OTL logfile created on: 09/04/2013 21:55:32 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\barbie\Desktop\czyszczenie kompa fixitpc.pl Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1023.48 Mb Total Physical Memory | 529.32 Mb Available Physical Memory | 51.72% Memory free 2.40 Gb Paging File | 1.88 Gb Available in Paging File | 78.27% Paging File free Paging file location(s): C:\pagefile.sys 1534 1534 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 146.76 Gb Total Space | 69.80 Gb Free Space | 47.56% Space Free | Partition Type: FAT32 Computer Name: YOUR-8CZVOJY6X5 | User Name: barbie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/04/09 21:54:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\barbie\Desktop\czyszczenie kompa fixitpc.pl\OTL.exe PRC - [2013/03/06 18:47:08 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013/02/08 10:03:24 | 000,235,728 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe PRC - [2013/02/08 10:03:24 | 000,027,136 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe PRC - [2012/11/08 21:18:44 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oasrv.exe PRC - [2012/10/02 15:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oaui.exe PRC - [2012/10/02 15:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oahlp.exe PRC - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe PRC - [2012/01/06 10:00:00 | 001,072,480 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) -- C:\WINDOWS\system32\crytsrv10.exe PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/05/11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/03/07 10:40:04 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\14b55546abb9ff105fb08138cc121ca6\System.Windows.Forms.ni.dll MOD - [2013/01/09 20:54:18 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\acf3c1c09598ff28c926aaeb9fcf5b4e\System.Xaml.ni.dll MOD - [2013/01/09 20:13:52 | 018,000,384 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\72897fe2c7ab10621e90526863a3a492\PresentationFramework.ni.dll MOD - [2013/01/09 20:13:08 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\a0e2726fc2be626fad953d1a3ec49051\PresentationCore.ni.dll MOD - [2013/01/09 20:12:30 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\1c27a7c883c2dfe6fb67a7296ab0bc2d\System.Drawing.ni.dll MOD - [2013/01/09 20:12:26 | 003,856,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\97318300be8453ef8a4b934f5f79b9ac\WindowsBase.ni.dll MOD - [2013/01/09 20:12:18 | 000,595,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\ada1fe26df6a749dfe02c09f7b0e4a99\PresentationFramework.Aero.ni.dll MOD - [2013/01/09 20:12:14 | 000,309,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\96c6a6c0a7b8b79b57861c5e99b25321\PresentationFramework.Classic.ni.dll MOD - [2013/01/09 20:11:24 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\4e2cac0827fc76ba1caa25443cc4ca61\System.Xml.ni.dll MOD - [2013/01/09 20:11:12 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\da100161503047a994c55c9832d72ce7\System.ni.dll MOD - [2013/01/09 20:10:52 | 014,413,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll MOD - [2012/09/07 17:09:26 | 000,394,408 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Antivirus Free Edition\ThreatScanner\trufos.dll MOD - [2012/07/17 07:45:14 | 000,508,136 | ---- | M] () -- C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll MOD - [2012/04/27 15:08:10 | 000,093,040 | ---- | M] () -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdmetrics.dll MOD - [2008/08/01 14:48:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2006/09/14 00:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2006/09/07 17:19:02 | 000,008,704 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2003/09/19 01:03:12 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\VDExt800.dll MOD - [2003/06/07 00:57:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\FsLodLib.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (AviraUpgradeService) SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013/03/15 08:19:36 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/03/06 18:47:08 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/02/08 10:03:24 | 000,027,136 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe -- (gzserv) SRV - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat) SRV - [2012/01/06 10:00:00 | 001,072,480 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Running] -- C:\WINDOWS\system32\crytsrv10.exe -- (cryptainer10service) SRV - [2007/05/11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys -- (RapportIaso) DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_42020.sys -- (RapportCerberus_42020) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Apfiltr.sys -- (ApfiltrService) DRV - [2013/04/09 20:49:30 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32) DRV - [2013/04/05 21:05:24 | 000,021,664 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HWiNFO32.SYS -- (HWiNFO32) DRV - [2012/11/22 23:23:26 | 000,452,816 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2012/11/22 23:23:26 | 000,283,600 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_Vim.sys -- (Uim_Vim) DRV - [2012/11/22 23:23:26 | 000,081,232 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus) DRV - [2012/11/08 21:29:56 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2012/11/08 21:29:54 | 000,681,856 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2012/11/08 21:29:50 | 000,212,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2012/11/08 21:18:46 | 004,122,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2012/11/08 21:07:34 | 000,026,624 | ---- | M] (PenMount Touch Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pmserenum.sys -- (pmserenum) DRV - [2012/11/08 20:57:26 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2) DRV - [2012/10/31 12:13:12 | 000,343,456 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos) DRV - [2012/10/10 14:00:04 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3) DRV - [2012/10/04 13:30:06 | 000,162,976 | ---- | M] (BitDefender LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt) DRV - [2012/10/02 15:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX) DRV - [2012/10/02 15:02:34 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet) DRV - [2012/10/02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon) DRV - [2012/10/02 15:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice) DRV - [2012/10/02 11:31:20 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys -- (bdselfpr) DRV - [2012/08/23 16:20:08 | 000,065,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL) DRV - [2012/02/17 15:45:12 | 000,447,208 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf) DRV - [2012/02/07 17:41:40 | 000,131,432 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys -- (bdftdif) DRV - [2012/01/06 10:00:00 | 000,098,560 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\crytdv10.sys -- (crytdv10) DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2011/05/24 23:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss) DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2006/10/17 20:22:26 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32) DRV - [2006/09/07 17:19:24 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2003/08/09 01:05:24 | 000,060,008 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fvdscsi.sys -- (FVDSCSI) DRV - [2003/08/06 17:46:12 | 000,010,899 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus) DRV - [2003/07/29 18:19:24 | 000,006,397 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SmartCd.sys -- (SmartCd) DRV - [2003/07/02 04:42:00 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1) DRV - [2003/06/23 01:00:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32) DRV - [2003/02/27 17:32:52 | 000,186,368 | ---- | M] (VOB Computersysteme GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw) DRV - [2002/12/13 17:33:52 | 000,064,000 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (Cdrdrv) DRV - [2002/08/29 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2002/08/29 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2002/04/17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K) DRV - [2001/10/04 11:53:16 | 000,009,728 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vobcom.sys -- (vobcom) DRV - [2001/08/17 14:05:20 | 000,031,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCE.sys -- (QCEmerald) DRV - [2001/08/17 14:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio) DRV - [2001/08/17 13:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124) DRV - [2001/08/17 13:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones) DRV - [2001/08/17 13:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft) DRV - [2001/08/17 13:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample) DRV - [2001/08/17 13:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56) DRV - [2001/08/17 13:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback) DRV - [2001/08/17 13:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax) DRV - [2001/08/17 13:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks) DRV - [2001/08/17 13:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2) DRV - [2001/06/22 05:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_url = http://uk.msn.com/?ocid=ie8fr IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 80 00 47 0E 75 CA 01 [binary data] IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\..\SearchScopes,DefaultScope = ${searchCLSID} IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\..\SearchScopes\{889CA01B-DFF1-4AB0-8560-A56695645BCF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll File not found FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\3.bin\NP64EISB.dll File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: File not found FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\1.5.0\FF FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\happylyrics@hpyproductions.net: C:\Program Files\HappyLyrics\FF\ [2013/04/07 19:54:02 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: MapsGalaxy Installer Plugin Stub (Enabled) = C:\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll CHR - plugin: TelevisionFanatic Installer Plugin Stub (Enabled) = C:\Program Files\TelevisionFanaticEI\Installr\3.bin\NP64EISB.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Happy Lyrics = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ealchnonpofjocgofjpopjdoegbbkofj\1.110_0\ CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: Gmail = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - Reg Error: Value error. File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKU\S-1-5-21-315645642-988921762-3928743609-1006\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH) O4 - HKLM..\Run: [adiras] C:\WINDOWS\adiras.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [VirtualDrive] C:\Program Files\FarStone\VirtualDrive\VDTask.exe (FarStone Technology Inc.) O4 - Startup: C:\Documents and Settings\richie\Start Menu\Programs\Startup\A1Clean.lnk = C:\Program Files\A1Click Ultra PC Cleaner\A1Cleanr.exe () O4 - Startup: C:\Documents and Settings\richie\Start Menu\Programs\Startup\DFX.lnk = C:\Program Files\DFX\DFX.exe () O4 - Startup: C:\Documents and Settings\barbie\Start Menu\Programs\Startup\A1Clean.lnk = C:\Program Files\A1Click Ultra PC Cleaner\A1Cleanr.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - Reg Error: Value error. File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340989515328 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3360126-6D02-444F-BB6C-70ECA4D7BBD6}: DhcpNameServer = 192.168.1.1 0.0.0.0 O18 - Protocol\Handler\mctp - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\barbie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\barbie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/10/04 17:51:38 | 000,000,522 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2011/05/10 19:43:14 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/04/09 21:20:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2013/04/09 20:49:28 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys [2013/04/09 20:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Local Settings\Application Data\eSupport.com [2013/04/09 20:38:42 | 000,000,000 | -HSD | C] -- C:\FOUND.000 [2013/04/09 01:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag [2013/04/09 01:41:53 | 000,241,992 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys [2013/04/09 01:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Application Data\OnlineArmor [2013/04/09 01:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor [2013/04/09 01:39:07 | 000,031,920 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys [2013/04/09 01:39:07 | 000,027,648 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys [2013/04/09 01:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor [2013/04/09 01:37:50 | 000,622,616 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys [2013/04/09 01:37:50 | 000,447,208 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys [2013/04/09 01:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2013/04/09 01:34:35 | 000,343,456 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys [2013/04/09 01:34:34 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys [2013/04/08 15:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Application Data\Foxit Software [2013/04/08 11:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2013/04/08 07:16:44 | 000,060,008 | R--- | C] (FarStone Inc.) -- C:\WINDOWS\System32\drivers\fvdscsi.sys [2013/04/08 07:16:44 | 000,010,899 | R--- | C] (FarStone Inc.) -- C:\WINDOWS\System32\drivers\fcdabus.sys [2013/04/08 07:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\FarStone [2013/04/08 07:13:43 | 000,114,688 | ---- | C] (Farstone) -- C:\WINDOWS\System32\DVC.dll [2013/04/08 07:13:43 | 000,081,920 | ---- | C] (FarStone) -- C:\WINDOWS\System32\Dversion.dll [2013/04/07 21:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA VGA BIOS [2013/04/07 21:14:58 | 000,011,832 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\acpimof.dll [2013/04/07 21:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSI [2013/04/07 19:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\HappyLyrics [2013/04/07 15:13:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2013/04/05 21:05:23 | 000,021,664 | ---- | C] (REALiX(tm)) -- C:\WINDOWS\System32\drivers\HWiNFO32.SYS [2013/04/05 21:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO32 [2013/04/05 20:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Local Settings\Application Data\ApplicationHistory [2013/04/05 20:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\SyncFolder [2013/04/05 20:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2013/04/03 09:07:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2013/04/02 13:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QuickScan [2013/04/02 13:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Application Data\QuickScan [2013/04/02 13:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Start Menu\Programs\Revo Uninstaller [2013/04/02 13:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Local Settings\Application Data\Deployment [2013/04/02 12:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Application Data\Claro LTD [2013/04/02 08:56:19 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013/04/02 08:56:19 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys [2013/03/28 23:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Application Data\Auslogics [2013/03/28 23:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics [2013/03/17 01:44:50 | 000,000,000 | ---D | C] -- C:\archive_db [2013/03/17 01:44:22 | 000,000,000 | ---D | C] -- C:\BM2005 [2013/03/17 01:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\explauncher [2013/03/17 01:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\launcher [2013/03/17 01:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software [2013/03/15 12:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Desktop\clients tax returns 15-03-2013 [2013/03/15 09:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Desktop\work application from toshiba [2013/03/14 19:48:13 | 000,000,000 | -HSD | C] -- C:\Recycled [2013/03/13 23:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2013/03/13 23:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Application Data\GoforFiles [2013/03/13 14:47:21 | 000,074,752 | ---- | C] (Mrowisko) -- C:\Documents and Settings\barbie\Desktop\DirLister.exe [2013/03/11 19:46:04 | 000,000,000 | ---D | C] -- C:\Program Files\Jpg2Pdf [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2063/09/19 06:50:50 | 000,005,501 | ---- | M] () -- C:\WINDOWS\System32\rtclmg32.dll [2013/04/09 21:16:18 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/04/09 20:49:30 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys [2013/04/09 20:39:46 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On richie Logon.job [2013/04/09 20:39:46 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On barbie Logon.job [2013/04/09 20:39:46 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-315645642-988921762-3928743609-1006.job [2013/04/09 20:39:46 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-315645642-988921762-3928743609-1005.job [2013/04/09 20:39:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/04/09 20:39:00 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys [2013/04/09 20:38:56 | 001,399,592 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2013/04/09 18:19:52 | 104,857,600 | ---- | M] () -- C:\WINDOWS\System32\cxl1709 [2013/04/09 01:47:26 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\barbie\Desktop\Puran Defrag.lnk [2013/04/09 01:41:54 | 000,241,992 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys [2013/04/09 01:38:10 | 000,168,687 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365467658.bdinstall.bin [2013/04/09 01:33:30 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/04/09 01:06:06 | 000,074,291 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365465929.bdinstall.bin [2013/04/09 01:05:30 | 000,022,078 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365465926.bdinstall.bin [2013/04/09 00:53:50 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\barbie\Start Menu\Programs\Startup\A1Clean.lnk [2013/04/09 00:47:44 | 000,042,515 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365464655.bdinstall.bin [2013/04/09 00:44:16 | 000,022,504 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365464641.bdinstall.bin [2013/04/08 20:06:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/04/08 11:23:04 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk [2013/04/08 08:06:14 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TM UK & Ireland.lnk [2013/04/08 07:18:02 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VirtualDrive Manager.lnk [2013/04/08 07:18:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Wininit.ini [2013/04/08 07:13:44 | 000,114,688 | ---- | M] (Farstone) -- C:\WINDOWS\System32\DVC.dll [2013/04/08 07:13:44 | 000,081,920 | ---- | M] (FarStone) -- C:\WINDOWS\System32\Dversion.dll [2013/04/07 20:33:58 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (4).lnk [2013/04/07 19:11:26 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.disable [2013/04/07 15:45:24 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/04/07 15:45:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.disable [2013/04/06 23:13:46 | 000,487,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/04/06 23:13:46 | 000,082,672 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/04/06 22:45:46 | 000,142,821 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365284626.bdinstall.bin [2013/04/06 22:43:46 | 000,022,282 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365284618.bdinstall.bin [2013/04/06 00:00:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/04/05 22:24:34 | 000,045,242 | ---- | M] () -- C:\WINDOWS\System32\config.zip [2013/04/05 21:05:24 | 000,021,664 | ---- | M] (REALiX(tm)) -- C:\WINDOWS\System32\drivers\HWiNFO32.SYS [2013/04/05 08:21:02 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-315645642-988921762-3928743609-1006.job [2013/04/04 21:44:58 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (3).lnk [2013/04/04 21:31:04 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk [2013/04/04 19:22:12 | 000,010,838 | -H-- | M] () -- C:\WINDOWS\System32\CNBJHLP2.GID [2013/04/02 13:38:48 | 000,176,965 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364905988.bdinstall.bin [2013/04/02 13:27:40 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/04/02 13:26:24 | 000,079,466 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364905549.bdinstall.bin [2013/04/02 13:25:30 | 000,079,771 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364905479.bdinstall.bin [2013/04/02 13:18:06 | 000,025,100 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364903003.2280.bin [2013/04/02 13:18:06 | 000,002,068 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364903003.3272.bin [2013/04/02 13:18:06 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364903003.1676.bin [2013/04/02 13:13:46 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\barbie\Desktop\Revo Uninstaller.lnk [2013/04/02 13:09:08 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/04/02 12:33:24 | 000,028,410 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364902351.bdinstall.bin [2013/04/02 11:48:28 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\barbie\Desktop\Auslogics BoostSpeed.lnk [2013/04/02 09:56:54 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013/04/02 09:21:24 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-315645642-988921762-3928743609-1005.job [2013/03/17 10:52:18 | 377,266,176 | ---- | M] () -- C:\Documents and Settings\barbie\Desktop\ubcd511.iso [2013/03/15 08:19:18 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/03/15 08:19:18 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2063/09/19 06:50:50 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\rtclmg32.dll [2013/04/09 01:47:24 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\barbie\Desktop\Puran Defrag.lnk [2013/04/09 01:39:07 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys [2013/04/09 01:39:07 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys [2013/04/09 01:38:08 | 000,168,687 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365467658.bdinstall.bin [2013/04/09 01:06:05 | 000,074,291 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365465929.bdinstall.bin [2013/04/09 01:05:29 | 000,022,078 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365465926.bdinstall.bin [2013/04/09 00:47:33 | 000,042,515 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365464655.bdinstall.bin [2013/04/09 00:44:14 | 000,022,504 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365464641.bdinstall.bin [2013/04/08 11:23:03 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk [2013/04/08 07:18:47 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VirtualDrive Manager.lnk [2013/04/07 20:33:57 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (4).lnk [2013/04/06 22:45:44 | 000,142,821 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365284626.bdinstall.bin [2013/04/06 22:43:45 | 000,022,282 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365284618.bdinstall.bin [2013/04/05 22:24:32 | 000,045,242 | ---- | C] () -- C:\WINDOWS\System32\config.zip [2013/04/04 21:44:57 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (3).lnk [2013/04/04 21:31:03 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk [2013/04/04 19:22:08 | 000,010,838 | -H-- | C] () -- C:\WINDOWS\System32\CNBJHLP2.GID [2013/04/03 10:17:03 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TM UK & Ireland.lnk [2013/04/02 13:42:01 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\barbie\Desktop\Auslogics BoostSpeed.lnk [2013/04/02 13:38:46 | 000,176,965 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364905988.bdinstall.bin [2013/04/02 13:27:19 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys [2013/04/02 13:26:22 | 000,079,466 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364905549.bdinstall.bin [2013/04/02 13:25:29 | 000,079,771 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364905479.bdinstall.bin [2013/04/02 13:13:44 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\barbie\Desktop\Revo Uninstaller.lnk [2013/04/02 13:09:06 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/04/02 13:09:06 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/04/02 13:05:13 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.disable [2013/04/02 13:05:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.disable [2013/04/02 12:45:04 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364903003.1676.bin [2013/04/02 12:44:37 | 000,002,068 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364903003.3272.bin [2013/04/02 12:43:24 | 000,025,100 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364903003.2280.bin [2013/04/02 12:33:22 | 000,028,410 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364902351.bdinstall.bin [2013/04/02 11:48:51 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On richie Logon.job [2013/03/28 23:09:57 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On barbie Logon.job [2013/03/17 10:15:27 | 377,266,176 | ---- | C] () -- C:\Documents and Settings\barbie\Desktop\ubcd511.iso [2013/03/15 07:59:59 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/03/07 13:03:04 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\$_hpcst$.hpc [2013/03/07 12:39:42 | 000,000,091 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2013/03/07 12:39:15 | 000,345,088 | ---- | C] () -- C:\WINDOWS\adiras.x64.exe [2013/03/07 12:39:15 | 000,000,375 | ---- | C] () -- C:\WINDOWS\adiras.ini [2013/03/07 12:39:14 | 000,241,664 | ---- | C] () -- C:\WINDOWS\adiras.exe [2013/03/07 12:39:09 | 000,127,456 | ---- | C] () -- C:\WINDOWS\System32\IPDETECT.EXE [2013/03/07 12:38:59 | 000,122,880 | ---- | C] () -- C:\WINDOWS\autoclk.exe [2013/03/07 12:38:58 | 000,056,832 | ---- | C] () -- C:\WINDOWS\ISCall.exe [2013/03/07 12:38:54 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL [2013/03/07 12:38:52 | 000,152,146 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4P2.BIN [2013/03/07 12:38:51 | 000,152,308 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4I2.BIN [2013/03/07 12:38:51 | 000,152,145 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4P1.BIN [2013/03/07 12:38:51 | 000,152,145 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4P0.BIN [2013/03/07 12:38:50 | 000,152,306 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4I1.BIN [2013/03/07 12:38:50 | 000,152,306 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4I0.BIN [2013/03/07 12:38:50 | 000,152,036 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4D2.BIN [2013/03/07 12:38:49 | 000,152,034 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4D1.BIN [2013/03/07 12:38:49 | 000,152,034 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4D0.BIN [2013/03/07 12:38:49 | 000,022,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\fpga.bin [2012/12/02 14:59:37 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\scaninfo.xml.urlencode [2012/12/02 14:59:34 | 000,001,275 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\scaninfo.xml [2012/12/02 14:52:16 | 000,086,756 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\userenv.xml.urlencode [2012/12/02 14:52:08 | 000,065,092 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\userenv.xml [2012/11/08 21:53:35 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CNMCP1W.EXE [2012/11/08 21:09:26 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS1W.DLL [2012/09/28 17:27:34 | 001,364,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-315645642-988921762-3928743609-1006-0.dat [2012/08/14 20:06:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2012/02/16 08:18:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/12/22 22:13:58 | 000,000,096 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini [2011/12/02 21:17:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2011/12/01 10:00:05 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-H1E4V.exe [2011/10/24 23:30:09 | 000,001,677 | ---- | C] () -- C:\WINDOWS\wizards.ini [2011/09/06 21:43:40 | 001,237,910 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-315645642-988921762-3928743609-1005-0.dat [2011/09/06 21:43:39 | 000,310,102 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2011/05/09 22:56:51 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/21 11:31:28 | 000,000,163 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini [2008/11/28 13:05:53 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\AutoGK.ini [2008/09/29 12:57:41 | 000,001,321 | ---- | C] () -- C:\Documents and Settings\barbie\masks [2008/08/16 17:15:33 | 000,193,536 | ---- | C] () -- C:\Documents and Settings\barbie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2011/09/18 21:44:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:06 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2011/09/26 13:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer [2008/08/15 22:48:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET [2008/08/16 13:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo [2008/08/16 14:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/08/16 17:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2008/09/19 22:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2008/09/26 11:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom Scientific [2008/11/25 13:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\shctxex.vb [2009/01/08 11:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ipla [2009/04/03 15:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2009/04/17 00:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla! [2009/04/17 00:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard [2007/01/01 11:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thinstall [2009/12/06 16:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\inf [2010/08/22 02:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc [2010/11/08 21:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage [2011/05/07 18:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VT Accounts [2011/05/07 18:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VT Transaction [2011/06/18 13:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer [2011/12/22 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11 [2012/01/07 19:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2012/01/07 20:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium [2012/01/08 13:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Tool [2012/01/08 13:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX [2012/03/16 12:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService [2012/05/10 20:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2012/08/10 10:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon [2012/08/18 20:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software [2012/10/29 16:52:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3002E08A-4925-4821-8D06-D5FC4EBFF034} [2012/10/29 16:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh [2012/11/08 11:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT [2012/11/27 20:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit [2012/12/02 14:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Drivers For Free [2012/12/02 14:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp360 [2012/12/31 16:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\31302 [2013/03/06 13:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2013/03/06 22:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverGenius [2013/03/07 13:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions [2013/03/13 23:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2013/03/17 01:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher [2013/03/17 01:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher [2013/04/09 01:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor [2011/12/30 15:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\{DCD48218-E972-4d0c-9E5F-43462BC13E3B} [2013/04/02 13:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\QuickScan [2008/10/12 16:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\OnlineArmor [2009/05/21 09:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\FarStone [2010/08/21 11:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\FxFotoDB [2010/08/22 02:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\GetRightToGo [2011/02/23 12:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Efficient Reminder Free [2011/04/08 19:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\uTorrent [2011/04/09 13:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\DeviceDoctorSoftware [2011/04/09 14:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\ParetoLogic [2011/04/09 14:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\DriverCure [2011/04/09 18:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\ErrorTeck [2011/06/19 13:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Trusteer [2011/07/17 22:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\GARMIN [2012/01/11 20:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\DriverFinder [2012/01/27 22:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\tinySpell [2012/03/27 14:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\ICQ Search [2012/04/04 12:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\AVG Secure Search [2012/04/04 12:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\DVDVideoSoft [2012/04/04 12:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\DVDVideoSoftIEHelpers [2012/05/10 20:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\mediabarim [2012/05/10 22:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\searchquband [2012/05/15 22:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Funmoods [2012/05/21 12:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\PriceGong [2012/06/19 09:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Inbox Toolbar [2012/06/19 09:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\SiteRanker [2012/08/10 10:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Babylon [2012/08/10 10:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\BabylonToolbar [2012/08/14 20:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Iminent [2012/08/14 20:07:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Toolbar4 [2012/08/18 20:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\SpeedyPC Software [2012/11/27 20:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\PC Utility Kit [2012/11/29 14:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Claro LTD [2012/12/03 10:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\WinZip [2013/04/02 11:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Auslogics [2013/04/08 11:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Foxit Software [2008/08/16 13:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Ashampoo [2008/08/25 01:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Mp3tag [2008/08/28 21:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\uTorrent [2008/10/22 18:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\MPEG Streamclip [2008/10/30 00:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\XnView [2008/12/02 17:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\MSPWNOUP2006 [2008/12/02 20:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\SmartDraw [2008/12/07 19:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\FarStone [2009/01/05 18:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\OpenOffice.org [2009/03/14 15:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\tinySpell [2009/04/09 23:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Thunderbird [2007/01/01 11:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Thinstall [2009/12/07 18:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\BITS [2010/01/19 22:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\o2.pl [2011/05/07 19:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\VT Accounts [2011/11/14 15:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\GARMIN [2012/04/28 19:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\blekkotb [2012/12/02 14:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\spotmau [2012/12/09 12:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\VSRevoGroup [2013/03/06 19:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\PCCUStubInstaller [2013/03/06 19:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\SystemRequirementsLab [2013/03/06 20:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\YourFileDownloader [2013/03/07 09:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Easeware [2013/03/13 23:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\GoforFiles [2013/03/28 23:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Auslogics [2013/04/02 12:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Claro LTD [2013/04/02 13:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\QuickScan [2013/04/08 15:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Foxit Software [2013/04/09 01:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\OnlineArmor [color=#E56717]========== Purity Check ==========[/color] < End of report >