Mass Effect 2.lnk
[2011-02-06 17:33:12 | 000,648,748 | ---- | C] () -- C:\Users\User\Documents\BioWare.rar
[2011-02-06 17:33:02 | 000,000,020 | ---- | C] () -- C:\Users\User\Documents\Nowy Archiwum WinRARa.rar
[2011-01-30 22:02:31 | 000,000,951 | ---- | C] () -- C:\Users\User\Desktop\NapiProjekt.lnk
[2011-01-23 21:16:20 | 000,001,010 | ---- | C] () -- C:\Users\User\Desktop\DSJ4.lnk
[2010-09-04 13:32:33 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2010-06-28 21:05:48 | 000,007,597 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg
[2010-06-24 15:26:15 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009-07-14 01:55:09 | 000,585,216 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2009-07-14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2004-09-24 00:31:08 | 000,233,472 | ---- | C] () -- C:\Windows\System32\libmySQL.dll
[2004-07-29 18:08:30 | 000,024,633 | ---- | C] () -- C:\Windows\php.ini
[1996-04-03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

[color=#E56717]========== LOP Check ==========[/color]

[2011-03-12 22:59:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft
[2010-08-26 09:48:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Audacity
[2011-02-15 20:35:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Charles
[2010-06-24 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2010-12-12 20:41:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
[2011-03-14 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla
[2011-01-11 16:37:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Gadu-Gadu 10
[2010-06-21 18:40:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2010-06-28 17:01:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Need for Speed World
[2010-06-17 08:14:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenFM
[2010-07-12 13:22:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Opera
[2011-02-05 22:49:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PandoraRecovery
[2010-09-27 15:47:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thinstall
[2011-02-19 19:23:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tibia
[2011-03-15 16:42:19 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2011-02-13 21:08:40 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010-07-28 12:00:22 | 000,182,324 | ---- | M] () -- C:\38856.rar
[2010-08-13 17:13:38 | 000,000,039 | ---- | M] () -- C:\597.ini
[2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010-06-16 16:29:56 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010-11-18 23:15:13 | 000,296,482 | RHS- | M] () -- C:\CBYIQ
[2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011-03-16 14:51:53 | 000,005,562 | ---- | M] () -- C:\debug1214.txt
[2010-09-05 10:58:03 | 000,000,453 | ---- | M] () -- C:\Gry (D).lnk
[2011-03-20 20:10:03 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2010-06-28 11:26:42 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009-12-12 15:11:00 | 000,218,624 | ---- | M] () -- C:\klt.exe
[2011-01-14 22:02:16 | 000,055,626 | ---- | M] () -- C:\Mass_Effect_N7_Logo_Edition_2_by_lincer556.jpg
[2010-06-28 11:26:42 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009-07-07 10:30:20 | 000,000,628 | ---- | M] () -- C:\NetworkCfg.xml
[2011-03-20 20:10:05 | 2147,016,704 | -HS- | M] () -- C:\pagefile.sys
[2011-02-15 22:23:55 | 000,000,292 | ---- | M] () -- C:\ps3-updatelist.txt
[2010-11-18 23:15:13 | 000,000,020 | RHS- | M] () -- C:\win7.ld
[2010-07-28 11:29:52 | 000,002,033 | ---- | M] () -- C:\wsite.lnk


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009-07-14 00:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009-07-14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009-07-14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009-10-28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009-10-28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009-07-14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-
winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< End of report >[/log]

Extras.txt
[log]OTL Extras logfile created on: 2011-03-20 20:15:25 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = D:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,13 Gb Total Space | 28,07 Gb Free Space | 37,36% Space Free | Partition Type: NTFS
Drive D: | 195,32 Gb Total Space | 84,03 Gb Free Space | 43,02% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 21,17 Gb Free Space | 10,84% Space Free | Partition Type: NTFS

Computer Name: USER-KOMPUTER | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM)
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
"{454070F6-2CAF-49DE-84E7-07DC177789FB}" = Unlimited Cabal
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = The Sims Zwierzaki
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum obsługi urządzeń z systemem Windows Mobile
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobilny Internet
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C441297F-C9F2-4177-9D5F-1B10F0358E32}" = Opera 10.54
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD1B1980-8CAB-4474-89F8-1245AF657AD1}" = Harry Potter i Książę Półkrwi™
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BearShare MediaBar" = MediaBar
"CABAL Online: Radiant Hall_is1" = Cabal Online Europe - Radiant Hall
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"conduitEngine" = Conduit Engine
"Deluxe Ski Jump 4_is1" = Deluxe Ski Jump 4 Beta-1
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"Gadu-Gadu 10" = Gadu-Gadu 10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RealAlt_is1" = Real Alternative 2.0.2
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 380" = Half-Life 2: Episode One
"Steam App 39000" = Moonbase Alpha
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"SubEdit - Vista WMP Patch_is1" = SubEdit - Vista WMP Patch
"SubEdit-Player_is1" = SubEdit-Player
"Tibia_is1" = Tibia
"TMIPC" = Tibia MULTI-ip changer
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VMware_Player" = VMware Player
"Winamp" = Winamp
"Winamp PL" = Winamp 5.58 PL
"WinLiveSuite" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Translator" = Google Translator
"NCsoft-AionEU" = Aion
"OPR" = Opera Password Recovery
"Winamp Detect" = Detektor Winampa

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2010-12-18 17:41:23 | Computer Name = User-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: hl2.exe, wersja: 0.0.0.0, sygnatura
czasowa: 0x4d094ebe Nazwa modułu powodującego błąd: datamngr.dll_unloaded, wersja:
0.0.0.0, sygnatura czasowa: 0x4c0ba4ca Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x1002d499 Identyfikator procesu powodującego błąd: 0x394 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cb9efaa1b0b8ff Ścieżka aplikacji powodującej błąd: d:\steam\steamapps\556714\counter-strike
source\hl2.exe Ścieżka modułu powodującego błąd: datamngr.dll Identyfikator raportu:
8e55a91f-0aef-11e0-874f-0016e6ddf839

Error - 2010-12-19 03:51:03 | Computer Name = User-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: hl2.exe, wersja: 0.0.0.0, sygnatura
czasowa: 0x4d094ebe Nazwa modułu powodującego błąd: datamngr.dll_unloaded, wersja:
0.0.0.0, sygnatura czasowa: 0x4c0ba4ca Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x1002d499 Identyfikator procesu powodującego błąd: 0x884 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cb9f4d730ed124 Ścieżka aplikacji powodującej błąd: d:\steam\steamapps\556714\counter-strike
source\hl2.exe Ścieżka modułu powodującego błąd: datamngr.dll Identyfikator raportu:
b9a1429a-0b44-11e0-87ea-0016e6ddf839

Error - 2010-12-19 16:34:49 | Computer Name = User-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Tibia.exe, wersja: 8.6.0.0, sygnatura
czasowa: 0x4c29b82b Nazwa modułu powodującego błąd: USP10.dll, wersja: 1.626.7600.16385,
sygnatura czasowa: 0x4a5bdb32 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0005294e
Identyfikator
procesu powodującego błąd: 0xf4c Godzina uruchomienia aplikacji powodującej błąd:
0x01cb9fbc030ff65e Ścieżka aplikacji powodującej błąd: E:\Program Files\Tibia2222323\Tibia.exe
Ścieżka
modułu powodującego błąd: C:\Windows\system32\USP10.dll Identyfikator raportu: 6c4d1703-0baf-11e0-87ea-0016e6ddf839

Error - 2010-12-20 10:12:02 | Computer Name = User-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Tibia.exe, wersja: 8.6.0.0, sygnatura
czasowa: 0x4c29b82b Nazwa modułu powodującego błąd: logonInit.dll, wersja: 0.0.0.0,
sygnatura czasowa: 0x4a740504 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00002121
Identyfikator
procesu powodującego błąd: 0xb0c Godzina uruchomienia aplikacji powodującej błąd:
0x01cba00761bd3f7b Ścieżka aplikacji powodującej błąd: E:\Program Files\Tibia2222323\Tibia.exe
Ścieżka
modułu powodującego błąd: C:\Program Files\Common Files\logonInit.dll Identyfikator
raportu: 1d75bc9a-0c43-11e0-949c-0016e6ddf839

Error - 2010-12-21 12:39:14 | Computer Name = User-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: Simscrc.exe, wersja: 1.0.0.0, sygnatura
czasowa: 0x3873f6c0 Nazwa modułu powodującego błąd: Simscrc.exe, wersja: 1.0.0.0,
sygnatura czasowa: 0x3873f6c0 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0015bba5
Identyfikator
procesu powodującego błąd: 0x4e4 Godzina uruchomienia aplikacji powodującej błąd:
0x01cba12d9745b18b Ścieżka aplikacji powodującej błąd: D:\Maxis\The Sims\Simscrc.exe
Ścieżka
modułu powodującego błąd: D:\Maxis\The Sims\Simscrc.exe Identyfikator raportu: d812356a-0d20-11e0-ba76-0016e6ddf839

Error - 2010-12-21 17:35:36 | Computer Name = User-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej. .

Error - 2010-12-21 17:35:36 | Computer Name = User-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej. .

Error - 2010-12-21 17:35:39 | Computer Name = User-Komputer | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Nie można wyodrębnić listy głównej innych firm z pliku cab automatycznej
aktualizacji z: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>,
wystąpił błąd: Wymagany certyfikat jest poza okresem ważności, co wynika z weryfikacji
bieżącego zegara systemowego lub sygnatury czasowej. .

Error - 2010-12-22 13:25:07 | Computer Name = User-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: svchost.exe_iphlpsvc, wersja: 6.1.7600.16385,
sygnatura czasowa: 0x4a5bc100 Nazwa modułu powodującego błąd: FastProx.dll, wersja:
6.1.7600.16385, sygnatura czasowa: 0x4a5bd9de Kod wyjątku: 0xc0000005 Przesunięcie
błędu: 0x000231a3 Identyfikator procesu powodującego błąd: 0x3ec Godzina uruchomienia
aplikacji powodującej błąd: 0x01cba1df0e73fc00 Ścieżka aplikacji powodującej błąd:
C:\Windows\system32\svchost.exe Ścieżka modułu powodującego błąd: C:\Windows\system32\wbem\FastProx.dll
Identyfikator
raportu: 6b17dd8d-0df0-11e0-bb16-0016e6ddf839

Error - 2010-12-23 05:34:04 | Computer Name = User-Komputer | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: hl2.exe, wersja: 0.0.0.0, sygnatura
czasowa: 0x4d094ebe Nazwa modułu powodującego błąd: datamngr.dll_unloaded, wersja:
0.0.0.0, sygnatura czasowa: 0x4c0ba4ca Kod wyjątku: 0xc0000005 Przesunięcie błędu:
0x1002d499 Identyfikator procesu powodującego błąd: 0xcc4 Godzina uruchomienia aplikacji
powodującej błąd: 0x01cba282804125fa Ścieżka aplikacji powodującej błąd: d:\steam\steamapps\556714\counter-strike
source\hl2.exe Ścieżka modułu powodującego błąd: datamngr.dll Identyfikator raportu:
c7670189-0e77-11e0-a0cd-0016e6ddf839

[ System Events ]
Error - 2011-03-20 14:59:37 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-03-20 14:59:37 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-03-20 14:59:37 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-03-20 14:59:37 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-03-20 14:59:39 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-03-20 14:59:39 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-03-20 14:59:39 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie
można uruchomić z powodu następującego błędu: %%1068

Error - 2011-03-20 15:01:28 | Computer Name = User-Komputer | Source = DCOM | ID = 10005
Description =

Error - 2011-03-20 15:07:52 | Computer Name = User-Komputer | Source = DCOM | ID = 10005
Description =

Error - 2011-03-20 15:08:23 | Computer Name = User-Komputer | Source = Service Control Manager | ID = 7001
Description = Usługa Dostawca grupy domowej zależy od usługi Host dostawcy odnajdowania
funkcji, której nie można uruchomić z powodu następującego błędu: %%1068


< End of report >
[/log]

RSIT się zwiesza. :/


Jednocześnie mam pytanie, jakiego antyvirusa polecacie?

Tomek01
komentarz
komentarz

Odinstaluj:MediaBar, DVDVideoSoftTB Toolbar, uTorrentBar Community Toolbar, Conduit Engine.


W OTL, w oknie Custom scan/fixes wklej:
[code]
:OTL
PRC - [2010-06-06 15:38:28 | 000,796,600 | ---- | M] () -- C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2786678
IE - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
[2010-12-12 22:35:00 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011-03-20 12:09:57 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2010-08-12 22:22:20 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2011-03-20 12:09:57 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [DataMngr] C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe ()
O4 - HKU\S-1-5-21-3391368988-1248870-4137730901-1000..\Run: [PlayNC Launcher] File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll ()

:Files
C:\Program Files\ConduitEngine
C:\Program Files\uTorrentBar
C:\Users\User\AppData\Local\Temp*.html

:Commands
[emptytemp][/code]

Klikasz run fix, komputer uruchamia się ponownie.
Wrzuć log z usuwania oraz nowe logi: OTL i RSIT (jak normalnie nie pójdzie, zrób w trybie awaryjnym).


Wykonaj pełny skan
[url=http://www.instalki.pl/programy/download_c/13/96.html][color=#0000CD][b]Malwarebytes Anti-Malware[/b][/color][/url] i jakby coś wykrył raport pokaż na forum.

legendk
komentarz
komentarz (edytowane)

RSIT:
log.txt
[log]Logfile of random's system information tool 1.08 (written by random/random)
Run by User at 2011-03-22 17:50:20
Microsoft Windows 7 Ultimate
System drive C: has 29 GB (38%) free of 77 GB
Total RAM: 2048 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:50:27, on 2011-03-22
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Netia\Mobilny Internet\UIExec.exe
C:\Program Files\Gadu-Gadu 10\gg.exe
D:\Steam\Steam.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Users\User\AppData\Local\Opera\Opera\temporary_downloads\Malwarebytes_Anti-Malware1.50.1[www.instalki.pl].exe
C:\Users\User\AppData\Local\Temp\is-K6I5L.tmp\Malwarebytes_Anti-Malware1.50.1[www.instalki.pl].tmp
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\explorer.exe
C:\Users\User\AppData\Local\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [UIExec] "C:\Program Files\Netia\Mobilny Internet\UIExec.exe"
O4 - HKLM\..\RunOnce: [removetoolbar] cmd.exe /c RD /S /Q "C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar"
O4 - HKLM\..\RunOnce: [removedatamngr] cmd.exe /c RD /S /Q "C:\Program Files\BearShare Applications\MediaBar\"
O4 - HKCU\..\Run: [Gadu-Gadu 10] "C:\Program Files\Gadu-Gadu 10\gg.exe"
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3CF21BF2-34CB-448C-9D78-22E9766A3440}: NameServer = 213.241.79.37,83.238.255.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA977F0B-B9D3-4888-96CB-E89D0C56736D}: NameServer = 100.1.1.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 7713 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]
IEPluginBHO Class - C:\ProgramData\Gadu-Gadu 10\_userdata\ggbho.2.dll [2010-05-04 42080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-05-25 37888]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-06-08 9267816]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"VMware hqtray"=C:\Program Files\VMware\VMware Player\hqtray.exe [2010-11-11 64112]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"UIExec"=C:\Program Files\Netia\Mobilny Internet\UIExec.exe [2010-03-02 138072]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"removetoolbar"=cmd.exe /c RD /S /Q C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar []
"removedatamngr"=cmd.exe /c RD /S /Q C:\Program Files\BearShare Applications\MediaBar\ []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu 10"=C:\Program Files\Gadu-Gadu 10\gg.exe [2010-05-04 11981408]
"Steam"=D:\Steam\steam.exe [2010-11-17 1242448]
"AdobeBridge"= []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2011-03-22 17:50:20 ----D---- C:\rsit
2011-03-20 20:07:46 ----D---- C:\Users\User\AppData\Roaming\VMware
2011-03-20 19:59:16 ----A---- C:\Windows\ntbtlog.txt
2011-03-16 14:51:56 ----A---- C:\Windows\system32\drivers\ZTEusbser6k.sys
2011-03-16 14:51:56 ----A---- C:\Windows\system32\drivers\ZTEusbnmea.sys
2011-03-16 14:51:56 ----A---- C:\Windows\system32\drivers\ZTEusbnet.sys
2011-03-16 14:51:56 ----A---- C:\Windows\system32\drivers\ZTEusbmdm6k.sys
2011-03-16 14:51:56 ----A---- C:\Windows\system32\drivers\massfilter.sys
2011-03-16 14:51:53 ----A---- C:\debug1214.txt
2011-03-16 14:51:48 ----A---- C:\Windows\system32\sporder.dll
2011-03-16 14:51:48 ----A---- C:\Windows\system32\drivers\tcpipBM.sys
2011-03-16 14:51:48 ----A---- C:\Windows\system32\drivers\BMLoad.sys
2011-03-16 14:51:48 ----A---- C:\Windows\system32\bmutil.dll
2011-03-16 14:51:48 ----A---- C:\Windows\system32\bmnet.dll
2011-03-16 14:51:47 ----A---- C:\Windows\system32\bminstall.dll
2011-03-16 14:51:45 ----D---- C:\Windows\system32\SupportAppCB
2011-03-16 14:51:38 ----D---- C:\Program Files\Netia
2011-03-12 22:52:30 ----D---- C:\Users\User\AppData\Roaming\.minecraft
2011-03-10 22:00:32 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2011-03-10 21:52:59 ----D---- C:\Program Files\Common Files\Adobe AIR
2011-03-09 18:15:17 ----A---- C:\Windows\system32\FntCache.dll
2011-03-09 18:15:17 ----A---- C:\Windows\system32\DWrite.dll
2011-03-09 18:15:17 ----A---- C:\Windows\system32\d2d1.dll
2011-03-09 18:13:31 ----A---- C:\Windows\system32\CPFilters.dll
2011-03-09 18:13:30 ----A---- C:\Windows\system32\sbe.dll
2011-03-09 18:13:30 ----A---- C:\Windows\system32\EncDec.dll
2011-03-09 18:13:29 ----A---- C:\Windows\system32\mstscax.dll
2011-03-09 18:13:29 ----A---- C:\Windows\system32\mstsc.exe
2011-03-07 11:41:58 ----ASH---- C:\pagefile.sys
2011-03-06 17:38:29 ----D---- C:\ProgramData\TEMP
2011-02-26 19:20:18 ----D---- C:\Windows\usgwmt
2011-02-24 21:34:22 ----A---- C:\Windows\system32\wcncsvc.dll
2011-02-23 14:51:30 ----A---- C:\Windows\system32\XpsPrint.dll
2011-02-23 14:51:29 ----A---- C:\Windows\system32\XpsGdiConverter.dll

======List of files/folders modified in the last 1 months======

2011-03-22 17:50:26 ----D---- C:\Windows\Temp
2011-03-22 17:50:26 ----D---- C:\Program Files\trend micro
2011-03-22 17:45:41 ----RD---- C:\Program Files
2011-03-22 17:15:31 ----D---- C:\Windows\Prefetch
2011-03-22 17:09:59 ----D---- C:\ProgramData\VMware
2011-03-22 17:09:57 ----D---- C:\ProgramData\NVIDIA
2011-03-22 17:09:51 ----D---- C:\Windows\Minidump
2011-03-22 17:09:49 ----D---- C:\Windows
2011-03-22 16:08:57 ----D---- C:\Windows\system32\config
2011-03-22 14:24:42 ----D---- C:\Windows\System32
2011-03-22 14:24:42 ----D---- C:\Windows\inf
2011-03-22 14:24:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-03-22 14:13:10 ----SHD---- C:\System Volume Information
2011-03-20 20:09:01 ----D---- C:\Program Files\Common Files
2011-03-20 20:07:36 ----D---- C:\Program Files\SpeedFan
2011-03-20 20:07:11 ----D---- C:\Program Files\Tibia Auto
2011-03-20 20:06:45 ----D---- C:\Program Files\FileZilla FTP Client
2011-03-20 20:06:21 ----D---- C:\Program Files\Charles
2011-03-19 14:52:04 ----D---- C:\Users\User\AppData\Roaming\Winamp
2011-03-19 13:03:20 ----D---- C:\Program Files\Mozilla Firefox
2011-03-19 07:58:14 ----SHD---- C:\Windows\Installer
2011-03-19 07:58:06 ----D---- C:\Windows\winsxs
2011-03-16 14:55:16 ----D---- C:\Windows\ModemLogs
2011-03-16 14:52:05 ----D---- C:\Windows\system32\DriverStore
2011-03-16 14:52:05 ----D---- C:\Windows\system32\catroot
2011-03-16 14:51:56 ----D---- C:\Windows\system32\drivers
2011-03-16 14:51:38 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-16 07:47:37 ----D---- C:\Windows\system32\catroot2
2011-03-14 20:29:23 ----D---- C:\Users\User\AppData\Roaming\FileZilla
2011-03-11 07:45:35 ----D---- C:\ProgramData\Adobe
2011-03-10 22:18:42 ----D---- C:\Users\User\AppData\Roaming\Adobe
2011-03-10 22:01:14 ----D---- C:\Windows\system32\Tasks
2011-03-10 22:00:32 ----HD---- C:\ProgramData
2011-03-10 21:55:07 ----D---- C:\Program Files\Common Files\Adobe
2011-03-10 21:55:03 ----D---- C:\Program Files\Adobe
2011-03-04 17:38:06 ----D---- C:\Program Files\Tibia86
2011-02-25 15:57:20 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-24 691696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2010-11-11 32368]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2010-11-11 70768]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2010-11-11 36400]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2010-11-11 26352]
R2 VMparport;VMware VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [2010-11-11 23792]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2010-11-11 854128]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys [2010-08-19 22448]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-06-08 3112360]
R3 netr73;Sterownik karty RT73 USB Wireless LAN dla systemu Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 RTL8167;Sterownik Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2010-11-11 24688]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2010-11-11 16560]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 aagfrzto;aagfrzto; C:\Windows\system32\drivers\aagfrzto.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 cpuz132;cpuz132; \??\C:\Users\User\AppData\Local\Temp\cpuz132\cpuz132_x32.sys []
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2009-07-14 10752]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 GPU-Z;GPU-Z; \??\C:\Users\User\AppData\Local\Temp\GPU-Z.sys []
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys [2005-03-09 33792]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys [2010-01-18 9216]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;Karta USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys [2010-01-18 105088]
S3 ZTEusbnmea;ZTE NMEA Port; C:\Windows\system32\DRIVERS\ZTEusbnmea.sys [2010-01-18 105088]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\Windows\system32\DRIVERS\ZTEusbser6k.sys [2010-01-18 105088]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-06-07 129640]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-06-07 240232]
R2 UI Assistant Service;UI Assistant Service; C:\Program Files\Netia\Mobilny Internet\AssistantServices.exe [2010-03-02 247152]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2010-11-11 113264]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2010-11-11 334448]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2010-11-11 404080]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-17 655624]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2010-06-20 3813096]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-11-18 403240]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2010-08-19 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-16 1343400]

-----------------EOF-----------------
[/log]

info.txt
[log]info.txt logfile of random's system information tool 1.08 2011-03-22 17:50:29

======Uninstall list======

-->MsiExec /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Community Help-->msiexec /qb /x {0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe Community Help-->MsiExec.exe /I{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe -maintain plugin
Adobe Flash Professional CS5-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="1.0" --mode="Uninstall" --mediaSignature="{CFC9F871-7C40-40B6-BE4A-B98A5B309716}"
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Archiwizator WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Audacity 1.3.12 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Cabal Online Europe - Radiant Hall-->"D:\patch\unins000.exe"
Centrum obsługi urządzeń z systemem Windows Mobile-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Combined Community Codec Pack 2009-09-09-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Counter-Strike: Source-->"D:\Steam\steam.exe" steam://uninstall/240
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Deluxe Ski Jump 4 Beta-1-->"C:\Program Files\Deluxe Ski Jump 4\Uninstall\unins000.exe"
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Free YouTube to MP3 Converter version 3.9.31-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Gadu-Gadu 10-->C:\Program Files\Gadu-Gadu 10\Uninstall.exe
Galeria fotografii usługi Windows Live-->MsiExec.exe /X{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Half-Life 2: Episode One-->"D:\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"D:\Steam\steam.exe" steam://uninstall/420
Half-Life 2-->"D:\Steam\steam.exe" steam://uninstall/220
Harry Potter i Książę Półkrwi™-->MsiExec.exe /X{FD1B1980-8CAB-4474-89F8-1245AF657AD1}
Harry Potter TM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F50AF3B-8997-4916-0095-99D63DDB785A}\setup.exe" -l0x15 Uninstall
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Mass Effect 2-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect 2.exe
Mass Effect-->C:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
Microsoft .NET Framework 4 Client Profile PLK Language Pack-->MsiExec.exe /X{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Mobilny Internet-->"C:\Program Files\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe" -runfromtemp -l0x0015 -removeonly
Moonbase Alpha-->"D:\Steam\steam.exe" steam://uninstall/39000
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
NapiProjekt 1.0.6.9-->"C:\Program Files\NAPI-PROJEKT\unins000.exe"
NCsoft Launcher-->C:\Program Files\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe -runfromtemp -l0x0009 -removeonly
Need for Speed™ Most Wanted-->D:\Need for Speed Most Wanted\EAUninstall.exe
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
Opera 10.54-->MsiExec.exe /X{C441297F-C9F2-4177-9D5F-1B10F0358E32}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PDF Settings CS5-->MsiExec.exe /I{A78FE97A-C0C8-49CE-89D0-EDD524A17392}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Podstawowe programy Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Podstawowe programy Windows Live-->MsiExec.exe /I{7A9D47BA-6D50-4087-866F-0800D8B89383}
Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1045 /parameterfolder ClientLP
Portal-->"D:\Steam\steam.exe" steam://uninstall/400
Real Alternative 2.0.2-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
San Andreas Mod Installer-->"C:\Windows\San Andreas Mod Installer\uninstall.exe" "/U:C:\Program Files\San Andreas Mod Installer\Uninstall\uninstall.xml"
Star Wars(TM): Knights of the Old Republic (TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}\Setup.exe" -l0x15
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SubEdit - Vista WMP Patch-->"C:\Program Files\SubEdit-Player\WMP6_4\unins000.exe"
SubEdit-Player-->"C:\Program Files\SubEdit-Player\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Team Fortress 2-->"D:\Steam\steam.exe" steam://uninstall/440
The Sims Zwierzaki-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C32C567-DC0F-4C80-B06C-7873850A2E06}\Setup.exe" -l0015
Tibia MULTI-ip changer-->C:\Program Files\Asprate\Tibia Multi IP Changer\UNinstaller.exe
Tibia-->"C:\Program Files\Tibia86\unins000.exe"
Total Commander (Remove or Repair)-->c:\totalcmd\tcuninst.exe
Unlimited Cabal-->MsiExec.exe /I{454070F6-2CAF-49DE-84E7-07DC177789FB}
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VMware Player-->C:\ProgramData\VMware\VMware Player\Uninstaller\uninstall.exe -x -S "C:\ProgramData\VMware\VMware Player\Uninstaller\"
VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
Winamp 5.58 PL-->"C:\Program Files\Winamp\UninstWA_PL.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Movie Maker-->MsiExec.exe /X{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}
Windows Live Photo Common-->MsiExec.exe /X{0654EA5D-308A-4196-882B-5C09744A5D81}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{0C1931EB-8339-4837-8BEC-75029BF42734}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}

======Hosts File======

127.0.0.1 activate.adobe.com

======System event log======

Computer Name: User-Komputer
Event Code: 1074
Message: Proces C:\Windows\system32\winlogon.exe (USER-KOMPUTER) zainicjował wyłączenie zasilania komputera USER-KOMPUTER w imieniu użytkownika User-Komputer\User z następującej przyczyny: Nie można odnaleźć tytułu dla tej przyczyny
Kod przyczyny: 0x500ff
Typ zamknięcia systemu: wyłączenie zasilania
Komentarz:
Record Number: 68107
Source Name: USER32
Time Written: 20101208072459.000000-000
Event Type: Informacje
User: User-Komputer\User

Computer Name: User-Komputer
Event Code: 1074
Message: Proces Explorer.EXE zainicjował wyłączenie zasilania komputera USER-KOMPUTER w imieniu użytkownika User-Komputer\User z następującej przyczyny: Inne zadania (niezaplanowane)
Kod przyczyny: 0x0
Typ zamknięcia systemu: wyłączenie zasilania
Komentarz:
Record Number: 68106
Source Name: USER32
Time Written: 20101208072456.000000-000
Event Type: Informacje
User: User-Komputer\User

Computer Name: User-Komputer
Event Code: 7036
Message: Usługa Host systemu diagnostyki weszła w stan zatrzymania.
Record Number: 68105
Source Name: Service Control Manager
Time Written: 20101208072244.423012-000
Event Type: Informacje
User:

Computer Name: User-Komputer
Event Code: 206
Message: Usługa Asystent zgodności programów pomyślnie wykonała inicjowanie fazy drugiej.
Record Number: 68104
Source Name: Microsoft-Windows-Application-Experience
Time Written: 20101208071316.993557-000
Event Type: Informacje
User: ZARZĄDZANIE NT\SYSTEM

Computer Name: User-Komputer
Event Code: 7036
Message: Usługa Usługa autowykrywania serwera proxy w sieci Web WinHTTP weszła w stan zatrzymania.
Record Number: 68103
Source Name: Service Control Manager
Time Written: 20101208071247.453867-000
Event Type: Informacje
User:

=====Application event log=====

Computer Name: User-Komputer
Event Code: 102
Message: Windows (3172) Windows: Aparat bazy danych (6.01.7600.0000) uruchomił nowe wystąpienie (0).
Record Number: 14531
Source Name: ESENT
Time Written: 20101011175800.000000-000
Event Type: Informacje
User:

Computer Name: User-Komputer
Event Code: 1
Message: Została uruchomiona usługa łączności urządzenia z systemem Windows Mobile 2003.
Record Number: 14530
Source Name: WcesComm
Time Written: 20101011175755.000000-000
Event Type: Informacje
User:

Computer Name: User-Komputer
Event Code: 1
Message: Została uruchomiona usługa łączności urządzenia z systemem Windows Mobile.
Record Number: 14529
Source Name: RapiMgr
Time Written: 20101011175755.000000-000
Event Type: Informacje
User:

Computer Name: User-Komputer
Event Code: 6000
Message: Subskrybent powiadomień usługi winlogon <SessionEnv> był niedostępny i nie mógł obsłużyć zdarzenia powiadamiania.
Record Number: 14528
Source Name: Microsoft-Windows-Winlogon
Time Written: 20101011175753.000000-000
Event Type: Informacje
User:

Computer Name: User-Komputer
Event Code: 4101
Message: Sprawdzono poprawność licencji systemu Windows.
Record Number: 14527
Source Name: Microsoft-Windows-Winlogon
Time Written: 20101011175753.000000-000
Event Type: Informacje
User:

=====Security event log=====

Computer Name: User-Komputer
Event Code: 4672
Message: Przypisano specjalne uprawnienia do nowego logowania.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7

Uprawnienia: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 12352
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101012162934.387220-000
Event Type: Sukcesy inspekcji
User:

Computer Name: User-Komputer
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: USER-KOMPUTER$
Domena konta: WORKGROUP
Identyfikator logowania: 0x3e7

Typ logowania: 5

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x214
Nazwa procesu: C:\Windows\System32\services.exe

Informacje o sieci:
Nazwa stacji roboczej:
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: Advapi
Pakiet uwierzytelniania: Negotiate
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 12351
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101012162934.387220-000
Event Type: Sukcesy inspekcji
User:

Computer Name: User-Komputer
Event Code: 4902
Message: Utworzono tabelę zasad inspekcji użytkownika.

Liczba elementów: 0
Identyfikator zasad: 0x8f18
Record Number: 12350
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101012162934.293620-000
Event Type: Sukcesy inspekcji
User:

Computer Name: User-Komputer
Event Code: 4624
Message: Użytkownik pomyślnie zalogował się na koncie.

Podmiot:
Identyfikator zabezpieczeń: S-1-0-0
Nazwa konta: -
Domena konta: -
Identyfikator logowania: 0x0

Typ logowania: 0

Nowe logowanie:
Identyfikator zabezpieczeń: S-1-5-18
Nazwa konta: SYSTEM
Domena konta: ZARZĄDZANIE NT
Identyfikator logowania: 0x3e7
Identyfikator GUID logowania: {00000000-0000-0000-0000-000000000000}

Informacje o procesie:
Identyfikator procesu: 0x4
Nazwa procesu:

Informacje o sieci:
Nazwa stacji roboczej: -
Adres źródłowy sieci: -
Port źródłowy: -

Szczegółowe informacje o uwierzytelnianiu:
Proces logowania: -
Pakiet uwierzytelniania: -
Usługi przejściowe: -
Nazwa pakietu (tylko NTLM): -
Długość klucza: 0

To zdarzenie jest generowane w momencie utworzenia sesji logowania. Jest ono generowane na komputerze, do którego został uzyskany dostęp.

Pola podmiotu wskazują konto w systemie lokalnym, które zażądało logowania. Najczęściej jest to usługa, na przykład usługa Serwer, lub proces lokalny taki jak Winlogon.exe lub Services.exe.

Pole typu logowania wskazuje rodzaj zaistniałego logowania. Najczęstsze typy to 2 (interakcyjne) i 3 (sieciowe).

Pola nowego logowania wskazują konto, dla którego zostało utworzone nowe logowanie, czyli konto, które zostało zalogowane.

Pola sieci wskazują lokalizację, z której pochodziło zdalne żądanie logowania. Nazwa stacji roboczej nie zawsze jest dostępna i w niektórych przypadkach może być pusta.

Pola informacji o uwierzytelnianiu zawierają szczegółowe informacje o tym konkretnym żądaniu logowania.
- Identyfikator GUID logowania to unikatowy identyfikator, za pomocą którego można skorelować to zdarzenie ze zdarzeniem centrum dystrybucji kluczy.
- Usługi przejściowe wskazują, które usługi pośrednie uczestniczyły w tym żądaniu logowania.
- Nazwa pakietu wskazuje, który protokół podrzędny spośród protokołów NTLM został użyty.
- Długość klucza wskazuje długość wygenerowanego klucza sesji. Jeśli nie zażądano klucza sesji, jest to wartość 0.
Record Number: 12349
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101012162934.215620-000
Event Type: Sukcesy inspekcji
User:

Computer Name: User-Komputer
Event Code: 4608
Message: Trwa uruchamianie systemu Windows.

To zdarzenie jest rejestrowane w momencie uruchamiania programu LSASS.EXE i inicjowania podsystemu inspekcji.
Record Number: 12348
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101012162934.215620-000
Event Type: Sukcesy inspekcji
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;c:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files;C:\Program Files\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06

-----------------EOF-----------------
[/log]

logi z usuwania:
03212011_124532.txt
[log]All processes killed
========== OTL ==========
No active process named DataMngrUI.exe was found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
C:\Program Files\uTorrentBar\tbuTor.dll moved successfully.
HKU\S-1-5-21-3391368988-1248870-4137730901-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3391368988-1248870-4137730901-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\tbuTor.dll not found.
Prefs.js: "BearShare Web Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "BearShare Web Search" removed from browser.search.order.1
Prefs.js: "Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13" removed from browser.startup.homepage
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\components folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\searchbar folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\options folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\radio folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib\panels folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin\lib folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\skin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\widgets\net.vmn.www.3.Twitter.1227 folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\widgets folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\modules folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\lib folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\data\search folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content\data folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome\content folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593} folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\xawtbya3.default\extensions\engine@conduit.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\tbuTor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found.
File C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
File C:\Program Files\uTorrentBar\tbuTor.dll not found.
Registry value HKEY_USERS\S-1-5-21-3391368988-1248870-4137730901-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DataMngr deleted successfully.
C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3391368988-1248870-4137730901-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll deleted successfully.
C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll moved successfully.
========== FILES ==========
C:\Program Files\ConduitEngine folder moved successfully.
C:\Program Files\uTorrentBar folder moved successfully.
C:\Users\User\AppData\Local\TempDP2168.html moved successfully.
C:\Users\User\AppData\Local\Tempdu3280.html moved successfully.
C:\Users\User\AppData\Local\TempEE3280.html moved successfully.
C:\Users\User\AppData\Local\TempSA3004.html moved successfully.
C:\Users\User\AppData\Local\TempvC3004.html moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 171399 bytes
->Temporary Internet Files folder emptied: 5322618 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 24033316 bytes
->Flash cache emptied: 1222 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12946 bytes
RecycleBin emptied: 313882174 bytes

Total Files Cleaned = 328,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03212011_124532

Files\Folders moved on Reboot...
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1904.log moved successfully.

Registry entries deleted on Reboot...
[/log]

Niestety po wrzuceniu skryptu dalej to samo. :(

A w AntiMalware znalazło to:
[log]Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Wersja bazy: 6132

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2011-03-22 18:01:47
mbam-log-2011-03-22 (18-01-33).txt

Typ skanowania: Szybkie skanowanie
Przeskanowano obiektów: 142617
Upłynęło: 3 minut(y), 9 sekund(y)

Zainfekowanych procesów w pamięci: 0
Zainfekowanych modułów w pamięci: 0
Zainfekowanych kluczy rejestru: 0
Zainfekowanych wartości rejestru: 0
Zainfekowane informacje rejestru systemowego: 0
Zainfekowanych folderów: 0
Zainfekowanych plików: 1

Zainfekowanych procesów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych modułów w pamięci:
(Nie znaleziono zagrożeń)

Zainfekowanych kluczy rejestru:
(Nie znaleziono zagrożeń)

Zainfekowanych wartości rejestru:
(Nie znaleziono zagrożeń)

Zainfekowane informacje rejestru systemowego:
(Nie znaleziono zagrożeń)

Zainfekowanych folderów:
(Nie znaleziono zagrożeń)

Zainfekowanych plików:
c:\Windows\System32\Hosts (Trojan.Agent) -> No action taken.
[/log]

Z góry dzięki.

Tak nawiasem mówiąc to nie robiłem już formatu prawie rok, może mam zrobić?

up

CO jest grane?

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.