Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove OpenCloud Security


  • This topic is locked This topic is locked
48 replies to this topic

#1 Ervin T

Ervin T

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 28 September 2011 - 08:49 PM

First off, I removed the OpenCloud Security with the instructions given on this site or so I thought. When I restarted my laptop, the OpenCloud Security started again as if I never tried removing it. I've tried twice to remove it using the same procedure (RKILL & Malwarebytes) but the outcome is still the same. Would it be because Malwarebyte trial expired and could no longer protect my system? Please help as I need to use my laptop to work from home. Please help! Thank you in advance.

Fujitsu Lifebook
Windows 7 Home

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,849 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:24 AM

Posted 29 September 2011 - 02:35 AM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Ervin T

Ervin T
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 29 September 2011 - 12:54 PM

Here are the requested logs. I couldn't run GMER because I'm on 64 bit version of Windows. Thank you very much.

Attached Files


Edited by Ervin T, 29 September 2011 - 12:56 PM.


#4 Ervin T

Ervin T
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 29 September 2011 - 01:28 PM

Here are the requested logs. I couldn't run GMER because I'm on 64 bit version of Windows. Thank you very much.

Please advise if this is the correct way to post the logs or do I have to post the contents of the logs.

#5 Ervin T

Ervin T
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 29 September 2011 - 01:53 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/28/2011 10:01:24 PM
System Uptime: 9/29/2011 10:36:25 AM (0 hours ago)
.
Motherboard: FUJITSU | | FJNBB05
Processor: Intel® Core™ i5 CPU M 450 @ 2.40GHz | On Board | 2394/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 225 GiB total, 170.482 GiB free.
D: is FIXED (NTFS) - 225 GiB total, 51.864 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
==== System Restore Points ===================
.
RP172: 9/20/2011 11:10:54 PM - Installed League of Legends
RP173: 9/25/2011 7:00:33 PM - Windows Backup
RP174: 9/25/2011 11:46:46 PM - Removed League of Legends
RP175: 9/27/2011 7:18:25 PM - Windows Update
RP176: 9/29/2011 7:30:15 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1 MUI
Atheros Client Installation Program
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink PowerDVD 8
CyberLink YouCam
Fast Search by Surf Canyon
Fujitsu Display Manager
Fujitsu Hotkey Utility
Fujitsu MobilityCenter Extension Utility
Fujitsu System Extension Utility
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Management Engine Components
Intel® Turbo Boost Technology Driver
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
LifeBook Application Panel
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 6.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Pando Media Booster
Power Saving Utility
PriceGong 2.5.0
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Driver
RealUpgrade 1.1
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator LJ
ScanSoft PaperPort 11
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.3
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2553110)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
9/29/2011 6:24:08 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
9/29/2011 10:39:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
9/29/2011 10:39:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
9/29/2011 10:36:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/29/2011 10:36:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/29/2011 10:36:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/29/2011 10:36:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/29/2011 10:36:47 AM, Error: NetBT [4321] - The name "BEATA-PC :0" could not be registered on the interface with IP address 192.168.1.64. The computer with the IP address 192.168.1.78 did not allow the name to be claimed by this computer.
9/29/2011 10:36:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
9/29/2011 10:36:44 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
9/29/2011 10:36:43 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
9/29/2011 10:36:43 AM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
9/29/2011 10:35:43 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD} because another computer on the network has the same name. The server could not start.
9/29/2011 10:35:43 AM, Error: NetBT [4321] - The name "BEATA-PC :20" could not be registered on the interface with IP address 192.168.1.64. The computer with the IP address 192.168.1.78 did not allow the name to be claimed by this computer.
9/29/2011 10:23:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
9/29/2011 10:23:51 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/28/2011 9:22:58 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
9/28/2011 9:20:52 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
9/28/2011 9:17:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel® Management & Security Application User Notification Service service to connect.
9/28/2011 9:17:56 AM, Error: Service Control Manager [7000] - The Intel® Management & Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/28/2011 9:17:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
9/28/2011 9:17:24 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/28/2011 9:16:52 AM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/28/2011 9:16:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
9/28/2011 7:36:19 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume3.
9/28/2011 7:24:41 PM, Error: NetBT [4321] - The name "BEATA-PC :20" could not be registered on the interface with IP address 192.168.1.64. The computer with the IP address 192.168.1.77 did not allow the name to be claimed by this computer.
9/28/2011 7:24:41 PM, Error: NetBT [4321] - The name "BEATA-PC :0" could not be registered on the interface with IP address 192.168.1.64. The computer with the IP address 192.168.1.77 did not allow the name to be claimed by this computer.
9/28/2011 7:23:41 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\System Volume Information\Syscache.hve' was corrupted and it has been recovered. Some data might have been lost.
9/28/2011 6:11:56 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
9/28/2011 6:02:05 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
9/27/2011 7:08:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service sdrsvc with arguments "" in order to run the server: {687E55CA-6621-4C41-B9F1-C0EDDC94BB05}
9/27/2011 7:08:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Backup service to connect.
9/27/2011 7:08:55 PM, Error: Service Control Manager [7000] - The Windows Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/27/2011 6:55:45 PM, Error: Service Control Manager [7022] - The Intel® Management & Security Application User Notification Service service hung on starting.
9/27/2011 6:50:06 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/27/2011 6:50:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Beata at 10:40:59 on 2011-09-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1973.1011 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://hk.fujitsu.com/pc
mWinlogon: Userinit=userinit.exe,
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ADC PlugIn: {19090308-636d-4e9b-a1ce-a647b6f794bf} - C:\Users\Beata\AppData\Roaming\EYYXjUUVlI\sysl32.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Fast Search: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: MinibarBHO: {aa74d58f-acd0-450d-a85e-6c04b171c044} - C:\Program Files (x86)\Minibar\Kango.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Minibar: {d6598005-a921-4f83-b6e6-f4f030d1bf37} - C:\Program Files (x86)\Minibar\Kango.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [{417DD33A-2309-5EA9-23FA-F351DF29C98B}] C:\Users\Beata\AppData\Roaming\Orecni\sowoud.exe
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [TkIVrzONtAuSiDp8234A] C:\Windows\system32\p5aQH6dWKfLgXjC.exe
mRun: [GxA0ucS2iD8234A] C:\Windows\system32\NRL9gTXqjCkVzN.exe
mRun: [DcS1ibD3oGaHsJ8234A] C:\Windows\system32\k9gTZqjYCkVlNx0.exe
mRun: [vVrlOBtxPy8234A] C:\Windows\system32\U6sWJ7fELgZhCk.exe
mRun: [DmH6sWJ7fLgZhC8234A] C:\Windows\system32\krlONtxP0c1b3n4.exe
mRun: [ChYCwkUVrOtPyS8234A] C:\Windows\system32\Q3onG4amHsJfLgZ.exe
mRun: [UvD3onF4aHsJdLg8234A] C:\Windows\system32\sqhYCwkUVlBx0c1.exe
mRun: [aJ7fEL8gTqYwUrO8234A] C:\Windows\system32\GxP0ucS1iDoGaHs.exe
mRun: [tkVrlOBtx0c1v3n8234A] C:\Windows\system32\I4amH6sWJfLgZhC.exe
mRun: [p3onF4amHsJdLgZ8234A] C:\Windows\system32\DYCwkUVrlBx0c1v.exe
mRun: [DfEL8gTZqYwUrOt8234A] C:\Windows\system32\j0ucS1ibDoGaHsJ.exe
mRun: [slOBtxP0ySiDoFa8234A] C:\Windows\system32\H6sWJ7fELgZhCkV.exe
mRun: [exP0ycS1iDo8234A] C:\Windows\system32\sEL8gTZqhCkVlB.exe
mRun: [KcS1ibD3oGaHsJf8234A] C:\Windows\system32\v9gTZqjYCkVlNx0.exe
mRun: [ymH6sWJ7fLgZhCk8234A] C:\Windows\system32\PrlONtxP0c1b3n4.exe
mRun: [ghYCwkUVrOtPySi8234A] C:\Windows\system32\L3onG4amHsJfLgZ.exe
mRun: [KP0ycS1iv3n4m5W8234A] C:\Windows\system32\vfEL8gTZqYwUrOt.exe
mRun: [I6sWJ7fELgZhCkV8234A] C:\Windows\system32\YrlONtxP0c1b3n4.exe
mRun: [JCwkUVrlOtPySiD8234A] C:\Windows\system32\xnG4amH6sJfLgZh.exe
mRun: [PcS1ivD3oFaHsJd8234A] C:\Windows\system32\f8gTZqhYCkVlBx0.exe
mRun: [QbD3onG4aHs8234A] C:\Windows\system32\PYCwkIVrlNx0c1.exe
mRun: [z7fEL8gTZh8234A] C:\Windows\system32\RucS1ibD3n4m6W.exe
mRun: [ZL8gTZqhYwUrOtP8234A] C:\Windows\system32\bcS1ibD3oGaHsJf.exe
mRun: [CCwkIVrlOtPuSi8234A] C:\Windows\system32\mnG4aQH6sKfLgZj.exe
mRun: [cw0FLUAHgVAGZIS8234A] C:\Windows\system32\gXN38C059r26ZN.exe
mRun: [xlvQZIvQTzb8ku8234A] C:\Windows\system32\aLISHXNDKYPGLVS.exe
mRun: [so8IoKkSHgOD7IS8234A] C:\Windows\system32\zWk1WwS5XA.exe
mRun: [XCUrBPci3Fm5JEg8234A] C:\Windows\system32\twrvmKqBxoGdRqI.exe
mRun: [Hi3Fm5JEgqXUlt08234A] C:\Windows\system32\n7TwOuDaJgqCUrB.exe
mRun: [po4HJEg9XUltNAu8234A] C:\Windows\system32\tJEgqXUlt0.exe
mRun: [Xt3JYPn7Xz2QwA58234A] C:\Windows\system32\vZz3RBbdXtpLr.exe
mRun: [X0aqP4ZysjS8OFK8234A] C:\Windows\system32\CSsYymRz4RzFRz.exe
mRun: [nhP4RtnKI26w8234A] C:\Windows\system32\sIu5hNmRBi6Cu6.exe
mRun: [q8V15hzFZyGhNQe8234A] C:\Windows\system32\B1p8CA38eudCua9.exe
mRun: [CZODJwAHj1Qwv8r8234A] C:\Windows\system32\TNoQTOFLzDKY.exe
mRun: [Lu2Dn4HWf9ZYkr8234A] C:\Windows\system32\naW9XYkrO.exe
mRun: [GwINvFsEZw8234A] C:\Windows\system32\GUtS3m7gYez1nHd.exe
mRun: [iNvFsEZwlNub5WL8234A] C:\Windows\system32\mgYez1nHdZ.exe
mRun: [nlNub5WLj8234A] C:\Windows\system32\GUtS3m7gYez1nHd.exe
mRun: [VfTeOub56RqCIrN8234A] C:\Windows\system32\uoQRVybJ9lAb.exe
mRun: [icsY0mTxoEUcpge8234A] C:\Windows\system32\mQXxaqA5Tt.exe
mRun: [WViWCcHZOvshzoK8234A] C:\Windows\system32\WuQXxaqA5TtpLl3.exe
mRun: [iWf8ZYkrBPci3Fm8234A] C:\Windows\system32\ugqCIlNPciDo.exe
mRun: [Y4HQd8ZYjeBPcu28234A] C:\Windows\system32\OLThwVlt0Svo4ms.exe
mRun: [Jna6KEgqCIlt0Sb8234A] C:\Windows\system32\wIrNtxA0uS.exe
mRun: [HLTqCIlt0SboGm8234A] C:\Windows\system32\VrNtxuS2bp4H.exe
mRun: [STqCIlt0SboGm6J8234A] C:\Windows\system32\yCIrNtxuSbp4HW7.exe
mRun: [ls7LRqXUlt0Avo48234A] C:\Windows\system32\I8hwVOxyS.exe
mRun: [n9jBcDbp5Qd8ZTj8234A] C:\Windows\system32\Xi3n5EZkOyD4s.exe
mRun: [kKXB0pdgkx28234A] C:\Windows\system32\jXtvHKwzDGKwB.exe
mRun: [Rci3F4mH5W7EgqX8234A] C:\Windows\system32\pGa6JEgqCkrB.exe
mRun: [AFW7dEL8ghwUeOz8234A] C:\Windows\system32\Hn6EqkNc3mJgCl.exe
mRun: [hrcFWRVvH8234A] C:\Windows\system32\J1s9r26XO25fYN2.exe
mRun: [vPDmKwtumdTlA3J8234A] C:\Windows\system32\sBim7RVvHEZ.exe
mRun: [wSbp4Hs7LT8234A] C:\Windows\system32\LSbp5Qd7LTjCVO.exe
mRun: [ona6KEgqCIltPc8234A] C:\Windows\system32\Ap5HW7LTjeVzNxu.exe
mRun: [s7LTjwlPSiDGm6J8234A] C:\Windows\system32\pb5W7LTYezNxci3.exe
mRun: [XXkeOzy1DFmsJEg8234A] C:\Windows\system32\tJEgqCUlty1Dna5.exe
mRun: [UopGQd8LTjeBOx08234A] C:\Users\Beata\AppData\Roaming\Bzy1DFmsJE\i9XUeBzy1DbpG.exe
mRun: [RYIltu1Dna7Lgq8234A] C:\Windows\system32\Gxu2Dna6Wf.exe
mRun: [Nu2Fm5aJW8R8234A] C:\Windows\system32\bDoFpGQd8ZTjeBP.exe
mRun: [EYYYjUUVlI8234A] C:\Windows\system32\bttzzP00ycAiv2o.exe
mRun: [bjjUUVelIBt8234A] C:\Windows\system32\dCekIVrzOtAu.exe
mRun: [wRRZZ9hYXwjUVIt8234A] C:\Windows\system32\oIVrzONtx0c2b3.exe
mRun: [ojjjUVVlIBt8234A] C:\Windows\system32\jZqhYCwkUrOtPyS.exe
mRun: [UhhYYjjUVelItzN8234A] C:\Windows\system32\tIzy0v2ib3n5Q6K.exe
mRun: [zeeelIIBtzPNc8234A] C:\Windows\system32\x8gTZqhYCkVlBx.exe
mRun: [U6ddEKK8fRZhTX8234A] C:\Windows\system32\DuvvD22obF4mG5Q.exe
mRun: [U66ddEK8fRZhTw8234A] C:\Users\Beata\AppData\Roaming\bjUUVVelIBt\ZFF44pmmG.exe
mRun: [YjUUCCelIBrzPyA8234A] C:\Users\Beata\AppData\Roaming\bjjUUVlIBtz\l2oobFF4pmG5QJd.exe
mRun: [YjUUCCelIBrzNyA8234A] C:\Users\Beata\AppData\Roaming\bjjUUVelIBt\l2oobFF4pmG5QJd.exe
mRun: [VdddEKK8fRZhTXj8234A] C:\Users\Beata\AppData\Roaming\bjUUVVelIBt\lvDD22obF4pm5sJ.exe
mRun: [uWqNbsZObsqB8234A] C:\Windows\system32\q1mfCAp8U.exe
mRun: [BLVcaLkyFdwPb6T8234A] C:\Windows\system32\JGReAn7Yx3Kj.exe
mRun: [FAn7CPo7Cxo7XPp8234A] C:\Users\Beata\AppData\Roaming\mfwPGfk0Fd\NoJYt2Q9Bv5LIuG.exe
mRun: [WWWWKK8fRL9h8234A] C:\Windows\system32\PKKK8ffRZ9hTwjC.exe
mRun: [NTTXXqjjUCeIBzO8234A] C:\Windows\system32\ymmGG5aaQJ6WKfR.exe
mRun: [W8R9TqUeBzNx8234A] C:\Windows\system32\yb4m5QdKfZhXjCl.exe
mRun: [KR9TqUeBzNx0u8234A] C:\Windows\system32\Zv2b4m5QdKfZhXj.exe
mRun: [oR9TqUeBzNx0u28234A] C:\Windows\system32\m2b4m5QdKfZhXjC.exe
mRun: [KfLTqCkBNAuSb8234A] C:\Windows\system32\A4GsJd8Zh.exe
mRun: [lhCkrOx0ciDoFa58234A] C:\Windows\system32\TqqqjUUCekIrzNy.exe
mRun: [lhwUrBx0ciosLZw8234A] C:\Windows\system32\CWfLTqCkBNA.exe
mRun: [vkVlBPyA1v24msJ8234A] C:\Windows\system32\sTqCkVOtAuS.exe
mRun: [vlPADFpHs7EgZhw8234A] C:\Windows\system32\oHdKf9TqCkVzNAu.exe
mRun: [X9jIP1opGa6WKLT8234A] C:\Windows\system32\H1boGaHWfLgZhwU.exe
mRun: [crPSH8ktc3mJgqX8234A] C:\Windows\system32\QL9gXjCkIzx0c2.exe
mRun: [k9wlzxvF5688234A] C:\Windows\system32\ivnmJKZXVtyubmJ.exe
mRun: [jW9UOu3HRj8234A] C:\Windows\system32\Z0vmdheyoGKTeyS.exe
mRun: [Iez12psERYUBNuo8234A] C:\Windows\system32\U3467ghkOPS345L.exe
mRun: [H8qwrxcvnmJLZCr8234A] C:\Windows\system32\l9jklxSDG.exe
mRun: [aK8LhXjCkBzyAuS8234A] C:\Windows\system32\EBBBrzzPNyx1bp5.exe
mRun: [jYwUeItPc1v2b4m8234A] C:\Windows\system32\iyAiDoFm5QdKg.exe
mRun: [bA2paWRXezxS35d8234A] C:\Windows\system32\SsdgYUIP1245dfh.exe
mRun: [KrOtAuSb3n8234A] C:\Windows\system32\O2ipGQ6dWfLgXjC.exe
mRun: [wHHH66sWJ7fL8Zh8234A] C:\Windows\system32\OSSS1ibbD3nG4.exe
mRun: [xZhXUeBzN1Dob4m8234A] C:\Windows\system32\qeeOt0c1DoFp.exe
mRun: [xZhXjVltPc1voFm8234A] C:\Windows\system32\YltPc1v2npHsJ.exe
mRun: [I5JW8LTqeIzyAui8234A] C:\Windows\system32\F9TTXwjUeIBrxu2.exe
mRun: [gSvo457LZYklt0A8234A] C:\Windows\system32\uuio4HJEghUl.exe
mRun: [i7RL9gTXqYeIrNx8234A] C:\Windows\system32\IvS2iFpnGQ6W.exe
mRun: [AlP1FsKhUrAomJ88234A] C:\Windows\system32\zvnaWLqkOPiF5dR.exe
mRun: [hSmKTIxbQ7XVAbH8234A] C:\Windows\system32\oAFQgjzvpdh.exe
mRun: [Gghez1oGdTePv8234A] C:\Windows\system32\p8YVtc3mJgYez1o.exe
mRun: [XjeBPx1So3maJd88234A] C:\Windows\system32\Zzy1Do4GQ6Ef.exe
mRun: [TRXVBPcu24GQdfh8234A] C:\Windows\system32\qJEgqXVBPcvoFms.exe
mRun: [CbF3pmG5aJdKf9T8234A] C:\Windows\system32\awjUCelIBzNx1v2.exe
mRun: [gPDmdTIxoafqrS8234A] C:\Windows\system32\pnWTktvaEYl1FdZ.exe
mRun: [sEgqYkVOtPSiDoG8234A] C:\Windows\system32\YQ6W7LTqjCkVzNx.exe
mRun: [vEL8gRZqhXkVl8234A] C:\Windows\system32\AlONtxP0uSiDoGa.exe
mRun: [hpHQ7Kg9YweBzyA8234A] C:\Windows\system32\e8gRZqhYwUlBPy.exe
mRun: [ewUeBPyAu2b4Gs8234A] C:\Windows\system32\BweBPc1v2Fm5JdK.exe
mRun: [oNtxA0ucSiDpGaH8234A] C:\Windows\system32\eweBzyAu2b4Gs6.exe
mRun: [oNx0ciDn4QsKE9T8234A] C:\Windows\system32\cXVtyvbG68hU.exe
mRun: [hc1Do4m57E8ZhXA8234A] C:\Windows\system32\kIzNx0ciDn4QsKE.exe
mRun: [bvFsEqkBc2mJgYU8234A] C:\Windows\system32\gaKgCrPiGsEZwl.exe
mRun: [WwNoQRe1G8UNiH98234A] C:\Windows\system32\twtiafqr03HEYO1.exe
mRun: [RlBPciDna5JEgqY8234A] C:\Windows\system32\sLZkOuD4s7LgZh.exe
mRun: [dONtx0SboGm6JfL8234A] C:\Windows\system32\Q6sWK7fELgZjCkV.exe
mRun: [HTqYkrBPciDna5J8234A] C:\Windows\system32\ykVONtx0SboGms.exe
mRun: [Hs6E8R9XjCIzNxu8234A] C:\Windows\system32\U9hYwjUVetPc1D.exe
mRun: [uQ6WfLXjC8234A] C:\Windows\system32\nCkrOx0vi.exe
mRun: [IKRgqCkrNAu28234A] C:\Windows\system32\neBOxu2Fn.exe
mRun: [lna6KEgqYkVOxu18234A] C:\Windows\system32\IKRgqCkrOxuS.exe
mRun: [gDna6JfLTqC8234A] C:\Windows\system32\KOuin6KE9ZYkVOx.exe
mRun: [LEgqCUltPci3Fm58234A] C:\Windows\system32\EqYkVOxu1Dna6.exe
mRun: [BQ78ZhYXUl8234A] C:\Windows\system32\qVOzy1Do4.exe
mRun: [KIltPci3na6Jf8Z8234A] C:\Windows\system32\sNxuSi3GaHs7LTq.exe
mRun: [rNAvo4GQd8234A] C:\Windows\system32\cQ7KRhwUl.exe
mRun: [thqCIzy0Sbp5Hd78234A] C:\Windows\system32\H4Q8TCz1vo3GQd.exe
mRun: [SrNAviFna6W7Lgq8234A] C:\Windows\system32\WjBy1Sbp5JWf9XU.exe
mRun: [n3m7gYez1n5EZwB8234A] C:\Windows\system32\crPiG6EqU.exe
mRun: [h1v2np5JdR9X8234A] C:\Windows\system32\i1Do4HWdLRhwVOz.exe
mRun: [GlzcopQ89wlPuFa8234A] C:\Windows\system32\ZLCOc35LXOcD4QE.exe
mRun: [Ta6KEgqCIlt0ci38234A] C:\Windows\system32\wfLqkOyS3Q7gYVx.exe
mRun: [NSboGms7LTqCVOx8234A] C:\Windows\system32\iSbp46KEgqCIl.exe
dRun: [win2119b744] C:\Windows\TEMP\win2119b744.exe
dRun: [4Y3Y0C3AVF7XXHYWOUBJLS] C:\Recycle.Bin\B6232F3A1D3.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8AE60E6A-16FA-4202-8817-5F187EC16077} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\039364850383036363734353 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\0527A79776F64616 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\2375942554630353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\44554494 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\4505D2C494E4B4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\4505D2C494E4B4F5547383542373 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\46C696E6B6 : DhcpNameServer = 192.168.1.254 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: ADC PlugIn: {19090308-636D-4e9b-A1CE-A647B6F794BF} - C:\Users\Beata\AppData\Roaming\EYYXjUUVlI\sysl32.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Fast Search: {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO-X64: IE BHO Utility - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll
BHO-X64: Minibar BHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Minibar: {D6598005-A921-4F83-B6E6-F4F030D1BF37} - C:\Program Files (x86)\Minibar\Kango.dll
mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun-x64: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun-x64: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun-x64: [YouCam Mirror Tray icon] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [TkIVrzONtAuSiDp8234A] C:\Windows\system32\p5aQH6dWKfLgXjC.exe
mRun-x64: [GxA0ucS2iD8234A] C:\Windows\system32\NRL9gTXqjCkVzN.exe
mRun-x64: [DcS1ibD3oGaHsJ8234A] C:\Windows\system32\k9gTZqjYCkVlNx0.exe
mRun-x64: [vVrlOBtxPy8234A] C:\Windows\system32\U6sWJ7fELgZhCk.exe
mRun-x64: [DmH6sWJ7fLgZhC8234A] C:\Windows\system32\krlONtxP0c1b3n4.exe
mRun-x64: [ChYCwkUVrOtPyS8234A] C:\Windows\system32\Q3onG4amHsJfLgZ.exe
mRun-x64: [UvD3onF4aHsJdLg8234A] C:\Windows\system32\sqhYCwkUVlBx0c1.exe
mRun-x64: [aJ7fEL8gTqYwUrO8234A] C:\Windows\system32\GxP0ucS1iDoGaHs.exe
mRun-x64: [tkVrlOBtx0c1v3n8234A] C:\Windows\system32\I4amH6sWJfLgZhC.exe
mRun-x64: [p3onF4amHsJdLgZ8234A] C:\Windows\system32\DYCwkUVrlBx0c1v.exe
mRun-x64: [DfEL8gTZqYwUrOt8234A] C:\Windows\system32\j0ucS1ibDoGaHsJ.exe
mRun-x64: [slOBtxP0ySiDoFa8234A] C:\Windows\system32\H6sWJ7fELgZhCkV.exe
mRun-x64: [exP0ycS1iDo8234A] C:\Windows\system32\sEL8gTZqhCkVlB.exe
mRun-x64: [KcS1ibD3oGaHsJf8234A] C:\Windows\system32\v9gTZqjYCkVlNx0.exe
mRun-x64: [ymH6sWJ7fLgZhCk8234A] C:\Windows\system32\PrlONtxP0c1b3n4.exe
mRun-x64: [ghYCwkUVrOtPySi8234A] C:\Windows\system32\L3onG4amHsJfLgZ.exe
mRun-x64: [KP0ycS1iv3n4m5W8234A] C:\Windows\system32\vfEL8gTZqYwUrOt.exe
mRun-x64: [I6sWJ7fELgZhCkV8234A] C:\Windows\system32\YrlONtxP0c1b3n4.exe
mRun-x64: [JCwkUVrlOtPySiD8234A] C:\Windows\system32\xnG4amH6sJfLgZh.exe
mRun-x64: [PcS1ivD3oFaHsJd8234A] C:\Windows\system32\f8gTZqhYCkVlBx0.exe
mRun-x64: [QbD3onG4aHs8234A] C:\Windows\system32\PYCwkIVrlNx0c1.exe
mRun-x64: [z7fEL8gTZh8234A] C:\Windows\system32\RucS1ibD3n4m6W.exe
mRun-x64: [ZL8gTZqhYwUrOtP8234A] C:\Windows\system32\bcS1ibD3oGaHsJf.exe
mRun-x64: [CCwkIVrlOtPuSi8234A] C:\Windows\system32\mnG4aQH6sKfLgZj.exe
mRun-x64: [cw0FLUAHgVAGZIS8234A] C:\Windows\system32\gXN38C059r26ZN.exe
mRun-x64: [xlvQZIvQTzb8ku8234A] C:\Windows\system32\aLISHXNDKYPGLVS.exe
mRun-x64: [so8IoKkSHgOD7IS8234A] C:\Windows\system32\zWk1WwS5XA.exe
mRun-x64: [XCUrBPci3Fm5JEg8234A] C:\Windows\system32\twrvmKqBxoGdRqI.exe
mRun-x64: [Hi3Fm5JEgqXUlt08234A] C:\Windows\system32\n7TwOuDaJgqCUrB.exe
mRun-x64: [po4HJEg9XUltNAu8234A] C:\Windows\system32\tJEgqXUlt0.exe
mRun-x64: [Xt3JYPn7Xz2QwA58234A] C:\Windows\system32\vZz3RBbdXtpLr.exe
mRun-x64: [X0aqP4ZysjS8OFK8234A] C:\Windows\system32\CSsYymRz4RzFRz.exe
mRun-x64: [nhP4RtnKI26w8234A] C:\Windows\system32\sIu5hNmRBi6Cu6.exe
mRun-x64: [q8V15hzFZyGhNQe8234A] C:\Windows\system32\B1p8CA38eudCua9.exe
mRun-x64: [CZODJwAHj1Qwv8r8234A] C:\Windows\system32\TNoQTOFLzDKY.exe
mRun-x64: [Lu2Dn4HWf9ZYkr8234A] C:\Windows\system32\naW9XYkrO.exe
mRun-x64: [GwINvFsEZw8234A] C:\Windows\system32\GUtS3m7gYez1nHd.exe
mRun-x64: [iNvFsEZwlNub5WL8234A] C:\Windows\system32\mgYez1nHdZ.exe
mRun-x64: [nlNub5WLj8234A] C:\Windows\system32\GUtS3m7gYez1nHd.exe
mRun-x64: [VfTeOub56RqCIrN8234A] C:\Windows\system32\uoQRVybJ9lAb.exe
mRun-x64: [icsY0mTxoEUcpge8234A] C:\Windows\system32\mQXxaqA5Tt.exe
mRun-x64: [WViWCcHZOvshzoK8234A] C:\Windows\system32\WuQXxaqA5TtpLl3.exe
mRun-x64: [iWf8ZYkrBPci3Fm8234A] C:\Windows\system32\ugqCIlNPciDo.exe
mRun-x64: [Y4HQd8ZYjeBPcu28234A] C:\Windows\system32\OLThwVlt0Svo4ms.exe
mRun-x64: [Jna6KEgqCIlt0Sb8234A] C:\Windows\system32\wIrNtxA0uS.exe
mRun-x64: [HLTqCIlt0SboGm8234A] C:\Windows\system32\VrNtxuS2bp4H.exe
mRun-x64: [STqCIlt0SboGm6J8234A] C:\Windows\system32\yCIrNtxuSbp4HW7.exe
mRun-x64: [ls7LRqXUlt0Avo48234A] C:\Windows\system32\I8hwVOxyS.exe
mRun-x64: [n9jBcDbp5Qd8ZTj8234A] C:\Windows\system32\Xi3n5EZkOyD4s.exe
mRun-x64: [kKXB0pdgkx28234A] C:\Windows\system32\jXtvHKwzDGKwB.exe
mRun-x64: [Rci3F4mH5W7EgqX8234A] C:\Windows\system32\pGa6JEgqCkrB.exe
mRun-x64: [AFW7dEL8ghwUeOz8234A] C:\Windows\system32\Hn6EqkNc3mJgCl.exe
mRun-x64: [hrcFWRVvH8234A] C:\Windows\system32\J1s9r26XO25fYN2.exe
mRun-x64: [vPDmKwtumdTlA3J8234A] C:\Windows\system32\sBim7RVvHEZ.exe
mRun-x64: [wSbp4Hs7LT8234A] C:\Windows\system32\LSbp5Qd7LTjCVO.exe
mRun-x64: [ona6KEgqCIltPc8234A] C:\Windows\system32\Ap5HW7LTjeVzNxu.exe
mRun-x64: [s7LTjwlPSiDGm6J8234A] C:\Windows\system32\pb5W7LTYezNxci3.exe
mRun-x64: [XXkeOzy1DFmsJEg8234A] C:\Windows\system32\tJEgqCUlty1Dna5.exe
mRun-x64: [UopGQd8LTjeBOx08234A] C:\Users\Beata\AppData\Roaming\Bzy1DFmsJE\i9XUeBzy1DbpG.exe
mRun-x64: [RYIltu1Dna7Lgq8234A] C:\Windows\system32\Gxu2Dna6Wf.exe
mRun-x64: [Nu2Fm5aJW8R8234A] C:\Windows\system32\bDoFpGQd8ZTjeBP.exe
mRun-x64: [EYYYjUUVlI8234A] C:\Windows\system32\bttzzP00ycAiv2o.exe
mRun-x64: [bjjUUVelIBt8234A] C:\Windows\system32\dCekIVrzOtAu.exe
mRun-x64: [wRRZZ9hYXwjUVIt8234A] C:\Windows\system32\oIVrzONtx0c2b3.exe
mRun-x64: [ojjjUVVlIBt8234A] C:\Windows\system32\jZqhYCwkUrOtPyS.exe
mRun-x64: [UhhYYjjUVelItzN8234A] C:\Windows\system32\tIzy0v2ib3n5Q6K.exe
mRun-x64: [zeeelIIBtzPNc8234A] C:\Windows\system32\x8gTZqhYCkVlBx.exe
mRun-x64: [U6ddEKK8fRZhTX8234A] C:\Windows\system32\DuvvD22obF4mG5Q.exe
mRun-x64: [U66ddEK8fRZhTw8234A] C:\Users\Beata\AppData\Roaming\bjUUVVelIBt\ZFF44pmmG.exe
mRun-x64: [YjUUCCelIBrzPyA8234A] C:\Users\Beata\AppData\Roaming\bjjUUVlIBtz\l2oobFF4pmG5QJd.exe
mRun-x64: [YjUUCCelIBrzNyA8234A] C:\Users\Beata\AppData\Roaming\bjjUUVelIBt\l2oobFF4pmG5QJd.exe
mRun-x64: [VdddEKK8fRZhTXj8234A] C:\Users\Beata\AppData\Roaming\bjUUVVelIBt\lvDD22obF4pm5sJ.exe
mRun-x64: [uWqNbsZObsqB8234A] C:\Windows\system32\q1mfCAp8U.exe
mRun-x64: [BLVcaLkyFdwPb6T8234A] C:\Windows\system32\JGReAn7Yx3Kj.exe
mRun-x64: [FAn7CPo7Cxo7XPp8234A] C:\Users\Beata\AppData\Roaming\mfwPGfk0Fd\NoJYt2Q9Bv5LIuG.exe
mRun-x64: [WWWWKK8fRL9h8234A] C:\Windows\system32\PKKK8ffRZ9hTwjC.exe
mRun-x64: [NTTXXqjjUCeIBzO8234A] C:\Windows\system32\ymmGG5aaQJ6WKfR.exe
mRun-x64: [W8R9TqUeBzNx8234A] C:\Windows\system32\yb4m5QdKfZhXjCl.exe
mRun-x64: [KR9TqUeBzNx0u8234A] C:\Windows\system32\Zv2b4m5QdKfZhXj.exe
mRun-x64: [oR9TqUeBzNx0u28234A] C:\Windows\system32\m2b4m5QdKfZhXjC.exe
mRun-x64: [KfLTqCkBNAuSb8234A] C:\Windows\system32\A4GsJd8Zh.exe
mRun-x64: [lhCkrOx0ciDoFa58234A] C:\Windows\system32\TqqqjUUCekIrzNy.exe
mRun-x64: [lhwUrBx0ciosLZw8234A] C:\Windows\system32\CWfLTqCkBNA.exe
mRun-x64: [vkVlBPyA1v24msJ8234A] C:\Windows\system32\sTqCkVOtAuS.exe
mRun-x64: [vlPADFpHs7EgZhw8234A] C:\Windows\system32\oHdKf9TqCkVzNAu.exe
mRun-x64: [X9jIP1opGa6WKLT8234A] C:\Windows\system32\H1boGaHWfLgZhwU.exe
mRun-x64: [crPSH8ktc3mJgqX8234A] C:\Windows\system32\QL9gXjCkIzx0c2.exe
mRun-x64: [k9wlzxvF5688234A] C:\Windows\system32\ivnmJKZXVtyubmJ.exe
mRun-x64: [jW9UOu3HRj8234A] C:\Windows\system32\Z0vmdheyoGKTeyS.exe
mRun-x64: [Iez12psERYUBNuo8234A] C:\Windows\system32\U3467ghkOPS345L.exe
mRun-x64: [H8qwrxcvnmJLZCr8234A] C:\Windows\system32\l9jklxSDG.exe
mRun-x64: [aK8LhXjCkBzyAuS8234A] C:\Windows\system32\EBBBrzzPNyx1bp5.exe
mRun-x64: [jYwUeItPc1v2b4m8234A] C:\Windows\system32\iyAiDoFm5QdKg.exe
mRun-x64: [bA2paWRXezxS35d8234A] C:\Windows\system32\SsdgYUIP1245dfh.exe
mRun-x64: [KrOtAuSb3n8234A] C:\Windows\system32\O2ipGQ6dWfLgXjC.exe
mRun-x64: [wHHH66sWJ7fL8Zh8234A] C:\Windows\system32\OSSS1ibbD3nG4.exe
mRun-x64: [xZhXUeBzN1Dob4m8234A] C:\Windows\system32\qeeOt0c1DoFp.exe
mRun-x64: [xZhXjVltPc1voFm8234A] C:\Windows\system32\YltPc1v2npHsJ.exe
mRun-x64: [I5JW8LTqeIzyAui8234A] C:\Windows\system32\F9TTXwjUeIBrxu2.exe
mRun-x64: [gSvo457LZYklt0A8234A] C:\Windows\system32\uuio4HJEghUl.exe
mRun-x64: [i7RL9gTXqYeIrNx8234A] C:\Windows\system32\IvS2iFpnGQ6W.exe
mRun-x64: [AlP1FsKhUrAomJ88234A] C:\Windows\system32\zvnaWLqkOPiF5dR.exe
mRun-x64: [hSmKTIxbQ7XVAbH8234A] C:\Windows\system32\oAFQgjzvpdh.exe
mRun-x64: [Gghez1oGdTePv8234A] C:\Windows\system32\p8YVtc3mJgYez1o.exe
mRun-x64: [XjeBPx1So3maJd88234A] C:\Windows\system32\Zzy1Do4GQ6Ef.exe
mRun-x64: [TRXVBPcu24GQdfh8234A] C:\Windows\system32\qJEgqXVBPcvoFms.exe
mRun-x64: [CbF3pmG5aJdKf9T8234A] C:\Windows\system32\awjUCelIBzNx1v2.exe
mRun-x64: [gPDmdTIxoafqrS8234A] C:\Windows\system32\pnWTktvaEYl1FdZ.exe
mRun-x64: [sEgqYkVOtPSiDoG8234A] C:\Windows\system32\YQ6W7LTqjCkVzNx.exe
mRun-x64: [vEL8gRZqhXkVl8234A] C:\Windows\system32\AlONtxP0uSiDoGa.exe
mRun-x64: [hpHQ7Kg9YweBzyA8234A] C:\Windows\system32\e8gRZqhYwUlBPy.exe
mRun-x64: [ewUeBPyAu2b4Gs8234A] C:\Windows\system32\BweBPc1v2Fm5JdK.exe
mRun-x64: [oNtxA0ucSiDpGaH8234A] C:\Windows\system32\eweBzyAu2b4Gs6.exe
mRun-x64: [oNx0ciDn4QsKE9T8234A] C:\Windows\system32\cXVtyvbG68hU.exe
mRun-x64: [hc1Do4m57E8ZhXA8234A] C:\Windows\system32\kIzNx0ciDn4QsKE.exe
mRun-x64: [bvFsEqkBc2mJgYU8234A] C:\Windows\system32\gaKgCrPiGsEZwl.exe
mRun-x64: [WwNoQRe1G8UNiH98234A] C:\Windows\system32\twtiafqr03HEYO1.exe
mRun-x64: [RlBPciDna5JEgqY8234A] C:\Windows\system32\sLZkOuD4s7LgZh.exe
mRun-x64: [dONtx0SboGm6JfL8234A] C:\Windows\system32\Q6sWK7fELgZjCkV.exe
mRun-x64: [HTqYkrBPciDna5J8234A] C:\Windows\system32\ykVONtx0SboGms.exe
mRun-x64: [Hs6E8R9XjCIzNxu8234A] C:\Windows\system32\U9hYwjUVetPc1D.exe
mRun-x64: [uQ6WfLXjC8234A] C:\Windows\system32\nCkrOx0vi.exe
mRun-x64: [IKRgqCkrNAu28234A] C:\Windows\system32\neBOxu2Fn.exe
mRun-x64: [lna6KEgqYkVOxu18234A] C:\Windows\system32\IKRgqCkrOxuS.exe
mRun-x64: [gDna6JfLTqC8234A] C:\Windows\system32\KOuin6KE9ZYkVOx.exe
mRun-x64: [LEgqCUltPci3Fm58234A] C:\Windows\system32\EqYkVOxu1Dna6.exe
mRun-x64: [BQ78ZhYXUl8234A] C:\Windows\system32\qVOzy1Do4.exe
mRun-x64: [KIltPci3na6Jf8Z8234A] C:\Windows\system32\sNxuSi3GaHs7LTq.exe
mRun-x64: [rNAvo4GQd8234A] C:\Windows\system32\cQ7KRhwUl.exe
mRun-x64: [thqCIzy0Sbp5Hd78234A] C:\Windows\system32\H4Q8TCz1vo3GQd.exe
mRun-x64: [SrNAviFna6W7Lgq8234A] C:\Windows\system32\WjBy1Sbp5JWf9XU.exe
mRun-x64: [n3m7gYez1n5EZwB8234A] C:\Windows\system32\crPiG6EqU.exe
mRun-x64: [h1v2np5JdR9X8234A] C:\Windows\system32\i1Do4HWdLRhwVOz.exe
mRun-x64: [GlzcopQ89wlPuFa8234A] C:\Windows\system32\ZLCOc35LXOcD4QE.exe
mRun-x64: [Ta6KEgqCIlt0ci38234A] C:\Windows\system32\wfLqkOyS3Q7gYVx.exe
mRun-x64: [NSboGms7LTqCVOx8234A] C:\Windows\system32\iSbp46KEgqCIl.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\d2r5nxoa.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\system32\Drivers\FBIOSDRV.sys --> C:\Windows\system32\Drivers\FBIOSDRV.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\drivers\FUJ02E3.sys --> C:\Windows\system32\drivers\FUJ02E3.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gtdetectsc;GtDetectSc Service;C:\Windows\SysWOW64\Gtdetectsc.exe [2011-5-19 196704]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-4 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-28 366152]
S2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2009-7-29 63336]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-1 1153368]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-28 2314240]
S2 UpdateNaviInstallService;UpdateNaviInstallService;C:\Program Files\Fujitsu\updnavi\updnvsrv.exe [2009-9-30 14336]
S2 VFPRadioSupportService;Bluetooth Feature Support;C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\drivers\BthAvrcp.sys --> C:\Windows\system32\drivers\BthAvrcp.sys [?]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys --> C:\Windows\system32\DRIVERS\gt72ubus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-4 136176]
S3 HP1319EWS;HP1319EWS;C:\Windows\system32\Drivers\HP1319EWS.sys --> C:\Windows\system32\Drivers\HP1319EWS.sys [?]
S3 HP1319FAX;HP1319MFP FAX;C:\Windows\system32\Drivers\HP1319FAX.sys --> C:\Windows\system32\Drivers\HP1319FAX.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 PCDSRVC{D2FB0CDC-EC83EFAE-06020000}_0;PCDSRVC{D2FB0CDC-EC83EFAE-06020000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Fujitsu Hardware Diagnostics Tool\pcdsrvc_x64.pkms [2010-3-24 24560]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-09-29 17:26:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\OVrzOtxA0S
2011-09-29 17:26:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\OVrzONxA0S
2011-09-29 17:26:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\djYCeIVrzNx0SiF
2011-09-29 17:26:05 2408448 ----a-w- C:\Users\Beata\AppData\Roaming\java.exe
2011-09-29 17:26:03 2408448 ----a-w- C:\Windows\SysWow64\iSbp46KEgqCIl.exe
2011-09-29 17:26:02 2408448 ----a-w- C:\Windows\SysWow64\wfLqkOyS3Q7gYVx.exe
2011-09-29 17:26:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\Tbp5HWfLTjCIzNx
2011-09-29 17:26:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\p8ZhwUeBPxu2bp5
2011-09-29 17:26:00 2408448 ----a-w- C:\Windows\SysWow64\ZLCOc35LXOcD4QE.exe
2011-09-29 17:24:59 2408448 ----a-w- C:\Windows\SysWow64\kIzNx0ciDn4QsKE.exe
2011-09-29 17:23:57 2408448 ----a-w- C:\Windows\SysWow64\U3467ghkOPS345L.exe
2011-09-29 17:22:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\mfwPGfk0Fd
2011-09-29 17:21:59 2408448 ----a-w- C:\Windows\SysWow64\LSbp5Qd7LTjCVO.exe
2011-09-29 17:20:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\TP368kPnJhO1pdh
2011-09-29 13:53:46 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-09-29 13:46:56 2408448 ----a-w- C:\Windows\SysWow64\mnG4aQH6sKfLgZj.exe
2011-09-29 13:46:47 2408448 ----a-w- C:\Windows\SysWow64\bcS1ibD3oGaHsJf.exe
2011-09-29 13:46:37 2408448 ----a-w- C:\Windows\SysWow64\RucS1ibD3n4m6W.exe
2011-09-29 13:46:28 2408448 ----a-w- C:\Windows\SysWow64\PYCwkIVrlNx0c1.exe
2011-09-29 13:46:18 2408448 ----a-w- C:\Windows\SysWow64\f8gTZqhYCkVlBx0.exe
2011-09-29 13:46:08 2408448 ----a-w- C:\Windows\SysWow64\xnG4amH6sJfLgZh.exe
2011-09-29 13:45:58 2408448 ----a-w- C:\Windows\SysWow64\YrlONtxP0c1b3n4.exe
2011-09-29 13:45:49 2408448 ----a-w- C:\Windows\SysWow64\vfEL8gTZqYwUrOt.exe
2011-09-29 13:45:39 2408448 ----a-w- C:\Windows\SysWow64\L3onG4amHsJfLgZ.exe
2011-09-29 13:45:29 2408448 ----a-w- C:\Windows\SysWow64\PrlONtxP0c1b3n4.exe
2011-09-29 13:45:19 2408448 ----a-w- C:\Windows\SysWow64\v9gTZqjYCkVlNx0.exe
2011-09-29 13:45:10 2408448 ----a-w- C:\Windows\SysWow64\sEL8gTZqhCkVlB.exe
2011-09-29 13:45:00 2408448 ----a-w- C:\Windows\SysWow64\H6sWJ7fELgZhCkV.exe
2011-09-29 13:44:51 2408448 ----a-w- C:\Windows\SysWow64\j0ucS1ibDoGaHsJ.exe
2011-09-29 13:44:41 2408448 ----a-w- C:\Windows\SysWow64\DYCwkUVrlBx0c1v.exe
2011-09-29 13:44:31 2408448 ----a-w- C:\Windows\SysWow64\I4amH6sWJfLgZhC.exe
2011-09-29 13:44:21 2408448 ----a-w- C:\Windows\SysWow64\GxP0ucS1iDoGaHs.exe
2011-09-29 13:44:12 2408448 ----a-w- C:\Windows\SysWow64\sqhYCwkUVlBx0c1.exe
2011-09-29 13:44:02 2408448 ----a-w- C:\Windows\SysWow64\Q3onG4amHsJfLgZ.exe
2011-09-29 13:43:42 2408448 ----a-w- C:\Windows\SysWow64\U6sWJ7fELgZhCk.exe
2011-09-29 13:43:32 2408448 ----a-w- C:\Windows\SysWow64\k9gTZqjYCkVlNx0.exe
2011-09-29 13:43:22 2408448 ----a-w- C:\Windows\SysWow64\NRL9gTXqjCkVzN.exe
2011-09-29 13:43:12 2408448 ----a-w- C:\Windows\SysWow64\p5aQH6dWKfLgXjC.exe
2011-09-29 06:02:14 -------- d-sh--w- C:\found.000
2011-09-29 01:16:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\Malwarebytes
2011-09-29 01:16:50 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-29 01:16:20 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-29 01:16:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-29 01:10:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\QlONtxP0uSiDoG
2011-09-29 01:10:00 2423808 ----a-w- C:\Windows\SysWow64\ArzONyxA0v2b3n5.exe
2011-09-29 01:08:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\ICekIBrzOyAu
2011-09-29 01:00:32 2423808 ----a-w- C:\Windows\SysWow64\VwkUVelOBz0c1v2.exe
2011-09-29 01:00:31 -------- d-----w- C:\Users\Beata\AppData\Roaming\lsWJ7dEL8RqY
2011-09-29 01:00:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\p1ibD3onGaHsJfL
2011-09-29 01:00:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZF4amH5sW7E8
2011-09-29 01:00:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\q2ibD3pnGaHdKfL
2011-09-29 00:59:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\dK8fRZ9hTwUeIrP
2011-09-29 00:59:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\PjYCekIVrOtAuS
2011-09-29 00:58:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\azPNyxA1uSoFpGa
2011-09-29 00:58:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\WA1ivD2on4m5Q7E
2011-09-29 00:58:22 -------- d-----w- C:\Users\Beata\AppData\Roaming\qdEK8gRZ9
2011-09-29 00:58:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\E0ycS1ivDoFaHsJ
2011-09-29 00:58:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\ElONtxP0uSiDoGa
2011-09-29 00:57:51 -------- d-----w- C:\Users\Beata\AppData\Roaming\ChYCwkUVrOtPySi
2011-09-29 00:57:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\XrlOBtxP0c1v3
2011-09-29 00:57:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\NrzONyxA0v2
2011-09-29 00:56:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\JPNycA1uv2b4m5Q
2011-09-29 00:56:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\VrlOBtxP0
2011-09-29 00:56:33 -------- d-----w- C:\Users\Beata\AppData\Roaming\melOBtzP0c1v2
2011-09-29 00:56:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\tYXwkUVelBz0c1v
2011-09-29 00:56:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\LUCelIBrzNx
2011-09-29 00:56:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\opnG5aQH6W7R9T
2011-09-29 00:55:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\y9hTXwjUClBzNx1
2011-09-29 00:55:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\Y7fEL8gTZh
2011-09-29 00:55:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\lD2onF4pm5Q7E8R
2011-09-29 00:55:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\ywkUVelOBz0c1Do
2011-09-29 00:55:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\jS2obF3pm5Q6W8R
2011-09-29 00:54:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\oL9gTZqjYwIrOt
2011-09-29 00:54:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\UA0uvSibFpGaHd
2011-09-29 00:54:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\SS1ivD3on4m5W
2011-09-29 00:54:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\vobF3pmG5Q6W8
2011-09-29 00:54:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\O6sWJ7fELgZhCkV
2011-09-29 00:54:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\WWJ7fEL8gZhCkVl
2011-09-29 00:54:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\oqhYXwkUVlB
2011-09-29 00:53:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\TS2obF3pm
2011-09-29 00:53:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\YnG4amH6sJ
2011-09-29 00:53:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\vekIBrzONx0v2b3
2011-09-29 00:53:27 -------- d-----w- C:\Users\Beata\AppData\Roaming\qNtxP0ucS
2011-09-29 00:53:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\vaQJ6dWK8R9Tq
2011-09-29 00:53:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\NQJ7dEK8gZhXjVl
2011-09-29 00:53:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\mpnG4aQH6W7E9
2011-09-29 00:53:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\DvS2obF3pGaJdK
2011-09-29 00:52:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\m8gRZqhYXkVlBz0
2011-09-29 00:52:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\wvS2ibF3pGaHdKf
2011-09-29 00:52:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\velIBrzPNx1v2
2011-09-29 00:52:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\gnG4aWK7fLgZjCk
2011-09-29 00:52:22 -------- d-----w- C:\Users\Beata\AppData\Roaming\ewjUCelIBzNx1v
2011-09-29 00:52:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\XZqhYXwkUeOtPyA
2011-09-29 00:52:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\JwkUVrlOB
2011-09-29 00:52:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\AXqjYCekIrOt
2011-09-29 00:51:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\JsQJ6dEK8
2011-09-29 00:51:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\VtxP0ucS1b3n4m6
2011-09-29 00:51:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\WRZ9hYXwj
2011-09-29 00:51:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\djUCekIBrOyAuSi
2011-09-29 00:51:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\sQH6dWKfLgXjCk
2011-09-29 00:51:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\C6dEK8fRZhXjClB
2011-09-29 00:51:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\kEL8gTZqhCkVlB
2011-09-29 00:50:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\ehYXwkUVeOtPyAi
2011-09-29 00:50:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\XlOBtzP0yAiDoFp
2011-09-29 00:50:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\SEK8gRZ9hXjVlBz
2011-09-29 00:50:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\u9hTXwjUClBzNx1
2011-09-29 00:50:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\SK7fEL9gTqYwIrO
2011-09-29 00:49:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\qbF3pnG5Q6W7
2011-09-29 00:49:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\DhYCwkUVrOt
2011-09-29 00:49:39 -------- d-----w- C:\Users\Beata\AppData\Roaming\YucS1ibD3n4m6W7
2011-09-29 00:49:30 -------- d-----w- C:\Users\Beata\AppData\Roaming\rsQJ7dEK8R9YwUe
2011-09-29 00:49:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\DekIVrzONx0
2011-09-29 00:49:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\DtxP0ucS1boGaHs
2011-09-29 00:49:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\PycA1ivD2n4m5Q7
2011-09-29 00:48:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\HCekIVrzOtAuSi
2011-09-29 00:48:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\ixP0ucS1iDoGaHs
2011-09-29 00:48:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\z5aQJ6dWKfLhXjC
2011-09-29 00:48:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\zXqjYCekIr
2011-09-29 00:48:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\sUVrlOBtx0c1v3
2011-09-29 00:48:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\kfRZ9hTXwUeIrPy
2011-09-29 00:47:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\b8fRL9hTXjCkBz
2011-09-29 00:47:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\QH5sQJ7dE8R9YwU
2011-09-29 00:47:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\a9hTXqjUCkBzNx0
2011-09-29 00:47:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\AJ6dWK8fR
2011-09-29 00:47:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\a1ibD3onGaHsJ
2011-09-29 00:47:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\t1uvD2obFp
2011-09-29 00:47:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\EpnG5aQH6W7R9Tq
2011-09-29 00:46:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\oQJ7dEK8gZhXjVl
2011-09-29 00:46:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\ATXqjYCekVzNx0c
2011-09-29 00:46:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\NbF4pmG5sJdKfZ
2011-09-29 00:46:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\iTZqhYCwkVlBx0c
2011-09-29 00:46:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\kpnG4aQH6W7E9T
2011-09-29 00:46:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\g4pmG5sQJdKfZhX
2011-09-29 00:46:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\N6dWK8fRLhXjCk
2011-09-29 00:46:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZcA1ivD2o
2011-09-29 00:45:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\WrlOBtxP0
2011-09-29 00:45:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\AekIVrzONx0c
2011-09-29 00:45:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\BhTXwjUCeIrPy
2011-09-29 00:45:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\FmH5sWJ7d
2011-09-29 00:45:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\zyxA0uvS2b
2011-09-29 00:45:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\bNycA1uvDoFpGs
2011-09-29 00:45:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\fA0ucS2ib3n4Q
2011-09-29 00:44:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\HuvD2obF4m5Q6E8
2011-09-29 00:44:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\fpmG5sQJ6E
2011-09-29 00:44:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\QfEL8gTZqYw
2011-09-29 00:44:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\sQH6sWK7fLg
2011-09-29 00:44:30 -------- d-----w- C:\Users\Beata\AppData\Roaming\CVelIBtzPyAuDo
2011-09-29 00:44:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\qwjUVelIBzNc
2011-09-29 00:44:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\EjUVelIBtP
2011-09-29 00:44:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\HgTZqhYCwUrOt0
2011-09-29 00:44:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\mS1ibD3on4
2011-09-29 00:44:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\nG5aQJ6dW8R9
2011-09-29 00:44:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\n8gRZhYXkVlB
2011-09-29 00:43:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\G7fRL9gTXjCkVzN
2011-09-29 00:43:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\tivD2onF4m
2011-09-29 00:43:27 -------- d-----w- C:\Users\Beata\AppData\Roaming\Y1uvS2obFpGaJdK
2011-09-29 00:43:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\EyxA0uvS2b3n5Q6
2011-09-29 00:43:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\WibF3pnG5Q6W
2011-09-29 00:43:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\N7fEL9gTZjCkVl
2011-09-29 00:43:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\eucS1ibD3n4
2011-09-29 00:43:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\yWJ7dEL8gZhXkV
2011-09-29 00:43:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\B4amH5sWJdLgZhX
2011-09-29 00:42:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\kK8fRZ9hTwUeIrP
2011-09-29 00:42:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\h2onF4pmH
2011-09-29 00:42:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\K2onF4pmHs
2011-09-29 00:42:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\oWK7fELgTqY
2011-09-29 00:42:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\t6dEK8fRZhXjClB
2011-09-29 00:42:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\lpmG5sQJ6EfZ
2011-09-29 00:42:27 -------- d-----w- C:\Users\Beata\AppData\Roaming\sD3onF4am5W7E8R
2011-09-29 00:42:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\RqjUCekIBzNAuoF
2011-09-29 00:42:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\OK8fRZ9hTwUeIrP
2011-09-29 00:42:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\n6dWK7fRLgXYeIr
2011-09-29 00:42:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\GEK8fRZ9hX
2011-09-29 00:40:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\whYCwkUVrOtPySi
2011-09-29 00:39:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\rG5sQJ6dE8R9TwU
2011-09-29 00:38:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\lCekIVrzOtAuSiD
2011-09-29 00:37:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\P8gRZ9hYXjV
2011-09-29 00:36:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\DqjYCekIVzNx0c2
2011-09-29 00:35:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\EEK8fRZ9hX
2011-09-29 00:34:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\TtxP0ucS1
2011-09-29 00:33:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\OD3onF4ams
2011-09-29 00:32:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\bycA1uvD2b4
2011-09-29 00:31:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\J3pmG5aQJdKf
2011-09-29 00:30:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\aK8fRZ9hTw
2011-09-29 00:29:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\ConF4pmH5Q7E8R9
2011-09-29 00:28:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\jpm5aQJ6dKfLhXj
2011-09-29 00:27:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\CWK8fRL9hXjCkBz
2011-09-29 00:26:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\mpnG5aQH6W7R9
2011-09-29 00:25:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\RK7fEL9gTqYwIr
2011-09-29 00:24:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\R55aJdKf9TjCkrN
2011-09-29 00:23:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\yCekIVrzOtA
2011-09-28 19:26:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\nbF3pmG5a
2011-09-28 19:26:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\HzPyx1uvSoFpGaJ
2011-09-28 19:26:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\BzONyxA0uSiFp
2011-09-28 19:26:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\rkltPci2Fms7KRh
2011-09-28 19:26:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\ikltPci2Fms7KRh
2011-09-28 19:26:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\DkltPci2Fms7KRh
2011-09-28 19:26:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\vkltPci2Fms7KRh
2011-09-28 19:26:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\DwkeBPci2Fms7KR
2011-09-28 19:26:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\mEzpT0dkSsCc6qx
2011-09-28 19:24:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\a0Hju6I3T0HwvEB
2011-09-28 19:23:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\qm6RqIyvFG6fTeO
2011-09-28 19:22:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\zO4Y1EzGeF90KOH
2011-09-28 19:21:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\Gv2n4m5Q78
2011-09-28 19:20:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\o17lFqyQeDKI2WC
2011-09-28 19:19:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\Z2bF35aQHWfLgXY
2011-09-28 19:18:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZAvo4p5JEf9TjeB
2011-09-28 18:01:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\Sybe
2011-09-28 18:01:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\Orecni
2011-09-28 16:25:02 1728000 ----a-w- C:\Windows\SysWow64\GK8fRZ9hTw.exe
2011-09-28 16:25:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\N1uvD2obFpGsJd
2011-09-28 16:23:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\c3pnG5aQHdKf
2011-09-28 16:23:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\DQJ7dEK8gZhXjVl
2011-09-28 16:23:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\K6sWJ7fELgZhCkV
2011-09-28 16:23:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\IVrlOBtxPySi
2011-09-28 16:23:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\DgRZqhYXwUeOtPy
2011-09-28 16:23:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\ejUVelIBtPyAuD
2011-09-28 16:23:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZF4pmG5sQ6E8R9T
2011-09-28 16:23:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\btzP0ycA1v2n4m5
2011-09-28 16:23:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\PyxA1uvS2b3m5Q6
2011-09-28 16:23:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\ojUVelIBtPyAuDo
2011-09-28 16:23:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\P2ibF3pnGaHdKfL
2011-09-28 16:21:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\qbF3pnG5a
2011-09-28 16:20:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\AGa6Jf8ZYkrNxuS
2011-09-28 16:19:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\naQH6sWK7E9TqYw
2011-09-28 16:19:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\LG4aQH6sW7E9TqY
2011-09-28 16:19:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\tcS1ivD3oFaHs
2011-09-28 16:18:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\FcA1ivD2oFpHsJd
2011-09-28 16:18:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\YWK7fEL9gZjCkVl
2011-09-28 16:18:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\naQJ6dWK8R9TqUe
2011-09-28 16:18:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\paQJ6dWK8R9TqUe
2011-09-28 16:16:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\jekkIIVrzO
2011-09-28 16:15:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\JuvS2obF3m5Q
2011-09-28 02:22:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\W88ffRZ99hXwjCl
2011-09-28 02:22:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\jP00yycA1i
2011-09-28 02:22:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\NUVVeelOBtz
2011-09-28 02:22:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\JiivvD3ooF4am5W
2011-09-28 02:22:32 -------- d-----w- C:\Users\Beata\AppData\Roaming\fddEEL8ggRqhYwk
2011-09-28 02:22:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\wBBttzPNycAuvDo
2011-09-28 02:22:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\pAAA1uuvD2ob4pG
2011-09-28 02:22:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\UfffRLL9gTXqYCk
2011-09-28 02:21:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\tWWWK77fRL9gXjY
2011-09-28 02:21:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\QiibbF3ppn5aQ6d
2011-09-28 02:21:27 -------- d-----w- C:\Users\Beata\AppData\Roaming\eTXqjUCekBOAuSi
2011-09-28 02:21:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\WqhYCwkUVlBx0c1
2011-09-28 02:21:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\sD3onG4am6W
2011-09-28 02:20:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\N4amH5sWJdL
2011-09-28 02:20:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZNyxA0uvSiFp
2011-09-28 02:20:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\oxA1uvS2oFpGaJd
2011-09-28 02:20:02 -------- d-----w- C:\5bd139ae8cd6cb01eae70554
2011-09-28 02:19:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\fK8fRL9hTq
2011-09-28 02:19:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\DJ6dWK8fR9TqUeI
2011-09-28 02:19:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\YpmG5aQJ6W8R9
2011-09-28 02:19:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\eelIBrzPNx1v2b3
2011-09-28 02:19:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\vzONyxA0uSiFp
2011-09-28 02:19:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\ARL9gTXqjCkV
2011-09-28 02:19:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\uQH6sWK7fLgZjCk
2011-09-28 02:19:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\zivD3onF4m5W7
2011-09-28 02:19:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\wXwkUVelOt
2011-09-28 02:18:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\xonG4amH6W7E8T
2011-09-28 02:18:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\ebD3pnG4aHsKfL
2011-09-28 02:18:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\aQH6sWK7fLgZjCk
2011-09-28 02:18:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\s3onG4amHsJfLgZ
2011-09-28 02:18:39 -------- d-----w- C:\Users\Beata\AppData\Roaming\U0ycS1ivDoFaHsJ
2011-09-28 02:18:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\HXwkUVelOtPyAiD
2011-09-28 02:18:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\UnG5aQH6dKfLgXj
2011-09-28 02:18:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\QA1uvD2ob4m5Q6E
2011-09-28 02:18:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\pYXwkUVelBz0c1v
2011-09-28 02:18:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\OJ7dEK8gR9YwUeI
2011-09-28 02:18:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\dvD3onF4a
2011-09-28 02:18:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\sRZ9hYXwjVlBzN
2011-09-28 02:16:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\cmH5sQJ7dKgZhXj
2011-09-28 02:15:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\Z6sWJ7fELgZhCkV
2011-09-28 02:14:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\NF3ppGGaQH6W7RT
2011-09-28 02:13:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\JaQH6sWK7E9TqYw
2011-09-28 02:12:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\OQJ7dEK8gZ
2011-09-28 02:11:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\gwjUCelIBzNx1v2
2011-09-28 02:10:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\RqjUCekIBzNx0v
2011-09-28 02:09:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\ftxA0ucS2b3n4Q6
2011-09-28 02:08:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\tlOBtzP0yA
2011-09-28 02:08:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\fTXqjYCekVzNx0c
2011-09-28 02:08:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\cUVrlOBtx0c1v3n
2011-09-28 02:08:30 -------- d-----w- C:\Users\Beata\AppData\Roaming\lkIVrzONtAuSiDp
2011-09-28 02:08:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\urzONyxA0v2b3n5
2011-09-28 02:08:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\YWK8fRL9hX
2011-09-28 02:08:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\RlOBzP0c1voFpHs
2011-09-28 02:08:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\ghYXwjUVeIt
2011-09-28 02:08:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\B9hYXwjUVl
2011-09-28 02:08:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\kxA0ucS2iDpGaHs
2011-09-28 02:06:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\uOBtzP0yc
2011-09-28 02:05:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\wWK7fRL9gXjCkVO
2011-09-28 02:04:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\IS1ibD3on4m6
2011-09-28 02:04:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\WTZqjYCwkVlNx0c
2011-09-28 02:02:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\eXYkrNxu2bp
2011-09-28 02:01:51 -------- d-----w- C:\Users\Beata\AppData\Roaming\I2GKXIAb58XBxi5
2011-09-28 02:00:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\NJ7dEL8gRqY
2011-09-28 01:59:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\OekIVrzONx0c2b3
2011-09-28 01:58:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\SP0ucS1ib3n4m6W
2011-09-28 01:57:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\jP0ycA1iv2n4m5Q
2011-09-28 01:57:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\tS2ibD3pn4Q6W7E
2011-09-28 01:57:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\yIBrzPNyx1v2b3m
2011-09-28 01:57:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\dobF4pmG5Q6E8R9
2011-09-28 01:57:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\k0ycA1ivDoFpHsJ
2011-09-28 01:57:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\VJ7dEL8gRqYw
2011-09-28 01:57:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\uONtxP0uc
2011-09-28 01:57:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\oaQJ6dWK8R9TqUe
2011-09-28 01:57:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\fH5sQJ7dE8
2011-09-28 01:57:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\E5sQJ7dEKg
2011-09-28 01:57:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\x7LTjwVONx0c1b3
2011-09-28 01:57:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\iNtxP0ucSiDoGaH
2011-09-28 01:57:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\DUVrlOBtx0c1v3
2011-09-28 01:55:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\YivD3onF4m5W7E8
2011-09-28 01:55:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\ylOBtzP0yAiDoFp
2011-09-28 01:55:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\wVrzONtxAuSiDpG
2011-09-28 01:55:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\c2ibD3pnGaHsKfL
2011-09-28 01:55:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\kmH5sQJ7dKgZhXj
2011-09-28 01:55:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\PQQHH6ddWKfRLgT
2011-09-28 01:55:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\HZZqqjYCwkIVrOt
2011-09-28 01:55:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\sQJ7dEK8gZhXjVl
2011-09-28 01:53:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\YobF3pmG5Q6W8
2011-09-28 01:52:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\hH5sQJ7dE8Rq
2011-09-28 01:52:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\q3onF4amHsJd
2011-09-28 01:52:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\cYCwkIVrlNx0c1b
2011-09-28 01:52:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZekIVrzON
2011-09-28 01:52:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\mIVrzONtx0
2011-09-28 01:52:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\GVrzONtxAu
2011-09-28 01:52:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\wkIBrzONyAuSi
2011-09-28 01:52:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\c0ycA1ivDoFpHsJ
2011-09-28 01:52:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\F4amH6sWJfLgZhC
2011-09-28 01:52:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\H6dWK7fRLgXjCkV
2011-09-28 01:52:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\bA1uvS2ob3m
2011-09-28 01:52:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\czPNyxA1uSoFpGa
2011-09-28 01:50:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\YBtzP0ycAiDoFpH
2011-09-28 01:49:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\NxP0ycS1iDoFaHs
2011-09-28 01:48:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\S0c1iv3n4HsJdLg
2011-09-28 01:47:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\zXwwkkUVel
2011-09-28 01:46:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\hBBBrzzPN
2011-09-28 01:45:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\LRZqhYXwkVlBz0c
2011-09-28 01:44:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\jBrzy1So3G
2011-09-28 01:40:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\bsssWWJ7dEL8RZ
2011-09-28 01:40:02 -------- d-----w- C:\Program Files (x86)\Minibar
2011-09-28 01:40:00 -------- d-----w- C:\Program Files (x86)\FaceSmooch Smileys
2011-09-28 01:39:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\YzzzPPNycA1uD2b
2011-09-28 01:39:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\snnG55aQH6d
2011-09-28 01:39:41 -------- d-----w- C:\Program Files (x86)\Surf Canyon
2011-09-28 01:39:38 -------- d-----w- C:\ProgramData\Babylon
2011-09-28 01:39:36 -------- d-----w- C:\Program Files (x86)\PriceGong
2011-09-28 01:39:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\EaaaQHH6dWK7RLg
2011-09-28 01:39:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\RJJ66dEK8fRZ9T
2011-09-28 01:39:22 -------- d-----w- C:\Users\Beata\AppData\Roaming\dxxPP0ucS1ib3oG
2011-09-28 01:39:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\VbbDD3ppnGaQ6sK
2011-09-28 01:39:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\y3ppnGG5aHdWfR9
2011-09-28 01:38:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZaQQJJdW8LTqUeI
2011-09-28 01:38:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\q111ivvD3onF
2011-09-28 01:38:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\NkkIIVrrlONxPuS
2011-09-28 01:38:20 -------- d-----w- C:\Users\Beata\AppData\Roaming\eYYXXwkkUVlOBz
2011-09-28 01:38:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\zkkUUVelOB
2011-09-28 01:38:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\RoonnG4amH6
2011-09-28 01:37:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\x00yycS11iD
2011-09-28 01:37:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\vTXXqqjYCe
2011-09-28 01:37:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\LbbbF33pmG5QJ6
2011-09-28 01:37:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\n00yycS11vD3
2011-09-28 01:37:20 -------- d-----w- C:\Users\Beata\AppData\Roaming\AbbD3oonGamHsW7
2011-09-28 01:37:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\RDD33oonF4m
2011-09-28 01:37:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\rtttxPP0ucSib3o
2011-09-28 01:37:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\iccSS2iibD
2011-09-28 01:36:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\pccAA1uvD2obFpG
2011-09-28 01:36:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\SIIBBrzzPy
2011-09-28 01:36:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\fHH55sQJJ7EK8
2011-09-28 01:36:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\VhhhYXXwjUelItz
2011-09-28 01:36:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\KnnFF4pmH5sJ7EK
2011-09-28 01:36:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\UpppnGGaQH6dW7
2011-09-28 01:36:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\cvDD33onF4am
2011-09-28 01:36:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\WAA00uvvS2iF3nG
2011-09-28 01:35:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\e88ggRZZqhXwUV
2011-09-28 01:35:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\SNNyyxAA0uv2iF3
2011-09-28 01:35:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\E66ssWK7fEL9gZj
2011-09-28 01:35:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\aPP00ucS1ibD3
2011-09-28 01:35:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\KkkIIBrrzOyxA
2011-09-28 01:35:32 -------- d-----w- C:\Users\Beata\AppData\Roaming\SfRRZZ9hTXwjClB
2011-09-28 01:35:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\HellIBBrzPN
2011-09-28 01:35:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\iqqqjUUCekIry
2011-09-28 01:35:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\xfRRZZ9hTXwjCe
2011-09-28 01:35:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\ffffRLL9hTXqUCk
2011-09-28 01:35:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\lKKK8fRRL9TXqeI
2011-09-28 01:33:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\lkkkIVVrzONtA0c
2011-09-28 01:32:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\U66ssWJ7fEL8gZh
2011-09-28 01:31:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\CYYXXwkkUVlOBz0
2011-09-28 01:30:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\ixPP00ucS1ib3oG
2011-09-28 01:29:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\njYYCCekIVrzNtA
2011-09-28 01:28:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\slOONNtxP0uc1iD
2011-09-28 01:27:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\nBBrrzOONyx0uSi
2011-09-28 01:26:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\cYYYCwwkUVrO
2011-09-28 01:25:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\X44aaQHH6sW7fL9
2011-09-28 01:24:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\WfffELL9gTZq
2011-09-28 01:24:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\OVVVellOBtx0y
2011-09-28 01:24:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZAAA1uuvD2ob
2011-09-28 01:24:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\rrrrzOONyxA0
2011-09-28 01:24:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\zlllONNtxP0cS1b
2011-09-28 01:24:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\HEELL8ggRZq
2011-09-28 01:24:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\EIIIBBtzPNyc1
2011-09-28 01:20:54 -------- d-----we C:\Windows\system64
2011-09-21 06:38:56 -------- d-----w- C:\Users\Beata\riotsGamesLogs
2011-09-21 06:38:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\LolClient
2011-09-21 06:15:25 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2011-09-21 06:15:25 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2011-09-21 06:15:25 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-09-21 06:15:25 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-09-21 06:15:25 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-09-21 02:00:03 -------- d-----w- C:\Users\Beata\AppData\Local\PMB Files
2011-09-21 02:00:01 -------- d-----w- C:\ProgramData\PMB Files
2011-09-21 01:59:40 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-09-17 16:13:41 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2011-09-14 14:46:25 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-09-06 01:33:49 -------- d-----w- C:\Users\Beata\AppData\Local\Real
2011-09-06 01:32:58 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-09-06 01:32:43 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-09-02 05:02:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-09-02 05:02:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-09-02 03:36:52 0 ---ha-w- C:\Users\Beata\AppData\Local\BITDBFC.tmp
2011-09-02 03:05:07 0 ---ha-w- C:\Users\Beata\AppData\Local\BIT116E.tmp
2011-08-31 22:45:46 0 ----a-w- C:\Users\Beata\AppData\Local\tvxk.exe
2011-08-31 22:45:46 0 ----a-w- C:\Users\Beata\AppData\Local\nwbg.exe
2011-08-31 22:45:46 0 ----a-w- C:\Users\Beata\AppData\Local\mklp.exe
2011-08-31 22:45:46 0 ----a-w- C:\Users\Beata\AppData\Local\koch.exe
2011-08-31 22:45:46 0 ----a-w- C:\ProgramData\pegg.exe
2011-08-31 22:45:46 0 ----a-w- C:\ProgramData\obxp.exe
2011-08-31 22:45:46 0 ----a-w- C:\ProgramData\msbi.exe
2011-08-31 22:45:46 0 ----a-w- C:\ProgramData\cvuc.exe
.
==================== Find3M ====================
.
2011-09-29 17:24:57 2408448 ----a-w- C:\Windows\SysWow64\eweBzyAu2b4Gs6.exe
2011-09-29 17:23:54 2408448 ----a-w- C:\Windows\SysWow64\Z0vmdheyoGKTeyS.exe
2011-09-29 17:22:44 2408448 ----a-w- C:\Windows\SysWow64\JGReAn7Yx3Kj.exe
2011-09-29 17:21:59 2408448 ----a-w- C:\Windows\SysWow64\Ap5HW7LTjeVzNxu.exe
2011-09-29 17:20:58 2408448 ----a-w- C:\Windows\SysWow64\tJEgqXUlt0.exe
2011-09-29 17:20:57 2408448 ----a-w- C:\Windows\SysWow64\n7TwOuDaJgqCUrB.exe
2011-09-29 17:20:56 2408448 ----a-w- C:\Windows\SysWow64\twrvmKqBxoGdRqI.exe
2011-09-29 17:20:56 2408448 ----a-w- C:\Windows\SysWow64\CSsYymRz4RzFRz.exe
2011-09-29 17:20:52 2408448 ----a-w- C:\Windows\SysWow64\vZz3RBbdXtpLr.exe
2011-09-29 17:20:49 2408448 ----a-w- C:\Windows\SysWow64\zWk1WwS5XA.exe
2011-09-29 17:20:48 2408448 ----a-w- C:\Windows\SysWow64\aLISHXNDKYPGLVS.exe
2011-09-29 17:20:47 2408448 ----a-w- C:\Windows\SysWow64\gXN38C059r26ZN.exe
2011-09-29 01:10:06 2423808 ----a-w- C:\Windows\SysWow64\Of9XUlrNAv.exe
2011-09-29 01:10:03 2423808 ----a-w- C:\Windows\SysWow64\a8ZhwVIzN1DoF.exe
2011-09-28 01:48:12 2456064 ----a-w- C:\Windows\SysWow64\dLL88gRZZ.exe
2011-09-06 01:32:42 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:30:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 10:42:49.41 ===============

#6 Ervin T

Ervin T
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 29 September 2011 - 03:33 PM

Any input would be greatly appreciated. Thank you!

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,849 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:24 AM

Posted 29 September 2011 - 07:45 PM

I know it's frustrating, but it will likely be a few days before a team member can get to you given the vast number of folks in need of assistance.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#8 Ervin T

Ervin T
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 29 September 2011 - 08:22 PM

I know it's frustrating, but it will likely be a few days before a team member can get to you given the vast number of folks in need of assistance.

It sure is! I will check again tomorrow morning. Thank you.

#9 Ervin T

Ervin T
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 03 October 2011 - 01:41 PM

I just started scanning with SuperAntispyware program and followed instructions from other posts in hopes that I can get rid of this problem. I will post the log once done and hope someone can help me. Thank you.

#10 Ervin T

Ervin T
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 03 October 2011 - 07:38 PM

Hello again. After reading post's from other members, I decided to try to get rid of OpenCloud Security myself. I've ran RKILL, SUPERAntispyware, and Malwarebytes and it seems it did the job. OpenCloud Security has not yet shown itself after several shutdowns and restarts which happened before. Below is the DDS log and just need to know whether my system is clean or will require any additional work. Thank you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Beata at 17:17:55 on 2011-10-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1973.591 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\gtdetectsc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
C:\Program Files\Fujitsu\updnavi\updatenv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Beata\AppData\Roaming\Orvo\yzasliy.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://hk.fujitsu.com/pc
mWinlogon: Userinit=userinit.exe,
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Fast Search: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: MinibarBHO: {aa74d58f-acd0-450d-a85e-6c04b171c044} - C:\Program Files (x86)\Minibar\Kango.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Minibar: {d6598005-a921-4f83-b6e6-f4f030d1bf37} - C:\Program Files (x86)\Minibar\Kango.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [{DD01E221-DF47-D58A-6118-41F14D43F8AF}] C:\Users\Beata\AppData\Roaming\Orvo\yzasliy.exe
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [MozillaAgent] C:\Windows\Temp\kghjdfg.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [win2119b744] C:\Windows\TEMP\win2119b744.exe
dRun: [65C4] \\.\globalroot\Device\HarddiskVolume3\Windows\Temp\65C4.tmp
dRun: [jWqESRYNHMTQic.exe] C:\ProgramData\jWqESRYNHMTQic.exe
dRun: [TjeFyKiisljRsSN.exe] C:\ProgramData\TjeFyKiisljRsSN.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8AE60E6A-16FA-4202-8817-5F187EC16077} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\039364850383036363734353 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\0527A79776F64616 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\44554494 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\4505D2C494E4B4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\4505D2C494E4B4F5547383542373 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\46C696E6B6 : DhcpNameServer = 192.168.1.254 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Fast Search: {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO-X64: IE BHO Utility - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll
BHO-X64: Minibar BHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Minibar: {D6598005-A921-4F83-B6E6-F4F030D1BF37} - C:\Program Files (x86)\Minibar\Kango.dll
mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun-x64: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun-x64: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun-x64: [YouCam Mirror Tray icon] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [MozillaAgent] C:\Windows\Temp\kghjdfg.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\d2r5nxoa.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\system32\Drivers\FBIOSDRV.sys --> C:\Windows\system32\Drivers\FBIOSDRV.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\drivers\FUJ02E3.sys --> C:\Windows\system32\drivers\FUJ02E3.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\drivers\BthAvrcp.sys --> C:\Windows\system32\drivers\BthAvrcp.sys [?]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys --> C:\Windows\system32\DRIVERS\gt72ubus.sys [?]
S3 HP1319EWS;HP1319EWS;C:\Windows\system32\Drivers\HP1319EWS.sys --> C:\Windows\system32\Drivers\HP1319EWS.sys [?]
S3 HP1319FAX;HP1319MFP FAX;C:\Windows\system32\Drivers\HP1319FAX.sys --> C:\Windows\system32\Drivers\HP1319FAX.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 PCDSRVC{D2FB0CDC-EC83EFAE-06020000}_0;PCDSRVC{D2FB0CDC-EC83EFAE-06020000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Fujitsu Hardware Diagnostics Tool\pcdsrvc_x64.pkms [2010-3-24 24560]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
.
=============== Created Last 30 ================
.
2011-10-03 22:03:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\Peyke
2011-10-03 22:03:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\Orvo
2011-10-03 21:36:29 504320 ----a-w- C:\ProgramData\TjeFyKiisljRsSN.exe
2011-10-03 20:39:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\ttVT8QbclwZJ3
2011-10-03 20:38:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\NCcWw1JjuJUv6CS
2011-10-03 20:37:39 -------- d-----w- C:\Users\Beata\AppData\Roaming\eIGCFXigcE0JtQB
2011-10-03 20:37:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\uA00uu2b3n5Q
2011-10-03 20:37:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\gPyAuDo4m5Q6E8R
2011-10-03 20:37:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\HnFp5789wlBPyA
2011-10-03 20:37:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\coFaHsJdLgZhXUe
2011-10-03 20:37:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\aiDpGaHsKE9TqYw
2011-10-03 20:37:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\lb3naHdKfLgq
2011-10-03 20:37:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\LhXjClBzNx1v2b3
2011-10-03 20:37:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\olBx0SiDoFaHsJd
2011-10-03 20:37:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\riFp5Q6W7
2011-10-03 20:36:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\qSSS2iibF3pG5QH
2011-10-03 20:36:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\YCCCekkIBrzOyx0
2011-10-03 20:36:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\O4aammH6sWJ7ELg
2011-10-03 20:36:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\siibbF33pn5aQ6d
2011-10-03 20:36:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\mTTXXqjjUC
2011-10-03 20:36:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\jNNNyxxA1uvSob3
2011-10-03 20:35:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\YGG55aQQJ6dK8
2011-10-03 20:35:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\X11iivDD2o
2011-10-03 20:35:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\N333onnF4am5sJ7
2011-10-03 20:35:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\CVVVrllONtx
2011-10-03 20:35:33 -------- d-----w- C:\Users\Beata\AppData\Roaming\jA11uuvS2o
2011-10-03 20:35:32 -------- d-----w- C:\Users\Beata\AppData\Roaming\zmmHH5sQJ7
2011-10-03 20:35:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\CJ66ddWK8fRLhTq
2011-10-03 20:35:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\jeIrPAuSoF
2011-10-03 20:35:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\EnnnG44amH6sJ
2011-10-03 20:35:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\IooonFF4amHsW7d
2011-10-03 20:35:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZXkVlBz0c
2011-10-03 20:33:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\Hu2Fp5HW79XYeVO
2011-10-03 20:32:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\rPuFaKhCz0bGdRg
2011-10-03 20:25:49 384000 ----a-w- C:\Windows\SysWow64\GnG4aQH6sKfLgZj.exe
2011-10-03 20:24:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\FEYOSF7hlA4dhlu
2011-10-03 19:45:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\GmzZbrdxWtJyL
2011-10-03 19:44:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\o5zEcRv8znR
2011-10-03 19:43:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\c0ski7VDKUcF
2011-10-03 19:42:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\hCDT1LPsOHemU3q
2011-10-03 19:41:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\LalWtJB5r6OWxKN
2011-10-03 19:40:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\gAnLkc4TlDWY1Qw
2011-10-03 19:39:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\TrunJTU0osgw
2011-10-03 19:38:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\lv6Cc6YuW
2011-10-03 19:38:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\bBDQwA5TyG9NGgt
2011-10-03 19:38:51 -------- d-----w- C:\Users\Beata\AppData\Roaming\nk0FEjcmRe1mfeA
2011-10-03 19:38:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\nNaYSKIbLlngzmY
2011-10-03 19:38:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\wjz0b4sTIPoWZ
2011-10-03 19:38:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\SJ8hVzAomJ
2011-10-03 19:38:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\BkPDmLXBimEXtum
2011-10-03 19:38:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\P3aW8YVzAoH7gX
2011-10-03 18:47:32 2417664 ----a-w- C:\ProgramData\jWqESRYNHMTQic.exe
2011-10-03 18:04:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\SUPERAntiSpyware.com
2011-10-03 18:03:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-10-03 18:03:49 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-09-30 02:29:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\C39xQC1JVoLloKe
2011-09-30 02:29:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\iJPEcRuL2Xbjo
2011-09-30 02:29:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\d39xQC1JV
2011-09-30 02:29:39 -------- d-----w- C:\Users\Beata\AppData\Roaming\wwZ7puBh6btCL4t
2011-09-30 02:29:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\P2xkZ7FcCW2ksuT
2011-09-30 02:29:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\tNkTJ41I8iYGV
2011-09-30 02:29:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\QUgpyw62V94
2011-09-30 02:29:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\nXR64b0Ow9EaFuO
2011-09-30 02:29:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\gpvzCEmvzURJFAI
2011-09-30 02:29:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\XnclYdmvNCLHDPe
2011-09-30 02:29:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\JvkfnxhJnAIX741
2011-09-30 02:29:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\KvUf3z94xCd4cCf
2011-09-30 02:28:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\a7xKxEihmPExLSe
2011-09-30 02:28:22 -------- d-----w- C:\Users\Beata\AppData\Roaming\r94lduqGrW0R2w4
2011-09-30 02:28:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZrPiaJZkB
2011-09-30 02:28:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\RVtcDaJLqwO0vnH
2011-09-30 02:28:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\lqVBPciDna5JEgZ
2011-09-30 02:28:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\az1n5d8RhwVIzyA
2011-09-30 02:28:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\aOzy1Donp5Qd8Zh
2011-09-30 02:28:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\fucSb3Ga6KEgqCI
2011-09-30 02:26:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\vpnG5aQH6W7R9
2011-09-30 02:25:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\oYrx2nHfZkN
2011-09-30 02:25:51 -------- d-----w- C:\Users\Beata\AppData\Roaming\ntimdhI146TI
2011-09-30 02:25:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\U6qt37CP48V1HZI
2011-09-30 02:25:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\oWTIP3sgkyosgwz
2011-09-30 02:25:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\pSFJRktip79eybs
2011-09-30 02:25:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\qqUtS3mLhUBc2pJ
2011-09-30 02:25:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\nLhUtSoHdZkBc2m
2011-09-30 01:40:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZUzumEXrSQ9ex2G
2011-09-30 01:39:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\kItSpQfZkNc3mJ
2011-09-30 01:38:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\wHRVcFdXz26XPbd
2011-09-30 01:37:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\paECtimfhOSF
2011-09-30 01:36:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\WxnEkPoQ9N5Tym8
2011-09-30 01:35:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\zGCigcdPJrpLzp9
2011-09-30 01:34:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\qOu3H8ktvmdq
2011-09-30 01:33:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\HGsEZkNc3m7Twl0
2011-09-30 01:32:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\hBslmlsrJOK0
2011-09-30 01:31:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\rGEUcmgzodwy
2011-09-30 01:30:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\H7OpY1dl3LOp9AQ
2011-09-30 01:29:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\VQIGhiRcK
2011-09-30 01:28:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\loLx6I3g0WVogP5
2011-09-30 01:27:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\qIogc7OmX
2011-09-30 01:26:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\SVApKCx3KjNFd
2011-09-30 01:26:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\W8vY4lJARvYQPTo
2011-09-30 01:26:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\mcEyWNdO6lHIo
2011-09-30 01:26:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\DVFXnY2hShv9uLu
2011-09-30 01:26:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\QVQwnhigA8cEyWN
2011-09-30 01:26:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\n8ALSTbYnkpeGzf
2011-09-30 01:26:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\KkJSYptEuT3kH
2011-09-30 01:26:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\qCFe5BJPd
2011-09-30 01:26:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\LR2qGV6BWzEcfu
2011-09-30 01:26:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\BJueWiI7DedDe
2011-09-30 01:26:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\Bw3CGIsPE1RDYbj
2011-09-30 01:24:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\e1uvS2obFm5Qd8R
2011-09-30 01:23:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\uuvvSS2obF3pG5Q
2011-09-30 00:41:39 1856000 ----a-w- C:\Windows\SysWow64\TVNo59B26qOFKCA.exe
2011-09-30 00:28:31 -------- d-----w- C:\Users\Beata\AppData\Roaming\Irxymux
2011-09-30 00:28:31 -------- d-----w- C:\Users\Beata\AppData\Roaming\Eplawu
2011-09-30 00:18:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\Malwarebytes
2011-09-30 00:18:22 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-30 00:18:18 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-30 00:18:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-30 00:03:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\xmH6sWJ7fLgZhCk
2011-09-30 00:03:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\JNAc2ibD3n4Q
2011-09-30 00:03:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\gD2onF4pm5Q7E9X
2011-09-30 00:03:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\NelOBtzP0c1
2011-09-30 00:03:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\dZYkVelOBz0c1v2
2011-09-30 00:03:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\v4HW7LTqCkrOt0S
2011-09-30 00:03:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\yL9gTXqjYeIrOtA
2011-09-30 00:01:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\QLgqYkeBPci2nHd
2011-09-30 00:00:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\RCekIVrzOtAuSiD
2011-09-29 23:59:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\QtvG8jP2aKhCz0b
2011-09-29 23:58:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\jgwzDpJZex
2011-09-29 23:57:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\bxS3mWLhUBcDpJ
2011-09-29 23:56:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\oNaY17l4hAJ
2011-09-29 23:55:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\ivoFm5Qd8RhXU
2011-09-29 23:54:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\yhFe5lQBaraVHrm
2011-09-29 23:53:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\eE9wIyvF5dh
2011-09-29 23:53:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\tG8XrumWTIAbQRY
2011-09-29 23:53:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\yPub5EZjBxSpQ8T
2011-09-29 23:53:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\a03H8Xt1pEYI1
2011-09-29 23:53:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\aAu2Fna6Wf9XY
2011-09-29 23:53:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\TyAviFnaHWf9
2011-09-29 23:53:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\wH6WJ7fELgZhC
2011-09-29 23:53:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\D1DnaH6WJfLgZhC
2011-09-29 23:53:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\emG5aQJ6dKfLhXj
2011-09-29 22:19:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\xrHBJzdyKAf07xW
2011-09-29 22:18:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\IKhCzA2m6RqI
2011-09-29 22:17:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\QGgOaYSJUvdVDE
2011-09-29 17:26:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\OVrzOtxA0S
2011-09-29 17:26:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\OVrzONxA0S
2011-09-29 17:26:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\djYCeIVrzNx0SiF
2011-09-29 17:26:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\Tbp5HWfLTjCIzNx
2011-09-29 17:26:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\p8ZhwUeBPxu2bp5
2011-09-29 17:24:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\xOy0v2b3GaH
2011-09-29 17:23:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\fSDG67gjkl
2011-09-29 17:22:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\mfwPGfk0Fd
2011-09-29 17:21:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\tE8ZUlrNAvFaKLT
2011-09-29 17:20:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\TP368kPnJhO1pdh
2011-09-29 17:20:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\n9kP368kPnJhO1p
2011-09-29 17:20:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\Kl16Tli5qB
2011-09-29 17:20:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\JUrBPci3F
2011-09-29 17:20:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\a3QKhCzAFaW9jIt
2011-09-29 17:20:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\T3sgU0osRV0oJ9l
2011-09-29 17:20:51 -------- d-----w- C:\Users\Beata\AppData\Roaming\cV3R0sVofzGqS7I
2011-09-29 17:20:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\zWk1WwS5XA
2011-09-29 17:20:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\IBngBF8lo8lSdq0
2011-09-29 17:20:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\HODJC04LUAHZIDJ
2011-09-29 17:20:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\nDJC04LUAHZI
2011-09-29 13:53:46 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-09-29 06:02:14 -------- d-sh--w- C:\found.000
2011-09-29 01:10:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\QlONtxP0uSiDoG
2011-09-29 01:10:00 2423808 ----a-w- C:\Windows\SysWow64\ArzONyxA0v2b3n5.exe
2011-09-29 01:08:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\ICekIBrzOyAu
2011-09-29 01:00:32 2423808 ----a-w- C:\Windows\SysWow64\VwkUVelOBz0c1v2.exe
2011-09-29 01:00:31 -------- d-----w- C:\Users\Beata\AppData\Roaming\lsWJ7dEL8RqY
2011-09-29 01:00:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\p1ibD3onGaHsJfL
2011-09-29 01:00:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZF4amH5sW7E8
2011-09-29 01:00:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\q2ibD3pnGaHdKfL
2011-09-29 00:59:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\dK8fRZ9hTwUeIrP
2011-09-29 00:59:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\PjYCekIVrOtAuS
2011-09-29 00:58:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\azPNyxA1uSoFpGa
2011-09-29 00:58:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\WA1ivD2on4m5Q7E
2011-09-29 00:58:22 -------- d-----w- C:\Users\Beata\AppData\Roaming\qdEK8gRZ9
2011-09-29 00:58:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\E0ycS1ivDoFaHsJ
2011-09-29 00:58:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\ElONtxP0uSiDoGa
2011-09-29 00:57:51 -------- d-----w- C:\Users\Beata\AppData\Roaming\ChYCwkUVrOtPySi
2011-09-29 00:57:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\XrlOBtxP0c1v3
2011-09-29 00:57:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\NrzONyxA0v2
2011-09-29 00:56:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\JPNycA1uv2b4m5Q
2011-09-29 00:56:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\VrlOBtxP0
2011-09-29 00:56:33 -------- d-----w- C:\Users\Beata\AppData\Roaming\melOBtzP0c1v2
2011-09-29 00:56:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\tYXwkUVelBz0c1v
2011-09-29 00:56:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\LUCelIBrzNx
2011-09-29 00:56:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\opnG5aQH6W7R9T
2011-09-29 00:55:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\y9hTXwjUClBzNx1
2011-09-29 00:55:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\Y7fEL8gTZh
2011-09-29 00:55:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\lD2onF4pm5Q7E8R
2011-09-29 00:55:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\ywkUVelOBz0c1Do
2011-09-29 00:55:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\jS2obF3pm5Q6W8R
2011-09-29 00:54:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\oL9gTZqjYwIrOt
2011-09-29 00:54:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\UA0uvSibFpGaHd
2011-09-29 00:54:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\SS1ivD3on4m5W
2011-09-29 00:54:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\vobF3pmG5Q6W8
2011-09-29 00:54:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\O6sWJ7fELgZhCkV
2011-09-29 00:54:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\WWJ7fEL8gZhCkVl
2011-09-29 00:54:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\oqhYXwkUVlB
2011-09-29 00:53:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\TS2obF3pm
2011-09-29 00:53:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\YnG4amH6sJ
2011-09-29 00:53:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\vekIBrzONx0v2b3
2011-09-29 00:53:27 -------- d-----w- C:\Users\Beata\AppData\Roaming\qNtxP0ucS
2011-09-29 00:53:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\vaQJ6dWK8R9Tq
2011-09-29 00:53:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\NQJ7dEK8gZhXjVl
2011-09-29 00:53:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\mpnG4aQH6W7E9
2011-09-29 00:53:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\DvS2obF3pGaJdK
2011-09-29 00:52:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\m8gRZqhYXkVlBz0
2011-09-29 00:52:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\wvS2ibF3pGaHdKf
2011-09-29 00:52:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\velIBrzPNx1v2
2011-09-29 00:52:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\gnG4aWK7fLgZjCk
2011-09-29 00:52:22 -------- d-----w- C:\Users\Beata\AppData\Roaming\ewjUCelIBzNx1v
2011-09-29 00:52:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\XZqhYXwkUeOtPyA
2011-09-29 00:52:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\JwkUVrlOB
2011-09-29 00:52:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\AXqjYCekIrOt
2011-09-29 00:51:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\JsQJ6dEK8
2011-09-29 00:51:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\VtxP0ucS1b3n4m6
2011-09-29 00:51:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\WRZ9hYXwj
2011-09-29 00:51:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\djUCekIBrOyAuSi
2011-09-29 00:51:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\sQH6dWKfLgXjCk
2011-09-29 00:51:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\C6dEK8fRZhXjClB
2011-09-29 00:51:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\kEL8gTZqhCkVlB
2011-09-29 00:50:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\ehYXwkUVeOtPyAi
2011-09-29 00:50:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\XlOBtzP0yAiDoFp
2011-09-29 00:50:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\SEK8gRZ9hXjVlBz
2011-09-29 00:50:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\u9hTXwjUClBzNx1
2011-09-29 00:50:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\SK7fEL9gTqYwIrO
2011-09-29 00:49:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\qbF3pnG5Q6W7
2011-09-29 00:49:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\DhYCwkUVrOt
2011-09-29 00:49:39 -------- d-----w- C:\Users\Beata\AppData\Roaming\YucS1ibD3n4m6W7
2011-09-29 00:49:30 -------- d-----w- C:\Users\Beata\AppData\Roaming\rsQJ7dEK8R9YwUe
2011-09-29 00:49:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\DekIVrzONx0
2011-09-29 00:49:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\DtxP0ucS1boGaHs
2011-09-29 00:49:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\PycA1ivD2n4m5Q7
2011-09-29 00:48:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\HCekIVrzOtAuSi
2011-09-29 00:48:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\ixP0ucS1iDoGaHs
2011-09-29 00:48:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\z5aQJ6dWKfLhXjC
2011-09-29 00:48:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\zXqjYCekIr
2011-09-29 00:48:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\sUVrlOBtx0c1v3
2011-09-29 00:48:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\kfRZ9hTXwUeIrPy
2011-09-29 00:47:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\b8fRL9hTXjCkBz
2011-09-29 00:47:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\QH5sQJ7dE8R9YwU
2011-09-29 00:47:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\a9hTXqjUCkBzNx0
2011-09-29 00:47:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\AJ6dWK8fR
2011-09-29 00:47:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\a1ibD3onGaHsJ
2011-09-29 00:47:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\t1uvD2obFp
2011-09-29 00:47:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\EpnG5aQH6W7R9Tq
2011-09-29 00:46:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\oQJ7dEK8gZhXjVl
2011-09-29 00:46:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\ATXqjYCekVzNx0c
2011-09-29 00:46:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\NbF4pmG5sJdKfZ
2011-09-29 00:46:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\iTZqhYCwkVlBx0c
2011-09-29 00:46:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\kpnG4aQH6W7E9T
2011-09-29 00:46:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\g4pmG5sQJdKfZhX
2011-09-29 00:46:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\N6dWK8fRLhXjCk
2011-09-29 00:46:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZcA1ivD2o
2011-09-29 00:45:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\WrlOBtxP0
2011-09-29 00:45:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\AekIVrzONx0c
2011-09-29 00:45:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\BhTXwjUCeIrPy
2011-09-29 00:45:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\FmH5sWJ7d
2011-09-29 00:45:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\zyxA0uvS2b
2011-09-29 00:45:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\bNycA1uvDoFpGs
2011-09-29 00:45:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\fA0ucS2ib3n4Q
2011-09-29 00:44:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\HuvD2obF4m5Q6E8
2011-09-29 00:44:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\fpmG5sQJ6E
2011-09-29 00:44:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\QfEL8gTZqYw
2011-09-29 00:44:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\sQH6sWK7fLg
2011-09-29 00:44:30 -------- d-----w- C:\Users\Beata\AppData\Roaming\CVelIBtzPyAuDo
2011-09-29 00:44:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\qwjUVelIBzNc
2011-09-29 00:44:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\EjUVelIBtP
2011-09-29 00:44:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\HgTZqhYCwUrOt0
2011-09-29 00:44:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\mS1ibD3on4
2011-09-29 00:44:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\nG5aQJ6dW8R9
2011-09-29 00:44:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\n8gRZhYXkVlB
2011-09-29 00:43:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\G7fRL9gTXjCkVzN
2011-09-29 00:43:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\tivD2onF4m
2011-09-29 00:43:27 -------- d-----w- C:\Users\Beata\AppData\Roaming\Y1uvS2obFpGaJdK
2011-09-29 00:43:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\EyxA0uvS2b3n5Q6
2011-09-29 00:43:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\WibF3pnG5Q6W
2011-09-29 00:43:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\N7fEL9gTZjCkVl
2011-09-29 00:43:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\eucS1ibD3n4
2011-09-29 00:43:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\yWJ7dEL8gZhXkV
2011-09-29 00:43:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\B4amH5sWJdLgZhX
2011-09-29 00:42:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\kK8fRZ9hTwUeIrP
2011-09-29 00:42:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\h2onF4pmH
2011-09-29 00:42:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\K2onF4pmHs
2011-09-29 00:42:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\oWK7fELgTqY
2011-09-29 00:42:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\t6dEK8fRZhXjClB
2011-09-29 00:42:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\lpmG5sQJ6EfZ
2011-09-29 00:42:27 -------- d-----w- C:\Users\Beata\AppData\Roaming\sD3onF4am5W7E8R
2011-09-29 00:42:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\RqjUCekIBzNAuoF
2011-09-29 00:42:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\OK8fRZ9hTwUeIrP
2011-09-29 00:42:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\n6dWK7fRLgXYeIr
2011-09-29 00:42:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\GEK8fRZ9hX
2011-09-29 00:40:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\whYCwkUVrOtPySi
2011-09-29 00:39:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\rG5sQJ6dE8R9TwU
2011-09-29 00:38:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\lCekIVrzOtAuSiD
2011-09-29 00:37:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\P8gRZ9hYXjV
2011-09-29 00:36:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\DqjYCekIVzNx0c2
2011-09-29 00:35:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\EEK8fRZ9hX
2011-09-29 00:34:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\TtxP0ucS1
2011-09-29 00:33:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\OD3onF4ams
2011-09-29 00:32:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\bycA1uvD2b4
2011-09-29 00:31:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\J3pmG5aQJdKf
2011-09-29 00:30:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\aK8fRZ9hTw
2011-09-29 00:29:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\ConF4pmH5Q7E8R9
2011-09-29 00:28:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\jpm5aQJ6dKfLhXj
2011-09-29 00:27:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\CWK8fRL9hXjCkBz
2011-09-29 00:26:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\mpnG5aQH6W7R9
2011-09-29 00:25:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\RK7fEL9gTqYwIr
2011-09-29 00:24:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\R55aJdKf9TjCkrN
2011-09-29 00:23:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\yCekIVrzOtA
2011-09-28 19:26:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\nbF3pmG5a
2011-09-28 19:26:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\HzPyx1uvSoFpGaJ
2011-09-28 19:26:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\BzONyxA0uSiFp
2011-09-28 19:26:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\rkltPci2Fms7KRh
2011-09-28 19:26:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\ikltPci2Fms7KRh
2011-09-28 19:26:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\DkltPci2Fms7KRh
2011-09-28 19:26:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\vkltPci2Fms7KRh
2011-09-28 19:26:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\DwkeBPci2Fms7KR
2011-09-28 19:26:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\mEzpT0dkSsCc6qx
2011-09-28 19:24:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\a0Hju6I3T0HwvEB
2011-09-28 19:23:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\qm6RqIyvFG6fTeO
2011-09-28 19:22:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\zO4Y1EzGeF90KOH
2011-09-28 19:21:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\Gv2n4m5Q78
2011-09-28 19:20:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\o17lFqyQeDKI2WC
2011-09-28 19:19:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\Z2bF35aQHWfLgXY
2011-09-28 19:18:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZAvo4p5JEf9TjeB
2011-09-28 18:01:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\Sybe
2011-09-28 18:01:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\Orecni
2011-09-28 16:25:02 1728000 ----a-w- C:\Windows\SysWow64\GK8fRZ9hTw.exe
2011-09-28 16:25:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\N1uvD2obFpGsJd
2011-09-28 16:23:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\c3pnG5aQHdKf
2011-09-28 16:23:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\DQJ7dEK8gZhXjVl
2011-09-28 16:23:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\K6sWJ7fELgZhCkV
2011-09-28 16:23:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\IVrlOBtxPySi
2011-09-28 16:23:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\DgRZqhYXwUeOtPy
2011-09-28 16:23:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\ejUVelIBtPyAuD
2011-09-28 16:23:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZF4pmG5sQ6E8R9T
2011-09-28 16:23:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\btzP0ycA1v2n4m5
2011-09-28 16:23:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\PyxA1uvS2b3m5Q6
2011-09-28 16:23:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\ojUVelIBtPyAuDo
2011-09-28 16:23:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\P2ibF3pnGaHdKfL
2011-09-28 16:21:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\qbF3pnG5a
2011-09-28 16:20:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\AGa6Jf8ZYkrNxuS
2011-09-28 16:19:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\naQH6sWK7E9TqYw
2011-09-28 16:19:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\LG4aQH6sW7E9TqY
2011-09-28 16:19:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\tcS1ivD3oFaHs
2011-09-28 16:18:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\FcA1ivD2oFpHsJd
2011-09-28 16:18:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\YWK7fEL9gZjCkVl
2011-09-28 16:18:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\naQJ6dWK8R9TqUe
2011-09-28 16:18:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\paQJ6dWK8R9TqUe
2011-09-28 16:16:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\jekkIIVrzO
2011-09-28 16:15:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\JuvS2obF3m5Q
2011-09-28 02:22:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\W88ffRZ99hXwjCl
2011-09-28 02:22:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\jP00yycA1i
2011-09-28 02:22:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\NUVVeelOBtz
2011-09-28 02:22:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\JiivvD3ooF4am5W
2011-09-28 02:22:32 -------- d-----w- C:\Users\Beata\AppData\Roaming\fddEEL8ggRqhYwk
2011-09-28 02:22:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\wBBttzPNycAuvDo
2011-09-28 02:22:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\pAAA1uuvD2ob4pG
2011-09-28 02:22:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\UfffRLL9gTXqYCk
2011-09-28 02:21:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\tWWWK77fRL9gXjY
2011-09-28 02:21:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\QiibbF3ppn5aQ6d
2011-09-28 02:21:27 -------- d-----w- C:\Users\Beata\AppData\Roaming\eTXqjUCekBOAuSi
2011-09-28 02:21:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\WqhYCwkUVlBx0c1
2011-09-28 02:21:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\sD3onG4am6W
2011-09-28 02:20:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\N4amH5sWJdL
2011-09-28 02:20:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZNyxA0uvSiFp
2011-09-28 02:20:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\oxA1uvS2oFpGaJd
2011-09-28 02:20:02 -------- d-----w- C:\5bd139ae8cd6cb01eae70554
2011-09-28 02:19:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\fK8fRL9hTq
2011-09-28 02:19:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\DJ6dWK8fR9TqUeI
2011-09-28 02:19:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\YpmG5aQJ6W8R9
2011-09-28 02:19:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\eelIBrzPNx1v2b3
2011-09-28 02:19:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\vzONyxA0uSiFp
2011-09-28 02:19:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\ARL9gTXqjCkV
2011-09-28 02:19:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\uQH6sWK7fLgZjCk
2011-09-28 02:19:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\zivD3onF4m5W7
2011-09-28 02:19:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\wXwkUVelOt
2011-09-28 02:18:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\xonG4amH6W7E8T
2011-09-28 02:18:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\ebD3pnG4aHsKfL
2011-09-28 02:18:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\aQH6sWK7fLgZjCk
2011-09-28 02:18:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\s3onG4amHsJfLgZ
2011-09-28 02:18:39 -------- d-----w- C:\Users\Beata\AppData\Roaming\U0ycS1ivDoFaHsJ
2011-09-28 02:18:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\HXwkUVelOtPyAiD
2011-09-28 02:18:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\UnG5aQH6dKfLgXj
2011-09-28 02:18:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\QA1uvD2ob4m5Q6E
2011-09-28 02:18:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\pYXwkUVelBz0c1v
2011-09-28 02:18:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\OJ7dEK8gR9YwUeI
2011-09-28 02:18:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\dvD3onF4a
2011-09-28 02:18:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\sRZ9hYXwjVlBzN
2011-09-28 02:16:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\cmH5sQJ7dKgZhXj
2011-09-28 02:15:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\Z6sWJ7fELgZhCkV
2011-09-28 02:14:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\NF3ppGGaQH6W7RT
2011-09-28 02:13:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\JaQH6sWK7E9TqYw
2011-09-28 02:12:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\OQJ7dEK8gZ
2011-09-28 02:11:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\gwjUCelIBzNx1v2
2011-09-28 02:10:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\RqjUCekIBzNx0v
2011-09-28 02:09:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\ftxA0ucS2b3n4Q6
2011-09-28 02:08:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\tlOBtzP0yA
2011-09-28 02:08:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\fTXqjYCekVzNx0c
2011-09-28 02:08:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\cUVrlOBtx0c1v3n
2011-09-28 02:08:30 -------- d-----w- C:\Users\Beata\AppData\Roaming\lkIVrzONtAuSiDp
2011-09-28 02:08:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\urzONyxA0v2b3n5
2011-09-28 02:08:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\YWK8fRL9hX
2011-09-28 02:08:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\RlOBzP0c1voFpHs
2011-09-28 02:08:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\ghYXwjUVeIt
2011-09-28 02:08:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\B9hYXwjUVl
2011-09-28 02:08:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\kxA0ucS2iDpGaHs
2011-09-28 02:06:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\uOBtzP0yc
2011-09-28 02:05:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\wWK7fRL9gXjCkVO
2011-09-28 02:04:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\IS1ibD3on4m6
2011-09-28 02:04:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\WTZqjYCwkVlNx0c
2011-09-28 02:02:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\eXYkrNxu2bp
2011-09-28 02:01:51 -------- d-----w- C:\Users\Beata\AppData\Roaming\I2GKXIAb58XBxi5
2011-09-28 02:00:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\NJ7dEL8gRqY
2011-09-28 01:59:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\OekIVrzONx0c2b3
2011-09-28 01:58:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\SP0ucS1ib3n4m6W
2011-09-28 01:57:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\jP0ycA1iv2n4m5Q
2011-09-28 01:57:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\tS2ibD3pn4Q6W7E
2011-09-28 01:57:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\yIBrzPNyx1v2b3m
2011-09-28 01:57:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\dobF4pmG5Q6E8R9
2011-09-28 01:57:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\k0ycA1ivDoFpHsJ
2011-09-28 01:57:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\VJ7dEL8gRqYw
2011-09-28 01:57:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\uONtxP0uc
2011-09-28 01:57:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\oaQJ6dWK8R9TqUe
2011-09-28 01:57:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\fH5sQJ7dE8
2011-09-28 01:57:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\E5sQJ7dEKg
2011-09-28 01:57:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\x7LTjwVONx0c1b3
2011-09-28 01:57:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\iNtxP0ucSiDoGaH
2011-09-28 01:57:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\DUVrlOBtx0c1v3
2011-09-28 01:55:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\YivD3onF4m5W7E8
2011-09-28 01:55:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\ylOBtzP0yAiDoFp
2011-09-28 01:55:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\wVrzONtxAuSiDpG
2011-09-28 01:55:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\c2ibD3pnGaHsKfL
2011-09-28 01:55:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\kmH5sQJ7dKgZhXj
2011-09-28 01:55:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\PQQHH6ddWKfRLgT
2011-09-28 01:55:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\HZZqqjYCwkIVrOt
2011-09-28 01:55:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\sQJ7dEK8gZhXjVl
2011-09-28 01:53:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\YobF3pmG5Q6W8
2011-09-28 01:52:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\hH5sQJ7dE8Rq
2011-09-28 01:52:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\q3onF4amHsJd
2011-09-28 01:52:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\cYCwkIVrlNx0c1b
2011-09-28 01:52:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZekIVrzON
2011-09-28 01:52:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\mIVrzONtx0
2011-09-28 01:52:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\GVrzONtxAu
2011-09-28 01:52:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\wkIBrzONyAuSi
2011-09-28 01:52:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\c0ycA1ivDoFpHsJ
2011-09-28 01:52:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\F4amH6sWJfLgZhC
2011-09-28 01:52:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\H6dWK7fRLgXjCkV
2011-09-28 01:52:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\bA1uvS2ob3m
2011-09-28 01:52:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\czPNyxA1uSoFpGa
2011-09-28 01:50:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\YBtzP0ycAiDoFpH
2011-09-28 01:49:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\NxP0ycS1iDoFaHs
2011-09-28 01:48:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\S0c1iv3n4HsJdLg
2011-09-28 01:47:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\zXwwkkUVel
2011-09-28 01:46:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\hBBBrzzPN
2011-09-28 01:45:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\LRZqhYXwkVlBz0c
2011-09-28 01:44:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\jBrzy1So3G
2011-09-28 01:40:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\bsssWWJ7dEL8RZ
2011-09-28 01:40:02 -------- d-----w- C:\Program Files (x86)\Minibar
2011-09-28 01:40:00 -------- d-----w- C:\Program Files (x86)\FaceSmooch Smileys
2011-09-28 01:39:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\YzzzPPNycA1uD2b
2011-09-28 01:39:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\snnG55aQH6d
2011-09-28 01:39:41 -------- d-----w- C:\Program Files (x86)\Surf Canyon
2011-09-28 01:39:38 -------- d-----w- C:\ProgramData\Babylon
2011-09-28 01:39:36 -------- d-----w- C:\Program Files (x86)\PriceGong
2011-09-28 01:39:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\EaaaQHH6dWK7RLg
2011-09-28 01:39:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\RJJ66dEK8fRZ9T
2011-09-28 01:39:22 -------- d-----w- C:\Users\Beata\AppData\Roaming\dxxPP0ucS1ib3oG
2011-09-28 01:39:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\VbbDD3ppnGaQ6sK
2011-09-28 01:39:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\y3ppnGG5aHdWfR9
2011-09-28 01:38:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZaQQJJdW8LTqUeI
2011-09-28 01:38:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\q111ivvD3onF
2011-09-28 01:38:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\NkkIIVrrlONxPuS
2011-09-28 01:38:20 -------- d-----w- C:\Users\Beata\AppData\Roaming\eYYXXwkkUVlOBz
2011-09-28 01:38:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\zkkUUVelOB
2011-09-28 01:38:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\RoonnG4amH6
2011-09-28 01:37:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\x00yycS11iD
2011-09-28 01:37:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\vTXXqqjYCe
2011-09-28 01:37:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\LbbbF33pmG5QJ6
2011-09-28 01:37:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\n00yycS11vD3
2011-09-28 01:37:20 -------- d-----w- C:\Users\Beata\AppData\Roaming\AbbD3oonGamHsW7
2011-09-28 01:37:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\RDD33oonF4m
2011-09-28 01:37:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\rtttxPP0ucSib3o
2011-09-28 01:37:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\iccSS2iibD
2011-09-28 01:36:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\pccAA1uvD2obFpG
2011-09-28 01:36:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\SIIBBrzzPy
2011-09-28 01:36:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\fHH55sQJJ7EK8
2011-09-28 01:36:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\VhhhYXXwjUelItz
2011-09-28 01:36:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\KnnFF4pmH5sJ7EK
2011-09-28 01:36:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\UpppnGGaQH6dW7
2011-09-28 01:36:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\cvDD33onF4am
2011-09-28 01:36:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\WAA00uvvS2iF3nG
2011-09-28 01:35:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\e88ggRZZqhXwUV
2011-09-28 01:35:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\SNNyyxAA0uv2iF3
2011-09-28 01:35:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\E66ssWK7fEL9gZj
2011-09-28 01:35:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\aPP00ucS1ibD3
2011-09-28 01:35:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\KkkIIBrrzOyxA
2011-09-28 01:35:32 -------- d-----w- C:\Users\Beata\AppData\Roaming\SfRRZZ9hTXwjClB
2011-09-28 01:35:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\HellIBBrzPN
2011-09-28 01:35:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\iqqqjUUCekIry
2011-09-28 01:35:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\xfRRZZ9hTXwjCe
2011-09-28 01:35:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\ffffRLL9hTXqUCk
2011-09-28 01:35:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\lKKK8fRRL9TXqeI
2011-09-28 01:33:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\lkkkIVVrzONtA0c
2011-09-28 01:32:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\U66ssWJ7fEL8gZh
2011-09-28 01:31:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\CYYXXwkkUVlOBz0
2011-09-28 01:30:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\ixPP00ucS1ib3oG
2011-09-28 01:29:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\njYYCCekIVrzNtA
2011-09-28 01:28:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\slOONNtxP0uc1iD
2011-09-28 01:27:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\nBBrrzOONyx0uSi
2011-09-28 01:26:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\cYYYCwwkUVrO
2011-09-28 01:25:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\X44aaQHH6sW7fL9
2011-09-28 01:24:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\WfffELL9gTZq
2011-09-28 01:24:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\OVVVellOBtx0y
2011-09-28 01:24:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZAAA1uuvD2ob
2011-09-28 01:24:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\rrrrzOONyxA0
2011-09-28 01:24:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\zlllONNtxP0cS1b
2011-09-28 01:24:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\HEELL8ggRZq
2011-09-28 01:24:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\EIIIBBtzPNyc1
2011-09-28 01:20:54 -------- d-----we C:\Windows\system64
2011-09-21 06:38:56 -------- d-----w- C:\Users\Beata\riotsGamesLogs
2011-09-21 06:38:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\LolClient
2011-09-21 06:15:25 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2011-09-21 06:15:25 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2011-09-21 06:15:25 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-09-21 06:15:25 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-09-21 06:15:25 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-09-21 02:00:03 -------- d-----w- C:\Users\Beata\AppData\Local\PMB Files
2011-09-21 02:00:01 -------- d-----w- C:\ProgramData\PMB Files
2011-09-21 01:59:40 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-09-17 16:13:41 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2011-09-14 14:46:25 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-09-06 01:33:49 -------- d-----w- C:\Users\Beata\AppData\Local\Real
2011-09-06 01:32:58 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-09-06 01:32:43 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
.
==================== Find3M ====================
.
2011-10-03 20:40:32 2417664 ----a-w- C:\Windows\SysWow64\VEpuBh6ir.exe
2011-10-03 20:40:31 2417664 ----a-w- C:\Windows\SysWow64\KIKiCHPhsvzhaSr.exe
2011-10-03 20:40:31 0 ----a-w- C:\Windows\SysWow64\SpuBh6irg5n1B.exe
2011-10-03 20:40:30 0 ----a-w- C:\Windows\SysWow64\QSkdncjWFtY7m1l.exe
2011-10-03 20:40:30 0 ----a-w- C:\Windows\SysWow64\cpue8pxY7nPX.exe
2011-10-03 20:40:28 512000 ----a-w- C:\Windows\SysWow64\HFcUWFNqW3t.exe
2011-10-03 20:25:50 1152000 ----a-w- C:\Windows\SysWow64\GpnG4aQH6W7E9Tq.exe
2011-10-03 20:25:49 192000 ----a-w- C:\Windows\SysWow64\Am5Jd8ZTwCIzy1S.exe
2011-10-03 20:25:49 0 ----a-w- C:\Windows\SysWow64\s9gTXqjYCkVzNx0.exe
2011-09-30 02:30:42 0 ----a-w- C:\Windows\SysWow64\wJJdhXjeIz.exe
2011-09-30 02:30:41 2417664 ----a-w- C:\Windows\SysWow64\nrAiGsLqklxcbnm.exe
2011-09-30 02:30:40 512000 ----a-w- C:\Windows\SysWow64\WGfeAp7Yt3WqNb6.exe
2011-09-30 00:41:40 2417664 ----a-w- C:\Windows\SysWow64\zYBAGKTIxbaRU.exe
2011-09-30 00:41:38 2417664 ----a-w- C:\Windows\SysWow64\oJZU0DmEYBA.exe
2011-09-29 22:20:12 192000 ----a-w- C:\Windows\SysWow64\NIWuYQxToe71Xm.exe
2011-09-29 22:20:11 2408448 ----a-w- C:\Windows\SysWow64\mGwow4tRpr9pzfb.exe
2011-09-29 22:20:11 0 ----a-w- C:\Windows\SysWow64\rIsz6y7A7xJxWBs.exe
2011-09-29 22:20:08 2408448 ----a-w- C:\Windows\SysWow64\mDZufx6Ui7Uv7Vv.exe
2011-09-29 22:20:08 1344000 ----a-w- C:\Windows\SysWow64\gGSrJyRoe6A.exe
2011-09-29 22:20:07 2408448 ----a-w- C:\Windows\SysWow64\puHYxofw0FEwxDH.exe
2011-09-29 22:20:05 2408448 ----a-w- C:\Windows\SysWow64\LHYcsC17lmV.exe
2011-09-29 22:20:05 2408448 ----a-w- C:\Windows\SysWow64\EHjuaTB3EB.exe
2011-09-29 22:20:04 2408448 ----a-w- C:\Windows\SysWow64\QPaj0QqxaZObWht.exe
2011-09-29 01:10:06 2423808 ----a-w- C:\Windows\SysWow64\Of9XUlrNAv.exe
2011-09-29 01:10:03 2423808 ----a-w- C:\Windows\SysWow64\a8ZhwVIzN1DoF.exe
2011-09-28 01:48:12 2456064 ----a-w- C:\Windows\SysWow64\dLL88gRZZ.exe
2011-09-06 01:32:42 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-08-31 22:45:46 0 ----a-w- C:\ProgramData\pegg.exe
2011-08-31 22:45:46 0 ----a-w- C:\ProgramData\obxp.exe
2011-08-31 22:45:46 0 ----a-w- C:\ProgramData\msbi.exe
2011-08-31 22:45:46 0 ----a-w- C:\ProgramData\cvuc.exe
2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:30:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 17:21:49.27 ===============

Edited by Orange Blossom, 03 October 2011 - 07:48 PM.
Merged topics. ~ OB


#11 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 AM

Posted 03 October 2011 - 08:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420996 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#12 Ervin T

Ervin T
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 04 October 2011 - 02:30 AM

Please see below for requested logs. I won't be able to post a GMER log as I'm on a 64 bit version of Windows 7. I've ran Rkill, SuperAntispyware and MBAM and so far OpenCloud Security has not yet shown up nor have I been redirected to websites of advertisements which happened before. I'm pretty sure the log below has items that need to fixed. Thanks for your help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Beata at 23:30:05 on 2011-10-03
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1973.649 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\gtdetectsc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
C:\Program Files\Fujitsu\updnavi\updatenv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\Beata\AppData\Roaming\Orvo\yzasliy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uDefault_Page_URL = hxxp://hk.fujitsu.com/pc
mWinlogon: Userinit=userinit.exe,
BHO: Shopping Assistant Plugin: {1631550f-191d-4826-b069-d9439253d926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Fast Search: {5ab7104a-b71f-49ad-9154-f7f8806ae848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: MinibarBHO: {aa74d58f-acd0-450d-a85e-6c04b171c044} - C:\Program Files (x86)\Minibar\Kango.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Minibar: {d6598005-a921-4f83-b6e6-f4f030d1bf37} - C:\Program Files (x86)\Minibar\Kango.dll
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [{DD01E221-DF47-D58A-6118-41F14D43F8AF}] C:\Users\Beata\AppData\Roaming\Orvo\yzasliy.exe
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [MozillaAgent] C:\Windows\Temp\kghjdfg.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [win2119b744] C:\Windows\TEMP\win2119b744.exe
dRun: [65C4] \\.\globalroot\Device\HarddiskVolume3\Windows\Temp\65C4.tmp
dRun: [jWqESRYNHMTQic.exe] C:\ProgramData\jWqESRYNHMTQic.exe
dRun: [TjeFyKiisljRsSN.exe] C:\ProgramData\TjeFyKiisljRsSN.exe
dRun: [MouseNotifierUpdate] rundll32.exe "C:\ProgramData\MouseNotifierUpdate.dll",DllRegisterServer
dRun: [Macromedia Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Minibar\MinibarUpdate\Minibarupdt32.DLL",DllRegisterServer
dRun: [SuperSoftwarePackage Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Google\GoogleUpdate\Googleupdt32.DLL",DllRegisterServer
dRun: [Policies Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Babylon\BabylonUpdate\Babylonupdt32.DLL",DllRegisterServer
dRun: [JavaSoft Update] rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\MicrosoftUpdate\Microsoftupdt32.DLL",DllRegisterServer
dRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8AE60E6A-16FA-4202-8817-5F187EC16077} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\039364850383036363734353 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\0527A79776F64616 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\44554494 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\4505D2C494E4B4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\4505D2C494E4B4F5547383542373 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{925F6EDE-8D81-4A0E-BE94-D7B7371D9ACD}\46C696E6B6 : DhcpNameServer = 192.168.1.254 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Shopping Assistant Plugin: {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.5.0\PriceGongIE.dll
BHO-X64: PriceGong - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Fast Search: {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
BHO-X64: IE BHO Utility - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll
BHO-X64: Minibar BHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Minibar: {D6598005-A921-4F83-B6E6-F4F030D1BF37} - C:\Program Files (x86)\Minibar\Kango.dll
mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
mRun-x64: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe
mRun-x64: [RemoteControl8] "c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun-x64: [YouCam Mirror Tray icon] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun-x64: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun-x64: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [MozillaAgent] C:\Windows\Temp\kghjdfg.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Beata\AppData\Roaming\Mozilla\Firefox\Profiles\d2r5nxoa.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 FBIOSDRV;Fujitsu BIOS Driver;C:\Windows\system32\Drivers\FBIOSDRV.sys --> C:\Windows\system32\Drivers\FBIOSDRV.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 gtdetectsc;GtDetectSc Service;C:\Windows\SysWOW64\Gtdetectsc.exe [2011-5-19 196704]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-29 366152]
R2 PowerSavingUtilityService;PowerSavingUtilityService;C:\Program Files\Fujitsu\PSUtility\PSUService.exe [2009-7-29 63336]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-28 2314240]
R2 UpdateNaviInstallService;UpdateNaviInstallService;C:\Program Files\Fujitsu\updnavi\updnvsrv.exe [2009-9-30 14336]
R2 VFPRadioSupportService;Bluetooth Feature Support;C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [2009-12-24 145840]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;C:\Windows\system32\drivers\FUJ02E3.sys --> C:\Windows\system32\drivers\FUJ02E3.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-4 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-1 1153368]
S3 BthAvrcp;Bluetooth AVRCP Profile;C:\Windows\system32\drivers\BthAvrcp.sys --> C:\Windows\system32\drivers\BthAvrcp.sys [?]
S3 GT72UBUS;GT 72 U BUS;C:\Windows\system32\DRIVERS\gt72ubus.sys --> C:\Windows\system32\DRIVERS\gt72ubus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-4 136176]
S3 HP1319EWS;HP1319EWS;C:\Windows\system32\Drivers\HP1319EWS.sys --> C:\Windows\system32\Drivers\HP1319EWS.sys [?]
S3 HP1319FAX;HP1319MFP FAX;C:\Windows\system32\Drivers\HP1319FAX.sys --> C:\Windows\system32\Drivers\HP1319FAX.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 PCDSRVC{D2FB0CDC-EC83EFAE-06020000}_0;PCDSRVC{D2FB0CDC-EC83EFAE-06020000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Fujitsu Hardware Diagnostics Tool\pcdsrvc_x64.pkms [2010-3-24 24560]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-04 01:52:11 81920 ----a-w- C:\Windows\SysWow64\srrstr.dll
2011-10-04 01:52:11 81920 ----a-w- C:\ProgramData\MouseNotifierUpdate.dll
2011-10-03 22:03:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\Peyke
2011-10-03 22:03:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\Orvo
2011-10-03 21:36:29 504320 ----a-w- C:\ProgramData\TjeFyKiisljRsSN.exe
2011-10-03 20:39:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\ttVT8QbclwZJ3
2011-10-03 20:38:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\NCcWw1JjuJUv6CS
2011-10-03 20:37:39 -------- d-----w- C:\Users\Beata\AppData\Roaming\eIGCFXigcE0JtQB
2011-10-03 20:37:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\uA00uu2b3n5Q
2011-10-03 20:37:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\gPyAuDo4m5Q6E8R
2011-10-03 20:37:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\HnFp5789wlBPyA
2011-10-03 20:37:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\coFaHsJdLgZhXUe
2011-10-03 20:37:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\aiDpGaHsKE9TqYw
2011-10-03 20:37:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\lb3naHdKfLgq
2011-10-03 20:37:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\LhXjClBzNx1v2b3
2011-10-03 20:37:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\olBx0SiDoFaHsJd
2011-10-03 20:37:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\riFp5Q6W7
2011-10-03 20:36:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\qSSS2iibF3pG5QH
2011-10-03 20:36:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\YCCCekkIBrzOyx0
2011-10-03 20:36:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\O4aammH6sWJ7ELg
2011-10-03 20:36:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\siibbF33pn5aQ6d
2011-10-03 20:36:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\mTTXXqjjUC
2011-10-03 20:36:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\jNNNyxxA1uvSob3
2011-10-03 20:35:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\YGG55aQQJ6dK8
2011-10-03 20:35:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\X11iivDD2o
2011-10-03 20:35:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\N333onnF4am5sJ7
2011-10-03 20:35:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\CVVVrllONtx
2011-10-03 20:35:33 -------- d-----w- C:\Users\Beata\AppData\Roaming\jA11uuvS2o
2011-10-03 20:35:32 -------- d-----w- C:\Users\Beata\AppData\Roaming\zmmHH5sQJ7
2011-10-03 20:35:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\CJ66ddWK8fRLhTq
2011-10-03 20:35:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\jeIrPAuSoF
2011-10-03 20:35:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\EnnnG44amH6sJ
2011-10-03 20:35:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\IooonFF4amHsW7d
2011-10-03 20:35:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZXkVlBz0c
2011-10-03 20:33:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\Hu2Fp5HW79XYeVO
2011-10-03 20:32:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\rPuFaKhCz0bGdRg
2011-10-03 20:25:49 384000 ----a-w- C:\Windows\SysWow64\GnG4aQH6sKfLgZj.exe
2011-10-03 20:24:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\FEYOSF7hlA4dhlu
2011-10-03 19:45:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\GmzZbrdxWtJyL
2011-10-03 19:44:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\o5zEcRv8znR
2011-10-03 19:43:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\c0ski7VDKUcF
2011-10-03 19:42:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\hCDT1LPsOHemU3q
2011-10-03 19:41:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\LalWtJB5r6OWxKN
2011-10-03 19:40:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\gAnLkc4TlDWY1Qw
2011-10-03 19:39:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\TrunJTU0osgw
2011-10-03 19:38:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\lv6Cc6YuW
2011-10-03 19:38:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\bBDQwA5TyG9NGgt
2011-10-03 19:38:51 -------- d-----w- C:\Users\Beata\AppData\Roaming\nk0FEjcmRe1mfeA
2011-10-03 19:38:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\nNaYSKIbLlngzmY
2011-10-03 19:38:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\wjz0b4sTIPoWZ
2011-10-03 19:38:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\SJ8hVzAomJ
2011-10-03 19:38:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\BkPDmLXBimEXtum
2011-10-03 19:38:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\P3aW8YVzAoH7gX
2011-10-03 18:47:32 2417664 ----a-w- C:\ProgramData\jWqESRYNHMTQic.exe
2011-10-03 18:04:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\SUPERAntiSpyware.com
2011-10-03 18:03:50 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-10-03 18:03:49 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-09-30 02:29:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\C39xQC1JVoLloKe
2011-09-30 02:29:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\iJPEcRuL2Xbjo
2011-09-30 02:29:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\d39xQC1JV
2011-09-30 02:29:39 -------- d-----w- C:\Users\Beata\AppData\Roaming\wwZ7puBh6btCL4t
2011-09-30 02:29:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\P2xkZ7FcCW2ksuT
2011-09-30 02:29:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\tNkTJ41I8iYGV
2011-09-30 02:29:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\QUgpyw62V94
2011-09-30 02:29:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\nXR64b0Ow9EaFuO
2011-09-30 02:29:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\gpvzCEmvzURJFAI
2011-09-30 02:29:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\XnclYdmvNCLHDPe
2011-09-30 02:29:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\JvkfnxhJnAIX741
2011-09-30 02:29:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\KvUf3z94xCd4cCf
2011-09-30 02:28:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\a7xKxEihmPExLSe
2011-09-30 02:28:22 -------- d-----w- C:\Users\Beata\AppData\Roaming\r94lduqGrW0R2w4
2011-09-30 02:28:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZrPiaJZkB
2011-09-30 02:28:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\RVtcDaJLqwO0vnH
2011-09-30 02:28:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\lqVBPciDna5JEgZ
2011-09-30 02:28:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\az1n5d8RhwVIzyA
2011-09-30 02:28:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\aOzy1Donp5Qd8Zh
2011-09-30 02:28:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\fucSb3Ga6KEgqCI
2011-09-30 02:26:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\vpnG5aQH6W7R9
2011-09-30 02:25:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\oYrx2nHfZkN
2011-09-30 02:25:51 -------- d-----w- C:\Users\Beata\AppData\Roaming\ntimdhI146TI
2011-09-30 02:25:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\U6qt37CP48V1HZI
2011-09-30 02:25:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\oWTIP3sgkyosgwz
2011-09-30 02:25:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\pSFJRktip79eybs
2011-09-30 02:25:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\qqUtS3mLhUBc2pJ
2011-09-30 02:25:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\nLhUtSoHdZkBc2m
2011-09-30 01:40:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZUzumEXrSQ9ex2G
2011-09-30 01:39:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\kItSpQfZkNc3mJ
2011-09-30 01:38:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\wHRVcFdXz26XPbd
2011-09-30 01:37:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\paECtimfhOSF
2011-09-30 01:36:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\WxnEkPoQ9N5Tym8
2011-09-30 01:35:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\zGCigcdPJrpLzp9
2011-09-30 01:34:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\qOu3H8ktvmdq
2011-09-30 01:33:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\HGsEZkNc3m7Twl0
2011-09-30 01:32:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\hBslmlsrJOK0
2011-09-30 01:31:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\rGEUcmgzodwy
2011-09-30 01:30:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\H7OpY1dl3LOp9AQ
2011-09-30 01:29:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\VQIGhiRcK
2011-09-30 01:28:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\loLx6I3g0WVogP5
2011-09-30 01:27:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\qIogc7OmX
2011-09-30 01:26:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\SVApKCx3KjNFd
2011-09-30 01:26:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\W8vY4lJARvYQPTo
2011-09-30 01:26:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\mcEyWNdO6lHIo
2011-09-30 01:26:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\DVFXnY2hShv9uLu
2011-09-30 01:26:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\QVQwnhigA8cEyWN
2011-09-30 01:26:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\n8ALSTbYnkpeGzf
2011-09-30 01:26:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\KkJSYptEuT3kH
2011-09-30 01:26:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\qCFe5BJPd
2011-09-30 01:26:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\LR2qGV6BWzEcfu
2011-09-30 01:26:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\BJueWiI7DedDe
2011-09-30 01:26:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\Bw3CGIsPE1RDYbj
2011-09-30 01:24:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\e1uvS2obFm5Qd8R
2011-09-30 01:23:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\uuvvSS2obF3pG5Q
2011-09-30 00:41:39 1856000 ----a-w- C:\Windows\SysWow64\TVNo59B26qOFKCA.exe
2011-09-30 00:28:31 -------- d-----w- C:\Users\Beata\AppData\Roaming\Irxymux
2011-09-30 00:28:31 -------- d-----w- C:\Users\Beata\AppData\Roaming\Eplawu
2011-09-30 00:18:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\Malwarebytes
2011-09-30 00:18:22 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-30 00:18:18 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-30 00:18:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-30 00:03:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\xmH6sWJ7fLgZhCk
2011-09-30 00:03:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\JNAc2ibD3n4Q
2011-09-30 00:03:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\gD2onF4pm5Q7E9X
2011-09-30 00:03:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\NelOBtzP0c1
2011-09-30 00:03:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\dZYkVelOBz0c1v2
2011-09-30 00:03:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\v4HW7LTqCkrOt0S
2011-09-30 00:03:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\yL9gTXqjYeIrOtA
2011-09-30 00:01:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\QLgqYkeBPci2nHd
2011-09-30 00:00:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\RCekIVrzOtAuSiD
2011-09-29 23:59:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\QtvG8jP2aKhCz0b
2011-09-29 23:58:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\jgwzDpJZex
2011-09-29 23:57:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\bxS3mWLhUBcDpJ
2011-09-29 23:56:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\oNaY17l4hAJ
2011-09-29 23:55:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\ivoFm5Qd8RhXU
2011-09-29 23:54:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\yhFe5lQBaraVHrm
2011-09-29 23:53:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\eE9wIyvF5dh
2011-09-29 23:53:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\tG8XrumWTIAbQRY
2011-09-29 23:53:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\yPub5EZjBxSpQ8T
2011-09-29 23:53:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\a03H8Xt1pEYI1
2011-09-29 23:53:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\aAu2Fna6Wf9XY
2011-09-29 23:53:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\TyAviFnaHWf9
2011-09-29 23:53:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\wH6WJ7fELgZhC
2011-09-29 23:53:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\D1DnaH6WJfLgZhC
2011-09-29 23:53:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\emG5aQJ6dKfLhXj
2011-09-29 22:19:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\xrHBJzdyKAf07xW
2011-09-29 22:18:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\IKhCzA2m6RqI
2011-09-29 22:17:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\QGgOaYSJUvdVDE
2011-09-29 17:26:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\OVrzOtxA0S
2011-09-29 17:26:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\OVrzONxA0S
2011-09-29 17:26:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\djYCeIVrzNx0SiF
2011-09-29 17:26:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\Tbp5HWfLTjCIzNx
2011-09-29 17:26:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\p8ZhwUeBPxu2bp5
2011-09-29 17:24:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\xOy0v2b3GaH
2011-09-29 17:23:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\fSDG67gjkl
2011-09-29 17:22:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\mfwPGfk0Fd
2011-09-29 17:21:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\tE8ZUlrNAvFaKLT
2011-09-29 17:20:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\TP368kPnJhO1pdh
2011-09-29 17:20:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\n9kP368kPnJhO1p
2011-09-29 17:20:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\Kl16Tli5qB
2011-09-29 17:20:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\JUrBPci3F
2011-09-29 17:20:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\a3QKhCzAFaW9jIt
2011-09-29 17:20:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\T3sgU0osRV0oJ9l
2011-09-29 17:20:51 -------- d-----w- C:\Users\Beata\AppData\Roaming\cV3R0sVofzGqS7I
2011-09-29 17:20:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\zWk1WwS5XA
2011-09-29 17:20:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\IBngBF8lo8lSdq0
2011-09-29 17:20:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\HODJC04LUAHZIDJ
2011-09-29 17:20:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\nDJC04LUAHZI
2011-09-29 13:53:46 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-09-29 06:02:14 -------- d-sh--w- C:\found.000
2011-09-29 01:10:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\QlONtxP0uSiDoG
2011-09-29 01:10:00 2423808 ----a-w- C:\Windows\SysWow64\ArzONyxA0v2b3n5.exe
2011-09-29 01:08:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\ICekIBrzOyAu
2011-09-29 01:00:32 2423808 ----a-w- C:\Windows\SysWow64\VwkUVelOBz0c1v2.exe
2011-09-29 01:00:31 -------- d-----w- C:\Users\Beata\AppData\Roaming\lsWJ7dEL8RqY
2011-09-29 01:00:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\p1ibD3onGaHsJfL
2011-09-29 01:00:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZF4amH5sW7E8
2011-09-29 01:00:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\q2ibD3pnGaHdKfL
2011-09-29 00:59:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\dK8fRZ9hTwUeIrP
2011-09-29 00:59:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\PjYCekIVrOtAuS
2011-09-29 00:58:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\azPNyxA1uSoFpGa
2011-09-29 00:58:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\WA1ivD2on4m5Q7E
2011-09-29 00:58:22 -------- d-----w- C:\Users\Beata\AppData\Roaming\qdEK8gRZ9
2011-09-29 00:58:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\E0ycS1ivDoFaHsJ
2011-09-29 00:58:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\ElONtxP0uSiDoGa
2011-09-29 00:57:51 -------- d-----w- C:\Users\Beata\AppData\Roaming\ChYCwkUVrOtPySi
2011-09-29 00:57:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\XrlOBtxP0c1v3
2011-09-29 00:57:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\NrzONyxA0v2
2011-09-29 00:56:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\JPNycA1uv2b4m5Q
2011-09-29 00:56:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\VrlOBtxP0
2011-09-29 00:56:33 -------- d-----w- C:\Users\Beata\AppData\Roaming\melOBtzP0c1v2
2011-09-29 00:56:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\tYXwkUVelBz0c1v
2011-09-29 00:56:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\LUCelIBrzNx
2011-09-29 00:56:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\opnG5aQH6W7R9T
2011-09-29 00:55:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\y9hTXwjUClBzNx1
2011-09-29 00:55:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\Y7fEL8gTZh
2011-09-29 00:55:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\lD2onF4pm5Q7E8R
2011-09-29 00:55:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\ywkUVelOBz0c1Do
2011-09-29 00:55:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\jS2obF3pm5Q6W8R
2011-09-29 00:54:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\oL9gTZqjYwIrOt
2011-09-29 00:54:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\UA0uvSibFpGaHd
2011-09-29 00:54:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\SS1ivD3on4m5W
2011-09-29 00:54:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\vobF3pmG5Q6W8
2011-09-29 00:54:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\O6sWJ7fELgZhCkV
2011-09-29 00:54:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\WWJ7fEL8gZhCkVl
2011-09-29 00:54:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\oqhYXwkUVlB
2011-09-29 00:53:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\TS2obF3pm
2011-09-29 00:53:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\YnG4amH6sJ
2011-09-29 00:53:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\vekIBrzONx0v2b3
2011-09-29 00:53:27 -------- d-----w- C:\Users\Beata\AppData\Roaming\qNtxP0ucS
2011-09-29 00:53:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\vaQJ6dWK8R9Tq
2011-09-29 00:53:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\NQJ7dEK8gZhXjVl
2011-09-29 00:53:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\mpnG4aQH6W7E9
2011-09-29 00:53:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\DvS2obF3pGaJdK
2011-09-29 00:52:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\m8gRZqhYXkVlBz0
2011-09-29 00:52:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\wvS2ibF3pGaHdKf
2011-09-29 00:52:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\velIBrzPNx1v2
2011-09-29 00:52:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\gnG4aWK7fLgZjCk
2011-09-29 00:52:22 -------- d-----w- C:\Users\Beata\AppData\Roaming\ewjUCelIBzNx1v
2011-09-29 00:52:16 -------- d-----w- C:\Users\Beata\AppData\Roaming\XZqhYXwkUeOtPyA
2011-09-29 00:52:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\JwkUVrlOB
2011-09-29 00:52:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\AXqjYCekIrOt
2011-09-29 00:51:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\JsQJ6dEK8
2011-09-29 00:51:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\VtxP0ucS1b3n4m6
2011-09-29 00:51:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\WRZ9hYXwj
2011-09-29 00:51:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\djUCekIBrOyAuSi
2011-09-29 00:51:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\sQH6dWKfLgXjCk
2011-09-29 00:51:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\C6dEK8fRZhXjClB
2011-09-29 00:51:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\kEL8gTZqhCkVlB
2011-09-29 00:50:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\ehYXwkUVeOtPyAi
2011-09-29 00:50:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\XlOBtzP0yAiDoFp
2011-09-29 00:50:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\SEK8gRZ9hXjVlBz
2011-09-29 00:50:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\u9hTXwjUClBzNx1
2011-09-29 00:50:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\SK7fEL9gTqYwIrO
2011-09-29 00:49:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\qbF3pnG5Q6W7
2011-09-29 00:49:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\DhYCwkUVrOt
2011-09-29 00:49:39 -------- d-----w- C:\Users\Beata\AppData\Roaming\YucS1ibD3n4m6W7
2011-09-29 00:49:30 -------- d-----w- C:\Users\Beata\AppData\Roaming\rsQJ7dEK8R9YwUe
2011-09-29 00:49:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\DekIVrzONx0
2011-09-29 00:49:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\DtxP0ucS1boGaHs
2011-09-29 00:49:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\PycA1ivD2n4m5Q7
2011-09-29 00:48:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\HCekIVrzOtAuSi
2011-09-29 00:48:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\ixP0ucS1iDoGaHs
2011-09-29 00:48:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\z5aQJ6dWKfLhXjC
2011-09-29 00:48:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\zXqjYCekIr
2011-09-29 00:48:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\sUVrlOBtx0c1v3
2011-09-29 00:48:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\kfRZ9hTXwUeIrPy
2011-09-29 00:47:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\b8fRL9hTXjCkBz
2011-09-29 00:47:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\QH5sQJ7dE8R9YwU
2011-09-29 00:47:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\a9hTXqjUCkBzNx0
2011-09-29 00:47:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\AJ6dWK8fR
2011-09-29 00:47:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\a1ibD3onGaHsJ
2011-09-29 00:47:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\t1uvD2obFp
2011-09-29 00:47:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\EpnG5aQH6W7R9Tq
2011-09-29 00:46:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\oQJ7dEK8gZhXjVl
2011-09-29 00:46:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\ATXqjYCekVzNx0c
2011-09-29 00:46:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\NbF4pmG5sJdKfZ
2011-09-29 00:46:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\iTZqhYCwkVlBx0c
2011-09-29 00:46:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\kpnG4aQH6W7E9T
2011-09-29 00:46:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\g4pmG5sQJdKfZhX
2011-09-29 00:46:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\N6dWK8fRLhXjCk
2011-09-29 00:46:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZcA1ivD2o
2011-09-29 00:45:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\WrlOBtxP0
2011-09-29 00:45:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\AekIVrzONx0c
2011-09-29 00:45:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\BhTXwjUCeIrPy
2011-09-29 00:45:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\FmH5sWJ7d
2011-09-29 00:45:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\zyxA0uvS2b
2011-09-29 00:45:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\bNycA1uvDoFpGs
2011-09-29 00:45:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\fA0ucS2ib3n4Q
2011-09-29 00:44:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\HuvD2obF4m5Q6E8
2011-09-29 00:44:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\fpmG5sQJ6E
2011-09-29 00:44:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\QfEL8gTZqYw
2011-09-29 00:44:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\sQH6sWK7fLg
2011-09-29 00:44:30 -------- d-----w- C:\Users\Beata\AppData\Roaming\CVelIBtzPyAuDo
2011-09-29 00:44:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\qwjUVelIBzNc
2011-09-29 00:44:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\EjUVelIBtP
2011-09-29 00:44:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\HgTZqhYCwUrOt0
2011-09-29 00:44:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\mS1ibD3on4
2011-09-29 00:44:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\nG5aQJ6dW8R9
2011-09-29 00:44:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\n8gRZhYXkVlB
2011-09-29 00:43:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\G7fRL9gTXjCkVzN
2011-09-29 00:43:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\tivD2onF4m
2011-09-29 00:43:27 -------- d-----w- C:\Users\Beata\AppData\Roaming\Y1uvS2obFpGaJdK
2011-09-29 00:43:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\EyxA0uvS2b3n5Q6
2011-09-29 00:43:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\WibF3pnG5Q6W
2011-09-29 00:43:14 -------- d-----w- C:\Users\Beata\AppData\Roaming\N7fEL9gTZjCkVl
2011-09-29 00:43:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\eucS1ibD3n4
2011-09-29 00:43:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\yWJ7dEL8gZhXkV
2011-09-29 00:43:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\B4amH5sWJdLgZhX
2011-09-29 00:42:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\kK8fRZ9hTwUeIrP
2011-09-29 00:42:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\h2onF4pmH
2011-09-29 00:42:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\K2onF4pmHs
2011-09-29 00:42:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\oWK7fELgTqY
2011-09-29 00:42:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\t6dEK8fRZhXjClB
2011-09-29 00:42:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\lpmG5sQJ6EfZ
2011-09-29 00:42:27 -------- d-----w- C:\Users\Beata\AppData\Roaming\sD3onF4am5W7E8R
2011-09-29 00:42:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\RqjUCekIBzNAuoF
2011-09-29 00:42:18 -------- d-----w- C:\Users\Beata\AppData\Roaming\OK8fRZ9hTwUeIrP
2011-09-29 00:42:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\n6dWK7fRLgXYeIr
2011-09-29 00:42:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\GEK8fRZ9hX
2011-09-29 00:40:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\whYCwkUVrOtPySi
2011-09-29 00:39:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\rG5sQJ6dE8R9TwU
2011-09-29 00:38:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\lCekIVrzOtAuSiD
2011-09-29 00:37:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\P8gRZ9hYXjV
2011-09-29 00:36:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\DqjYCekIVzNx0c2
2011-09-29 00:35:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\EEK8fRZ9hX
2011-09-29 00:34:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\TtxP0ucS1
2011-09-29 00:33:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\OD3onF4ams
2011-09-29 00:32:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\bycA1uvD2b4
2011-09-29 00:31:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\J3pmG5aQJdKf
2011-09-29 00:30:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\aK8fRZ9hTw
2011-09-29 00:29:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\ConF4pmH5Q7E8R9
2011-09-29 00:28:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\jpm5aQJ6dKfLhXj
2011-09-29 00:27:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\CWK8fRL9hXjCkBz
2011-09-29 00:26:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\mpnG5aQH6W7R9
2011-09-29 00:25:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\RK7fEL9gTqYwIr
2011-09-29 00:24:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\R55aJdKf9TjCkrN
2011-09-29 00:23:54 -------- d-----w- C:\Users\Beata\AppData\Roaming\yCekIVrzOtA
2011-09-28 19:26:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\nbF3pmG5a
2011-09-28 19:26:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\HzPyx1uvSoFpGaJ
2011-09-28 19:26:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\BzONyxA0uSiFp
2011-09-28 19:26:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\rkltPci2Fms7KRh
2011-09-28 19:26:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\ikltPci2Fms7KRh
2011-09-28 19:26:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\DkltPci2Fms7KRh
2011-09-28 19:26:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\vkltPci2Fms7KRh
2011-09-28 19:26:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\DwkeBPci2Fms7KR
2011-09-28 19:26:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\mEzpT0dkSsCc6qx
2011-09-28 19:24:50 -------- d-----w- C:\Users\Beata\AppData\Roaming\a0Hju6I3T0HwvEB
2011-09-28 19:23:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\qm6RqIyvFG6fTeO
2011-09-28 19:22:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\zO4Y1EzGeF90KOH
2011-09-28 19:21:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\Gv2n4m5Q78
2011-09-28 19:20:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\o17lFqyQeDKI2WC
2011-09-28 19:19:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\Z2bF35aQHWfLgXY
2011-09-28 19:18:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZAvo4p5JEf9TjeB
2011-09-28 18:01:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\Sybe
2011-09-28 18:01:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\Orecni
2011-09-28 16:25:02 1728000 ----a-w- C:\Windows\SysWow64\GK8fRZ9hTw.exe
2011-09-28 16:25:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\N1uvD2obFpGsJd
2011-09-28 16:23:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\c3pnG5aQHdKf
2011-09-28 16:23:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\DQJ7dEK8gZhXjVl
2011-09-28 16:23:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\K6sWJ7fELgZhCkV
2011-09-28 16:23:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\IVrlOBtxPySi
2011-09-28 16:23:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\DgRZqhYXwUeOtPy
2011-09-28 16:23:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\ejUVelIBtPyAuD
2011-09-28 16:23:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZF4pmG5sQ6E8R9T
2011-09-28 16:23:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\btzP0ycA1v2n4m5
2011-09-28 16:23:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\PyxA1uvS2b3m5Q6
2011-09-28 16:23:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\ojUVelIBtPyAuDo
2011-09-28 16:23:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\P2ibF3pnGaHdKfL
2011-09-28 16:21:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\qbF3pnG5a
2011-09-28 16:20:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\AGa6Jf8ZYkrNxuS
2011-09-28 16:19:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\naQH6sWK7E9TqYw
2011-09-28 16:19:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\LG4aQH6sW7E9TqY
2011-09-28 16:19:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\tcS1ivD3oFaHs
2011-09-28 16:18:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\FcA1ivD2oFpHsJd
2011-09-28 16:18:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\YWK7fEL9gZjCkVl
2011-09-28 16:18:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\naQJ6dWK8R9TqUe
2011-09-28 16:18:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\paQJ6dWK8R9TqUe
2011-09-28 16:16:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\jekkIIVrzO
2011-09-28 16:15:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\JuvS2obF3m5Q
2011-09-28 02:22:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\W88ffRZ99hXwjCl
2011-09-28 02:22:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\jP00yycA1i
2011-09-28 02:22:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\NUVVeelOBtz
2011-09-28 02:22:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\JiivvD3ooF4am5W
2011-09-28 02:22:32 -------- d-----w- C:\Users\Beata\AppData\Roaming\fddEEL8ggRqhYwk
2011-09-28 02:22:24 -------- d-----w- C:\Users\Beata\AppData\Roaming\wBBttzPNycAuvDo
2011-09-28 02:22:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\pAAA1uuvD2ob4pG
2011-09-28 02:22:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\UfffRLL9gTXqYCk
2011-09-28 02:21:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\tWWWK77fRL9gXjY
2011-09-28 02:21:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\QiibbF3ppn5aQ6d
2011-09-28 02:21:27 -------- d-----w- C:\Users\Beata\AppData\Roaming\eTXqjUCekBOAuSi
2011-09-28 02:21:19 -------- d-----w- C:\Users\Beata\AppData\Roaming\WqhYCwkUVlBx0c1
2011-09-28 02:21:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\sD3onG4am6W
2011-09-28 02:20:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\N4amH5sWJdL
2011-09-28 02:20:23 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZNyxA0uvSiFp
2011-09-28 02:20:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\oxA1uvS2oFpGaJd
2011-09-28 02:20:02 -------- d-----w- C:\5bd139ae8cd6cb01eae70554
2011-09-28 02:19:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\fK8fRL9hTq
2011-09-28 02:19:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\DJ6dWK8fR9TqUeI
2011-09-28 02:19:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\YpmG5aQJ6W8R9
2011-09-28 02:19:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\eelIBrzPNx1v2b3
2011-09-28 02:19:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\vzONyxA0uSiFp
2011-09-28 02:19:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\ARL9gTXqjCkV
2011-09-28 02:19:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\uQH6sWK7fLgZjCk
2011-09-28 02:19:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\zivD3onF4m5W7
2011-09-28 02:19:09 -------- d-----w- C:\Users\Beata\AppData\Roaming\wXwkUVelOt
2011-09-28 02:18:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\xonG4amH6W7E8T
2011-09-28 02:18:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\ebD3pnG4aHsKfL
2011-09-28 02:18:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\aQH6sWK7fLgZjCk
2011-09-28 02:18:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\s3onG4amHsJfLgZ
2011-09-28 02:18:39 -------- d-----w- C:\Users\Beata\AppData\Roaming\U0ycS1ivDoFaHsJ
2011-09-28 02:18:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\HXwkUVelOtPyAiD
2011-09-28 02:18:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\UnG5aQH6dKfLgXj
2011-09-28 02:18:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\QA1uvD2ob4m5Q6E
2011-09-28 02:18:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\pYXwkUVelBz0c1v
2011-09-28 02:18:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\OJ7dEK8gR9YwUeI
2011-09-28 02:18:05 -------- d-----w- C:\Users\Beata\AppData\Roaming\dvD3onF4a
2011-09-28 02:18:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\sRZ9hYXwjVlBzN
2011-09-28 02:16:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\cmH5sQJ7dKgZhXj
2011-09-28 02:15:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\Z6sWJ7fELgZhCkV
2011-09-28 02:14:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\NF3ppGGaQH6W7RT
2011-09-28 02:13:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\JaQH6sWK7E9TqYw
2011-09-28 02:12:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\OQJ7dEK8gZ
2011-09-28 02:11:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\gwjUCelIBzNx1v2
2011-09-28 02:10:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\RqjUCekIBzNx0v
2011-09-28 02:09:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\ftxA0ucS2b3n4Q6
2011-09-28 02:08:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\tlOBtzP0yA
2011-09-28 02:08:44 -------- d-----w- C:\Users\Beata\AppData\Roaming\fTXqjYCekVzNx0c
2011-09-28 02:08:36 -------- d-----w- C:\Users\Beata\AppData\Roaming\cUVrlOBtx0c1v3n
2011-09-28 02:08:30 -------- d-----w- C:\Users\Beata\AppData\Roaming\lkIVrzONtAuSiDp
2011-09-28 02:08:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\urzONyxA0v2b3n5
2011-09-28 02:08:28 -------- d-----w- C:\Users\Beata\AppData\Roaming\YWK8fRL9hX
2011-09-28 02:08:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\RlOBzP0c1voFpHs
2011-09-28 02:08:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\ghYXwjUVeIt
2011-09-28 02:08:08 -------- d-----w- C:\Users\Beata\AppData\Roaming\B9hYXwjUVl
2011-09-28 02:08:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\kxA0ucS2iDpGaHs
2011-09-28 02:06:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\uOBtzP0yc
2011-09-28 02:05:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\wWK7fRL9gXjCkVO
2011-09-28 02:04:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\IS1ibD3on4m6
2011-09-28 02:04:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\WTZqjYCwkVlNx0c
2011-09-28 02:02:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\eXYkrNxu2bp
2011-09-28 02:01:51 -------- d-----w- C:\Users\Beata\AppData\Roaming\I2GKXIAb58XBxi5
2011-09-28 02:00:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\NJ7dEL8gRqY
2011-09-28 01:59:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\OekIVrzONx0c2b3
2011-09-28 01:58:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\SP0ucS1ib3n4m6W
2011-09-28 01:57:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\jP0ycA1iv2n4m5Q
2011-09-28 01:57:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\tS2ibD3pn4Q6W7E
2011-09-28 01:57:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\yIBrzPNyx1v2b3m
2011-09-28 01:57:41 -------- d-----w- C:\Users\Beata\AppData\Roaming\dobF4pmG5Q6E8R9
2011-09-28 01:57:40 -------- d-----w- C:\Users\Beata\AppData\Roaming\k0ycA1ivDoFpHsJ
2011-09-28 01:57:25 -------- d-----w- C:\Users\Beata\AppData\Roaming\VJ7dEL8gRqYw
2011-09-28 01:57:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\uONtxP0uc
2011-09-28 01:57:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\oaQJ6dWK8R9TqUe
2011-09-28 01:57:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\fH5sQJ7dE8
2011-09-28 01:57:01 -------- d-----w- C:\Users\Beata\AppData\Roaming\E5sQJ7dEKg
2011-09-28 01:57:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\x7LTjwVONx0c1b3
2011-09-28 01:57:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\iNtxP0ucSiDoGaH
2011-09-28 01:57:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\DUVrlOBtx0c1v3
2011-09-28 01:55:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\YivD3onF4m5W7E8
2011-09-28 01:55:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\ylOBtzP0yAiDoFp
2011-09-28 01:55:46 -------- d-----w- C:\Users\Beata\AppData\Roaming\wVrzONtxAuSiDpG
2011-09-28 01:55:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\c2ibD3pnGaHsKfL
2011-09-28 01:55:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\kmH5sQJ7dKgZhXj
2011-09-28 01:55:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\PQQHH6ddWKfRLgT
2011-09-28 01:55:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\HZZqqjYCwkIVrOt
2011-09-28 01:55:15 -------- d-----w- C:\Users\Beata\AppData\Roaming\sQJ7dEK8gZhXjVl
2011-09-28 01:53:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\YobF3pmG5Q6W8
2011-09-28 01:52:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\hH5sQJ7dE8Rq
2011-09-28 01:52:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\q3onF4amHsJd
2011-09-28 01:52:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\cYCwkIVrlNx0c1b
2011-09-28 01:52:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZekIVrzON
2011-09-28 01:52:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\mIVrzONtx0
2011-09-28 01:52:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\GVrzONtxAu
2011-09-28 01:52:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\wkIBrzONyAuSi
2011-09-28 01:52:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\c0ycA1ivDoFpHsJ
2011-09-28 01:52:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\F4amH6sWJfLgZhC
2011-09-28 01:52:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\H6dWK7fRLgXjCkV
2011-09-28 01:52:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\bA1uvS2ob3m
2011-09-28 01:52:03 -------- d-----w- C:\Users\Beata\AppData\Roaming\czPNyxA1uSoFpGa
2011-09-28 01:50:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\YBtzP0ycAiDoFpH
2011-09-28 01:49:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\NxP0ycS1iDoFaHs
2011-09-28 01:48:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\S0c1iv3n4HsJdLg
2011-09-28 01:47:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\zXwwkkUVel
2011-09-28 01:46:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\hBBBrzzPN
2011-09-28 01:45:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\LRZqhYXwkVlBz0c
2011-09-28 01:44:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\jBrzy1So3G
2011-09-28 01:40:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\bsssWWJ7dEL8RZ
2011-09-28 01:40:02 -------- d-----w- C:\Program Files (x86)\Minibar
2011-09-28 01:40:00 -------- d-----w- C:\Program Files (x86)\FaceSmooch Smileys
2011-09-28 01:39:53 -------- d-----w- C:\Users\Beata\AppData\Roaming\YzzzPPNycA1uD2b
2011-09-28 01:39:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\snnG55aQH6d
2011-09-28 01:39:41 -------- d-----w- C:\Program Files (x86)\Surf Canyon
2011-09-28 01:39:38 -------- d-----w- C:\ProgramData\Babylon
2011-09-28 01:39:36 -------- d-----w- C:\Program Files (x86)\PriceGong
2011-09-28 01:39:35 -------- d-----w- C:\Users\Beata\AppData\Roaming\EaaaQHH6dWK7RLg
2011-09-28 01:39:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\RJJ66dEK8fRZ9T
2011-09-28 01:39:22 -------- d-----w- C:\Users\Beata\AppData\Roaming\dxxPP0ucS1ib3oG
2011-09-28 01:39:12 -------- d-----w- C:\Users\Beata\AppData\Roaming\VbbDD3ppnGaQ6sK
2011-09-28 01:39:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\y3ppnGG5aHdWfR9
2011-09-28 01:38:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZaQQJJdW8LTqUeI
2011-09-28 01:38:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\q111ivvD3onF
2011-09-28 01:38:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\NkkIIVrrlONxPuS
2011-09-28 01:38:20 -------- d-----w- C:\Users\Beata\AppData\Roaming\eYYXXwkkUVlOBz
2011-09-28 01:38:10 -------- d-----w- C:\Users\Beata\AppData\Roaming\zkkUUVelOB
2011-09-28 01:38:04 -------- d-----w- C:\Users\Beata\AppData\Roaming\RoonnG4amH6
2011-09-28 01:37:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\x00yycS11iD
2011-09-28 01:37:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\vTXXqqjYCe
2011-09-28 01:37:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\LbbbF33pmG5QJ6
2011-09-28 01:37:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\n00yycS11vD3
2011-09-28 01:37:20 -------- d-----w- C:\Users\Beata\AppData\Roaming\AbbD3oonGamHsW7
2011-09-28 01:37:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\RDD33oonF4m
2011-09-28 01:37:06 -------- d-----w- C:\Users\Beata\AppData\Roaming\rtttxPP0ucSib3o
2011-09-28 01:37:00 -------- d-----w- C:\Users\Beata\AppData\Roaming\iccSS2iibD
2011-09-28 01:36:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\pccAA1uvD2obFpG
2011-09-28 01:36:49 -------- d-----w- C:\Users\Beata\AppData\Roaming\SIIBBrzzPy
2011-09-28 01:36:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\fHH55sQJJ7EK8
2011-09-28 01:36:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\VhhhYXXwjUelItz
2011-09-28 01:36:29 -------- d-----w- C:\Users\Beata\AppData\Roaming\KnnFF4pmH5sJ7EK
2011-09-28 01:36:21 -------- d-----w- C:\Users\Beata\AppData\Roaming\UpppnGGaQH6dW7
2011-09-28 01:36:13 -------- d-----w- C:\Users\Beata\AppData\Roaming\cvDD33onF4am
2011-09-28 01:36:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\WAA00uvvS2iF3nG
2011-09-28 01:35:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\e88ggRZZqhXwUV
2011-09-28 01:35:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\SNNyyxAA0uv2iF3
2011-09-28 01:35:47 -------- d-----w- C:\Users\Beata\AppData\Roaming\E66ssWK7fEL9gZj
2011-09-28 01:35:43 -------- d-----w- C:\Users\Beata\AppData\Roaming\aPP00ucS1ibD3
2011-09-28 01:35:37 -------- d-----w- C:\Users\Beata\AppData\Roaming\KkkIIBrrzOyxA
2011-09-28 01:35:32 -------- d-----w- C:\Users\Beata\AppData\Roaming\SfRRZZ9hTXwjClB
2011-09-28 01:35:26 -------- d-----w- C:\Users\Beata\AppData\Roaming\HellIBBrzPN
2011-09-28 01:35:17 -------- d-----w- C:\Users\Beata\AppData\Roaming\iqqqjUUCekIry
2011-09-28 01:35:11 -------- d-----w- C:\Users\Beata\AppData\Roaming\xfRRZZ9hTXwjCe
2011-09-28 01:35:07 -------- d-----w- C:\Users\Beata\AppData\Roaming\ffffRLL9hTXqUCk
2011-09-28 01:35:02 -------- d-----w- C:\Users\Beata\AppData\Roaming\lKKK8fRRL9TXqeI
2011-09-28 01:33:55 -------- d-----w- C:\Users\Beata\AppData\Roaming\lkkkIVVrzONtA0c
2011-09-28 01:32:58 -------- d-----w- C:\Users\Beata\AppData\Roaming\U66ssWJ7fEL8gZh
2011-09-28 01:31:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\CYYXXwkkUVlOBz0
2011-09-28 01:30:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\ixPP00ucS1ib3oG
2011-09-28 01:29:57 -------- d-----w- C:\Users\Beata\AppData\Roaming\njYYCCekIVrzNtA
2011-09-28 01:28:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\slOONNtxP0uc1iD
2011-09-28 01:27:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\nBBrrzOONyx0uSi
2011-09-28 01:26:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\cYYYCwwkUVrO
2011-09-28 01:25:59 -------- d-----w- C:\Users\Beata\AppData\Roaming\X44aaQHH6sW7fL9
2011-09-28 01:24:56 -------- d-----w- C:\Users\Beata\AppData\Roaming\WfffELL9gTZq
2011-09-28 01:24:52 -------- d-----w- C:\Users\Beata\AppData\Roaming\OVVVellOBtx0y
2011-09-28 01:24:48 -------- d-----w- C:\Users\Beata\AppData\Roaming\ZAAA1uuvD2ob
2011-09-28 01:24:45 -------- d-----w- C:\Users\Beata\AppData\Roaming\rrrrzOONyxA0
2011-09-28 01:24:42 -------- d-----w- C:\Users\Beata\AppData\Roaming\zlllONNtxP0cS1b
2011-09-28 01:24:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\HEELL8ggRZq
2011-09-28 01:24:34 -------- d-----w- C:\Users\Beata\AppData\Roaming\EIIIBBtzPNyc1
2011-09-28 01:20:54 -------- d-----we C:\Windows\system64
2011-09-21 06:38:56 -------- d-----w- C:\Users\Beata\riotsGamesLogs
2011-09-21 06:38:38 -------- d-----w- C:\Users\Beata\AppData\Roaming\LolClient
2011-09-21 06:15:25 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2011-09-21 06:15:25 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2011-09-21 06:15:25 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-09-21 06:15:25 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-09-21 06:15:25 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-09-21 02:00:03 -------- d-----w- C:\Users\Beata\AppData\Local\PMB Files
2011-09-21 02:00:01 -------- d-----w- C:\ProgramData\PMB Files
2011-09-21 01:59:40 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-09-17 16:13:41 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2011-09-14 14:46:25 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-09-06 01:33:49 -------- d-----w- C:\Users\Beata\AppData\Local\Real
2011-09-06 01:32:58 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-09-06 01:32:43 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
.
==================== Find3M ====================
.
2011-10-03 20:40:32 2417664 ----a-w- C:\Windows\SysWow64\VEpuBh6ir.exe
2011-10-03 20:40:31 2417664 ----a-w- C:\Windows\SysWow64\KIKiCHPhsvzhaSr.exe
2011-10-03 20:40:31 0 ----a-w- C:\Windows\SysWow64\SpuBh6irg5n1B.exe
2011-10-03 20:40:30 0 ----a-w- C:\Windows\SysWow64\QSkdncjWFtY7m1l.exe
2011-10-03 20:40:30 0 ----a-w- C:\Windows\SysWow64\cpue8pxY7nPX.exe
2011-10-03 20:40:28 512000 ----a-w- C:\Windows\SysWow64\HFcUWFNqW3t.exe
2011-10-03 20:25:50 1152000 ----a-w- C:\Windows\SysWow64\GpnG4aQH6W7E9Tq.exe
2011-10-03 20:25:49 192000 ----a-w- C:\Windows\SysWow64\Am5Jd8ZTwCIzy1S.exe
2011-10-03 20:25:49 0 ----a-w- C:\Windows\SysWow64\s9gTXqjYCkVzNx0.exe
2011-09-30 02:30:42 0 ----a-w- C:\Windows\SysWow64\wJJdhXjeIz.exe
2011-09-30 02:30:41 2417664 ----a-w- C:\Windows\SysWow64\nrAiGsLqklxcbnm.exe
2011-09-30 02:30:40 512000 ----a-w- C:\Windows\SysWow64\WGfeAp7Yt3WqNb6.exe
2011-09-30 00:41:40 2417664 ----a-w- C:\Windows\SysWow64\zYBAGKTIxbaRU.exe
2011-09-30 00:41:38 2417664 ----a-w- C:\Windows\SysWow64\oJZU0DmEYBA.exe
2011-09-29 22:20:12 192000 ----a-w- C:\Windows\SysWow64\NIWuYQxToe71Xm.exe
2011-09-29 22:20:11 2408448 ----a-w- C:\Windows\SysWow64\mGwow4tRpr9pzfb.exe
2011-09-29 22:20:11 0 ----a-w- C:\Windows\SysWow64\rIsz6y7A7xJxWBs.exe
2011-09-29 22:20:08 2408448 ----a-w- C:\Windows\SysWow64\mDZufx6Ui7Uv7Vv.exe
2011-09-29 22:20:08 1344000 ----a-w- C:\Windows\SysWow64\gGSrJyRoe6A.exe
2011-09-29 22:20:07 2408448 ----a-w- C:\Windows\SysWow64\puHYxofw0FEwxDH.exe
2011-09-29 22:20:05 2408448 ----a-w- C:\Windows\SysWow64\LHYcsC17lmV.exe
2011-09-29 22:20:05 2408448 ----a-w- C:\Windows\SysWow64\EHjuaTB3EB.exe
2011-09-29 22:20:04 2408448 ----a-w- C:\Windows\SysWow64\QPaj0QqxaZObWht.exe
2011-09-29 01:10:06 2423808 ----a-w- C:\Windows\SysWow64\Of9XUlrNAv.exe
2011-09-29 01:10:03 2423808 ----a-w- C:\Windows\SysWow64\a8ZhwVIzN1DoF.exe
2011-09-28 01:48:12 2456064 ----a-w- C:\Windows\SysWow64\dLL88gRZZ.exe
2011-09-06 01:32:42 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-08-31 22:45:46 0 ----a-w- C:\ProgramData\pegg.exe
2011-08-31 22:45:46 0 ----a-w- C:\ProgramData\obxp.exe
2011-08-31 22:45:46 0 ----a-w- C:\ProgramData\msbi.exe
2011-08-31 22:45:46 0 ----a-w- C:\ProgramData\cvuc.exe
2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:14:10 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:30:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 23:30:39.65 ===============

Attached Files


Edited by Ervin T, 04 October 2011 - 02:32 AM.


#13 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:24 PM

Posted 04 October 2011 - 10:48 AM

Hi,

My name is Casey and I will be helping you with your malware problems.

Whilst I research the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

Download and run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.

Regards,

Casey

Edited by Casey_boy, 04 October 2011 - 10:49 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#14 Ervin T

Ervin T
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Local time:05:24 AM

Posted 04 October 2011 - 11:35 AM

Hi,

My name is Casey and I will be helping you with your malware problems.

Whilst I research the problems in your logs, it is very important that you do not make any changes to this PC. Specifically, do not run any further malware removal tools or try to remove anything yourself.

You may wish to "Watch Topic" so that you are immediately informed of any replies I make. I also ask that you reply to my posts within 5 days else your topic will be closed as stale.

Throughout the removal process, if you have any questions then you should ask them. If you are unsure of my instructions or something does not go as planned - then please tell me. Conversely, it is also important that you answer any questions I have and that you keep me updated on the state of the PC.

Download and run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are prompted to install the Recovery Console, then please do so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you have trouble running ComboFix, then please rename ComboFix.exe to Caseyboy.exe and re-run.

Regards,

Casey


Thank you for helping me out. While trying to run ComboFix a message popped up that Microsoft Security Essential was running and to disable to before continuing. I disabled MSE thru msconfig and restarted my laptop but ComboFix still says it's running. Should I go ahead and scan anyways?

#15 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:01:24 PM

Posted 04 October 2011 - 11:43 AM

Yes please :)

Try disabling realtime protection first though - open MSE > click Settings > Real-time protection > unitck "Turn on"...

Edited by Casey_boy, 04 October 2011 - 11:45 AM.

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users