OTL logfile created on: 12/04/2013 12:21:25 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\barbie\Desktop\czyszczenie kompa fixitpc.pl Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1023.48 Mb Total Physical Memory | 467.94 Mb Available Physical Memory | 45.72% Memory free 2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.11% Paging File free Paging file location(s): C:\pagefile.sys 1534 1534 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 146.80 Gb Total Space | 75.08 Gb Free Space | 51.15% Space Free | Partition Type: NTFS Computer Name: YOUR-8CZVOJY6X5 | User Name: barbie | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/04/09 21:54:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\barbie\Desktop\czyszczenie kompa fixitpc.pl\OTL.exe PRC - [2013/03/16 13:13:06 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe PRC - [2013/03/16 13:00:52 | 000,068,168 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe PRC - [2013/03/16 13:00:20 | 001,372,232 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe PRC - [2013/03/16 12:59:50 | 000,070,728 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe PRC - [2013/03/06 18:47:08 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013/02/08 10:03:24 | 000,235,728 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe PRC - [2013/02/08 10:03:24 | 000,027,136 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe PRC - [2012/11/08 21:18:44 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oasrv.exe PRC - [2012/10/02 15:02:10 | 002,415,104 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oaui.exe PRC - [2012/10/02 15:02:06 | 001,248,144 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oahlp.exe PRC - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) -- C:\Program Files\Online Armor\oacat.exe PRC - [2012/01/06 10:00:00 | 001,072,480 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) -- C:\WINDOWS\system32\crytsrv10.exe PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003/09/26 01:34:36 | 000,098,304 | ---- | M] (FarStone Technology Inc.) -- C:\Program Files\FarStone\VirtualDrive\vdtask.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/03/16 12:36:30 | 000,069,192 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll MOD - [2013/03/16 12:36:30 | 000,050,248 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll MOD - [2013/03/16 12:36:28 | 000,096,840 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll MOD - [2013/03/16 12:36:26 | 000,115,784 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\NASOperator.dll MOD - [2013/03/16 12:36:22 | 000,578,632 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll MOD - [2013/03/16 12:36:22 | 000,468,040 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll MOD - [2013/03/16 12:36:22 | 000,293,960 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll MOD - [2013/03/16 12:36:22 | 000,068,680 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll MOD - [2013/03/16 12:36:20 | 000,192,584 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EmailBrowser.dll MOD - [2013/03/16 12:36:20 | 000,192,072 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EmailBackupSize.dll MOD - [2013/03/16 12:36:18 | 000,135,752 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CloudOperator.dll MOD - [2013/03/16 12:36:18 | 000,098,888 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll MOD - [2013/03/16 12:36:18 | 000,090,696 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ActivationOnline.dll MOD - [2013/03/16 12:36:18 | 000,037,960 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ActiveOnline.dll MOD - [2013/03/16 12:36:18 | 000,029,768 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CompressFile.dll MOD - [2013/03/16 12:36:18 | 000,022,088 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll MOD - [2013/03/07 10:40:04 | 013,198,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\14b55546abb9ff105fb08138cc121ca6\System.Windows.Forms.ni.dll MOD - [2013/01/09 20:12:30 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\1c27a7c883c2dfe6fb67a7296ab0bc2d\System.Drawing.ni.dll MOD - [2013/01/09 20:11:24 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\4e2cac0827fc76ba1caa25443cc4ca61\System.Xml.ni.dll MOD - [2013/01/09 20:11:12 | 009,093,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\da100161503047a994c55c9832d72ce7\System.ni.dll MOD - [2013/01/09 20:10:52 | 014,413,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll MOD - [2012/09/07 17:09:26 | 000,394,408 | ---- | M] () -- \\?\C:\Program Files\Bitdefender\Antivirus Free Edition\ThreatScanner\trufos.dll MOD - [2012/07/17 07:45:14 | 000,508,136 | ---- | M] () -- C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll MOD - [2012/04/27 15:08:10 | 000,093,040 | ---- | M] () -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdmetrics.dll MOD - [2008/11/25 17:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll MOD - [2006/09/14 00:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2006/09/07 17:19:02 | 000,008,704 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2004/10/05 03:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll MOD - [2003/09/19 01:03:12 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\VDExt800.dll MOD - [2003/06/07 00:57:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\FsLodLib.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2013/03/16 13:13:06 | 000,023,624 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent) SRV - [2013/03/16 13:00:52 | 000,068,168 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent) SRV - [2013/03/15 08:19:36 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/03/06 18:47:08 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/02/08 10:03:24 | 000,027,136 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe -- (gzserv) SRV - [2012/10/02 15:02:10 | 004,463,864 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor) SRV - [2012/10/02 15:02:04 | 000,216,072 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat) SRV - [2012/01/06 10:00:00 | 001,072,480 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Running] -- C:\WINDOWS\system32\crytsrv10.exe -- (cryptainer10service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2013/04/09 20:49:30 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32) DRV - [2013/04/05 21:05:24 | 000,021,664 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HWiNFO32.SYS -- (HWiNFO32) DRV - [2013/03/16 12:50:16 | 000,185,672 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK) DRV - [2013/03/16 12:47:04 | 000,040,648 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON) DRV - [2013/03/16 12:41:46 | 000,014,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS) DRV - [2013/03/16 12:38:36 | 000,050,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP) DRV - [2013/02/18 13:59:44 | 000,452,816 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2013/02/18 13:59:44 | 000,283,600 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_Vim.sys -- (Uim_Vim) DRV - [2013/02/18 13:59:44 | 000,081,232 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus) DRV - [2013/02/18 13:59:42 | 000,027,136 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore3.sys -- (hotcore3) DRV - [2012/11/08 21:29:56 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP) DRV - [2012/11/08 21:29:54 | 000,681,856 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2012/11/08 21:29:50 | 000,212,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2) DRV - [2012/11/08 21:18:46 | 004,122,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2012/11/08 21:07:34 | 000,026,624 | ---- | M] (PenMount Touch Solutions) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pmserenum.sys -- (pmserenum) DRV - [2012/11/08 20:57:26 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2) DRV - [2012/10/31 12:13:12 | 000,343,456 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\trufos.sys -- (trufos) DRV - [2012/10/10 14:00:04 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avc3.sys -- (avc3) DRV - [2012/10/04 13:30:06 | 000,162,976 | ---- | M] (BitDefender LLC) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\gzflt.sys -- (gzflt) DRV - [2012/10/02 15:03:04 | 000,044,992 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oahlp32.sys -- (oahlpXX) DRV - [2012/10/02 15:02:34 | 000,031,920 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet) DRV - [2012/10/02 15:02:34 | 000,027,648 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon) DRV - [2012/10/02 15:02:32 | 000,208,320 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice) DRV - [2012/10/02 11:31:20 | 000,134,136 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdselfpr.sys -- (bdselfpr) DRV - [2012/08/23 16:20:08 | 000,065,816 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL) DRV - [2012/02/17 15:45:12 | 000,447,208 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avckf.sys -- (avckf) DRV - [2012/02/07 17:41:40 | 000,131,432 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys -- (bdftdif) DRV - [2012/01/06 10:00:00 | 000,098,560 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\crytdv10.sys -- (crytdv10) DRV - [2011/06/02 10:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2011/05/24 23:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss) DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2006/10/17 20:22:26 | 000,009,216 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32) DRV - [2006/09/07 17:19:24 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2003/08/09 01:05:24 | 000,060,008 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fvdscsi.sys -- (FVDSCSI) DRV - [2003/08/06 17:46:12 | 000,010,899 | R--- | M] (FarStone Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fcdabus.sys -- (fcdabus) DRV - [2003/07/29 18:19:24 | 000,006,397 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SmartCd.sys -- (SmartCd) DRV - [2003/07/02 04:42:00 | 000,027,904 | R--- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1) DRV - [2003/06/23 01:00:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32) DRV - [2003/02/27 17:32:52 | 000,186,368 | ---- | M] (VOB Computersysteme GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw) DRV - [2002/12/13 17:33:52 | 000,064,000 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (Cdrdrv) DRV - [2002/08/29 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2002/08/29 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2002/04/17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K) DRV - [2001/10/04 11:53:16 | 000,009,728 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vobcom.sys -- (vobcom) DRV - [2001/08/17 14:05:20 | 000,031,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCE.sys -- (QCEmerald) DRV - [2001/08/17 14:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio) DRV - [2001/08/17 13:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124) DRV - [2001/08/17 13:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones) DRV - [2001/08/17 13:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft) DRV - [2001/08/17 13:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample) DRV - [2001/08/17 13:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56) DRV - [2001/08/17 13:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback) DRV - [2001/08/17 13:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax) DRV - [2001/08/17 13:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks) DRV - [2001/08/17 13:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2) DRV - [2001/06/22 05:39:02 | 000,073,728 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:10293 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:10293 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_url = http://uk.msn.com/?ocid=ie8fr IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=128 IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 80 00 47 0E 75 CA 01 [binary data] IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\..\SearchScopes,DefaultScope = ${searchCLSID} IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\..\SearchScopes\${searchCLSID}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\..\SearchScopes\{889CA01B-DFF1-4AB0-8560-A56695645BCF}: "URL" = http://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7 IE - HKU\S-1-5-21-315645642-988921762-3928743609-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll File not found FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\3.bin\NP64EISB.dll File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: File not found FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\webbooster@iminent.com: C:\Program Files\Iminent\webbooster@iminent.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\1.5.0\FF FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\happylyrics@hpyproductions.net: C:\Program Files\HappyLyrics\FF\ [2013/04/07 19:54:02 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: MapsGalaxy Installer Plugin Stub (Enabled) = C:\Program Files\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll CHR - plugin: TelevisionFanatic Installer Plugin Stub (Enabled) = C:\Program Files\TelevisionFanaticEI\Installr\3.bin\NP64EISB.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Happy Lyrics = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ealchnonpofjocgofjpopjdoegbbkofj\1.110_0\ CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of CHR - Extension: SweetIM for Facebook = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\ CHR - Extension: Gmail = C:\Documents and Settings\barbie\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2011/12/22 16:11:00 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\OAui.exe (Emsisoft GmbH) O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd) O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [VirtualDrive] C:\Program Files\FarStone\VirtualDrive\VDTask.exe (FarStone Technology Inc.) O4 - Startup: C:\Documents and Settings\richie\Start Menu\Programs\Startup\A1Clean.lnk = C:\Program Files\A1Click Ultra PC Cleaner\A1Cleanr.exe () O4 - Startup: C:\Documents and Settings\richie\Start Menu\Programs\Startup\DFX.lnk = C:\Program Files\DFX\DFX.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 219 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 219 O7 - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 O7 - HKU\S-1-5-21-315645642-988921762-3928743609-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MemCheckBoxInRunDlg = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340989515328 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3360126-6D02-444F-BB6C-70ECA4D7BBD6}: DhcpNameServer = 192.168.1.1 0.0.0.0 O18 - Protocol\Handler\mctp - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\barbie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\barbie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsisoft GmbH) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/10/04 17:51:38 | 000,000,522 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011/05/10 19:43:14 | 000,000,000 | RHSD | M] - C:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/04/11 19:59:52 | 000,000,000 | -HSD | C] -- C:\BOOT [2013/04/11 19:43:13 | 000,185,672 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys [2013/04/11 19:43:12 | 000,014,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys [2013/04/11 19:43:11 | 000,050,248 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys [2013/04/11 19:37:15 | 000,019,528 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe [2013/04/11 19:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Acebyte [2013/04/11 19:35:42 | 000,000,000 | ---D | C] -- C:\Program Files\EaseUS [2013/04/10 18:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\backup [2013/04/10 18:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\managecapsule [2013/04/10 17:17:27 | 000,027,136 | ---- | C] (Paragon Software Group) -- C:\WINDOWS\System32\drivers\hotcore3.sys [2013/04/09 20:49:28 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys [2013/04/09 20:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Local Settings\Application Data\eSupport.com [2013/04/09 01:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Puran Defrag [2013/04/09 01:41:53 | 000,241,992 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys [2013/04/09 01:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Application Data\OnlineArmor [2013/04/09 01:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor [2013/04/09 01:39:07 | 000,031,920 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAnet.sys [2013/04/09 01:39:07 | 000,027,648 | ---- | C] (Emsisoft) -- C:\WINDOWS\System32\drivers\OAmon.sys [2013/04/09 01:38:51 | 000,000,000 | ---D | C] -- C:\Program Files\Online Armor [2013/04/09 01:37:50 | 000,622,616 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avc3.sys [2013/04/09 01:37:50 | 000,447,208 | ---- | C] (BitDefender) -- C:\WINDOWS\System32\drivers\avckf.sys [2013/04/09 01:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender [2013/04/09 01:34:35 | 000,343,456 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\trufos.sys [2013/04/09 01:34:34 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\System32\drivers\gzflt.sys [2013/04/08 15:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Application Data\Foxit Software [2013/04/08 11:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software [2013/04/08 07:16:44 | 000,060,008 | R--- | C] (FarStone Inc.) -- C:\WINDOWS\System32\drivers\fvdscsi.sys [2013/04/08 07:16:44 | 000,010,899 | R--- | C] (FarStone Inc.) -- C:\WINDOWS\System32\drivers\fcdabus.sys [2013/04/08 07:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\FarStone [2013/04/08 07:13:43 | 000,114,688 | ---- | C] (Farstone) -- C:\WINDOWS\System32\DVC.dll [2013/04/08 07:13:43 | 000,081,920 | ---- | C] (FarStone) -- C:\WINDOWS\System32\Dversion.dll [2013/04/07 21:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA VGA BIOS [2013/04/07 21:14:58 | 000,011,832 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\acpimof.dll [2013/04/07 21:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSI [2013/04/07 19:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\HappyLyrics [2013/04/07 15:13:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2013/04/05 21:05:23 | 000,021,664 | ---- | C] (REALiX(tm)) -- C:\WINDOWS\System32\drivers\HWiNFO32.SYS [2013/04/05 21:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\HWiNFO32 [2013/04/05 20:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Local Settings\Application Data\ApplicationHistory [2013/04/05 20:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\SyncFolder [2013/04/05 20:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2013/04/03 09:07:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2013/04/02 13:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\QuickScan [2013/04/02 13:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Application Data\QuickScan [2013/04/02 13:13:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Start Menu\Programs\Revo Uninstaller [2013/04/02 13:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Local Settings\Application Data\Deployment [2013/04/02 12:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Application Data\Claro LTD [2013/04/02 08:56:19 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2013/04/02 08:56:19 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys [2013/03/28 23:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Application Data\Auslogics [2013/03/28 23:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics [2013/03/17 01:44:50 | 000,000,000 | ---D | C] -- C:\archive_db [2013/03/17 01:44:22 | 000,000,000 | ---D | C] -- C:\BM2005 [2013/03/17 01:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\explauncher [2013/03/17 01:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\launcher [2013/03/17 01:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Paragon Software [2013/03/15 12:53:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Desktop\clients tax returns 15-03-2013 [2013/03/15 09:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Desktop\work application from toshiba [2013/03/13 23:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2013/03/13 23:21:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\barbie\Application Data\GoforFiles [2013/03/13 14:47:21 | 000,074,752 | ---- | C] (Mrowisko) -- C:\Documents and Settings\barbie\Desktop\DirLister.exe [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2063/09/19 06:50:50 | 000,005,501 | ---- | M] () -- C:\WINDOWS\System32\rtclmg32.dll [2013/04/12 12:28:41 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\Eu(12-20130321).OD [2013/04/12 12:17:18 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On richie Logon.job [2013/04/12 12:17:18 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On barbie Logon.job [2013/04/12 12:17:18 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-315645642-988921762-3928743609-1005.job [2013/04/12 12:17:17 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-315645642-988921762-3928743609-1006.job [2013/04/12 12:16:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/04/12 12:16:16 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys [2013/04/12 12:16:12 | 001,413,639 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2013/04/12 11:16:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/04/12 08:21:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-315645642-988921762-3928743609-1006.job [2013/04/11 19:43:06 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Home 5.8 Trial.lnk [2013/04/11 19:36:12 | 000,000,023 | ---- | M] () -- C:\WINDOWS\System32\CleanGenius3Free.dll [2013/04/10 17:17:26 | 000,002,027 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paragon Backup & Recovery™ 2013 Free.lnk [2013/04/10 13:32:06 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/04/10 08:14:22 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/04/09 23:38:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/04/09 20:49:30 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys [2013/04/09 18:19:52 | 104,857,600 | ---- | M] () -- C:\WINDOWS\System32\cxl1709 [2013/04/09 01:47:26 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\barbie\Desktop\Puran Defrag.lnk [2013/04/09 01:41:54 | 000,241,992 | ---- | M] (BitDefender) -- C:\WINDOWS\System32\drivers\avchv.sys [2013/04/09 01:38:10 | 000,168,687 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365467658.bdinstall.bin [2013/04/09 01:06:06 | 000,074,291 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365465929.bdinstall.bin [2013/04/09 01:05:30 | 000,022,078 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365465926.bdinstall.bin [2013/04/09 00:47:44 | 000,042,515 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365464655.bdinstall.bin [2013/04/09 00:44:16 | 000,022,504 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365464641.bdinstall.bin [2013/04/08 20:06:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/04/08 11:23:04 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk [2013/04/08 08:06:14 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TM UK & Ireland.lnk [2013/04/08 07:18:02 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VirtualDrive Manager.lnk [2013/04/08 07:18:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Wininit.ini [2013/04/08 07:13:44 | 000,114,688 | ---- | M] (Farstone) -- C:\WINDOWS\System32\DVC.dll [2013/04/08 07:13:44 | 000,081,920 | ---- | M] (FarStone) -- C:\WINDOWS\System32\Dversion.dll [2013/04/07 20:33:58 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (4).lnk [2013/04/07 19:11:26 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.disable [2013/04/07 15:45:24 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/04/07 15:45:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.disable [2013/04/06 23:13:46 | 000,487,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/04/06 23:13:46 | 000,082,672 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/04/06 22:45:46 | 000,142,821 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365284626.bdinstall.bin [2013/04/06 22:43:46 | 000,022,282 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1365284618.bdinstall.bin [2013/04/06 00:00:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/04/05 22:24:34 | 000,045,242 | ---- | M] () -- C:\WINDOWS\System32\config.zip [2013/04/05 21:05:24 | 000,021,664 | ---- | M] (REALiX(tm)) -- C:\WINDOWS\System32\drivers\HWiNFO32.SYS [2013/04/04 21:44:58 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (3).lnk [2013/04/04 21:31:04 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk [2013/04/04 19:22:12 | 000,010,838 | -H-- | M] () -- C:\WINDOWS\System32\CNBJHLP2.GID [2013/04/02 13:38:48 | 000,176,965 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364905988.bdinstall.bin [2013/04/02 13:27:40 | 000,001,742 | ---- | M] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/04/02 13:26:24 | 000,079,466 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364905549.bdinstall.bin [2013/04/02 13:25:30 | 000,079,771 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364905479.bdinstall.bin [2013/04/02 13:18:06 | 000,025,100 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364903003.2280.bin [2013/04/02 13:18:06 | 000,002,068 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364903003.3272.bin [2013/04/02 13:18:06 | 000,000,189 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364903003.1676.bin [2013/04/02 13:13:46 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\barbie\Desktop\Revo Uninstaller.lnk [2013/04/02 12:33:24 | 000,028,410 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1364902351.bdinstall.bin [2013/04/02 11:48:28 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\barbie\Desktop\Auslogics BoostSpeed.lnk [2013/04/02 09:56:54 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2013/04/02 09:21:24 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-315645642-988921762-3928743609-1005.job [2013/03/17 10:52:18 | 377,266,176 | ---- | M] () -- C:\Documents and Settings\barbie\Desktop\ubcd511.iso [2013/03/16 12:59:18 | 000,019,528 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe [2013/03/16 12:50:16 | 000,185,672 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys [2013/03/16 12:47:04 | 000,040,648 | ---- | M] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys [2013/03/16 12:41:46 | 000,014,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys [2013/03/16 12:38:36 | 000,050,248 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys [2013/03/15 08:19:18 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/03/15 08:19:18 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2063/09/19 06:50:50 | 000,005,501 | ---- | C] () -- C:\WINDOWS\System32\rtclmg32.dll [2013/04/11 19:59:52 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\Eu(12-20130321).OD [2013/04/11 19:43:09 | 000,040,648 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys [2013/04/11 19:43:04 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EaseUS Todo Backup Home 5.8 Trial.lnk [2013/04/11 19:36:11 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\CleanGenius3Free.dll [2013/04/10 17:17:24 | 000,002,027 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paragon Backup & Recovery™ 2013 Free.lnk [2013/04/09 23:32:35 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2013/04/09 01:47:24 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\barbie\Desktop\Puran Defrag.lnk [2013/04/09 01:39:07 | 000,208,320 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys [2013/04/09 01:39:07 | 000,044,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys [2013/04/09 01:38:08 | 000,168,687 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365467658.bdinstall.bin [2013/04/09 01:06:05 | 000,074,291 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365465929.bdinstall.bin [2013/04/09 01:05:29 | 000,022,078 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365465926.bdinstall.bin [2013/04/09 00:47:33 | 000,042,515 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365464655.bdinstall.bin [2013/04/09 00:44:14 | 000,022,504 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365464641.bdinstall.bin [2013/04/08 11:23:03 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk [2013/04/08 07:18:47 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VirtualDrive Manager.lnk [2013/04/07 20:33:57 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (4).lnk [2013/04/06 22:45:44 | 000,142,821 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365284626.bdinstall.bin [2013/04/06 22:43:45 | 000,022,282 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1365284618.bdinstall.bin [2013/04/05 22:24:32 | 000,045,242 | ---- | C] () -- C:\WINDOWS\System32\config.zip [2013/04/04 21:44:57 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (3).lnk [2013/04/04 21:31:03 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk [2013/04/04 19:22:08 | 000,010,838 | -H-- | C] () -- C:\WINDOWS\System32\CNBJHLP2.GID [2013/04/03 10:17:03 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TM UK & Ireland.lnk [2013/04/02 13:42:01 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\barbie\Desktop\Auslogics BoostSpeed.lnk [2013/04/02 13:38:46 | 000,176,965 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364905988.bdinstall.bin [2013/04/02 13:27:19 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys [2013/04/02 13:26:22 | 000,079,466 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364905549.bdinstall.bin [2013/04/02 13:25:29 | 000,079,771 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364905479.bdinstall.bin [2013/04/02 13:13:44 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\barbie\Desktop\Revo Uninstaller.lnk [2013/04/02 13:09:06 | 000,001,742 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/04/02 13:09:06 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk [2013/04/02 13:05:13 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.disable [2013/04/02 13:05:12 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.disable [2013/04/02 12:45:04 | 000,000,189 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364903003.1676.bin [2013/04/02 12:44:37 | 000,002,068 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364903003.3272.bin [2013/04/02 12:43:24 | 000,025,100 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364903003.2280.bin [2013/04/02 12:33:22 | 000,028,410 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1364902351.bdinstall.bin [2013/04/02 11:48:51 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On richie Logon.job [2013/03/28 23:09:57 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On barbie Logon.job [2013/03/17 10:15:27 | 377,266,176 | ---- | C] () -- C:\Documents and Settings\barbie\Desktop\ubcd511.iso [2013/03/15 07:59:59 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/03/07 13:03:04 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\$_hpcst$.hpc [2013/03/07 12:39:42 | 000,000,091 | ---- | C] () -- C:\WINDOWS\adidsl.ini [2013/03/07 12:39:15 | 000,345,088 | ---- | C] () -- C:\WINDOWS\adiras.x64.exe [2013/03/07 12:39:15 | 000,000,375 | ---- | C] () -- C:\WINDOWS\adiras.ini [2013/03/07 12:39:14 | 000,241,664 | ---- | C] () -- C:\WINDOWS\adiras.exe [2013/03/07 12:39:09 | 000,127,456 | ---- | C] () -- C:\WINDOWS\System32\IPDETECT.EXE [2013/03/07 12:38:59 | 000,122,880 | ---- | C] () -- C:\WINDOWS\autoclk.exe [2013/03/07 12:38:58 | 000,056,832 | ---- | C] () -- C:\WINDOWS\ISCall.exe [2013/03/07 12:38:54 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL [2013/03/07 12:38:52 | 000,152,146 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4P2.BIN [2013/03/07 12:38:51 | 000,152,308 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4I2.BIN [2013/03/07 12:38:51 | 000,152,145 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4P1.BIN [2013/03/07 12:38:51 | 000,152,145 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4P0.BIN [2013/03/07 12:38:50 | 000,152,306 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4I1.BIN [2013/03/07 12:38:50 | 000,152,306 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4I0.BIN [2013/03/07 12:38:50 | 000,152,036 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4D2.BIN [2013/03/07 12:38:49 | 000,152,034 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4D1.BIN [2013/03/07 12:38:49 | 000,152,034 | ---- | C] () -- C:\WINDOWS\System32\drivers\L1E4D0.BIN [2013/03/07 12:38:49 | 000,022,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\fpga.bin [2012/12/02 14:59:37 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\scaninfo.xml.urlencode [2012/12/02 14:59:34 | 000,001,275 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\scaninfo.xml [2012/12/02 14:52:16 | 000,086,756 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\userenv.xml.urlencode [2012/12/02 14:52:08 | 000,065,092 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\userenv.xml [2012/11/08 21:53:35 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CNMCP1W.EXE [2012/11/08 21:09:26 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS1W.DLL [2012/09/28 17:27:34 | 001,364,022 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-315645642-988921762-3928743609-1006-0.dat [2012/08/14 20:06:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2012/02/16 08:18:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/12/22 22:13:58 | 000,000,096 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini [2011/12/02 21:17:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini [2011/12/01 10:00:05 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-H1E4V.exe [2011/10/24 23:30:09 | 000,001,677 | ---- | C] () -- C:\WINDOWS\wizards.ini [2011/09/06 21:43:40 | 001,237,910 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-315645642-988921762-3928743609-1005-0.dat [2011/09/06 21:43:39 | 000,310,102 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2011/05/09 22:56:51 | 000,293,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/08/21 11:31:28 | 000,000,163 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini [2008/11/28 13:05:53 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\barbie\Application Data\AutoGK.ini [2008/09/29 12:57:41 | 000,001,321 | ---- | C] () -- C:\Documents and Settings\barbie\masks [2008/08/16 17:15:33 | 000,193,536 | ---- | C] () -- C:\Documents and Settings\barbie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2011/09/18 21:44:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:06 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2012/12/31 16:46:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\31302 [2013/04/12 07:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acebyte [2008/08/16 13:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo [2013/04/10 18:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\backup [2012/05/10 20:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess [2008/09/19 22:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2012/01/08 13:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX [2012/01/08 13:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Tool [2012/12/02 14:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Drivers For Free [2013/03/17 01:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher [2008/09/26 11:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom Scientific [2012/03/16 12:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService [2009/04/03 15:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ [2012/10/29 16:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iMesh [2009/12/06 16:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\inf [2013/03/07 13:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions [2012/01/07 19:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2009/01/08 11:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ipla [2013/03/17 01:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher [2013/04/10 18:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\managecapsule [2013/04/09 01:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor [2008/08/16 17:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2010/08/22 02:05:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters Inc [2012/11/27 20:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit [2012/01/07 20:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium [2010/11/08 21:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sage [2012/11/08 11:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT [2008/11/25 13:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\shctxex.vb [2009/04/17 00:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard [2012/08/18 20:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software [2011/12/22 22:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11 [2009/04/17 00:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla! [2013/03/13 23:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer [2013/04/12 12:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007/01/01 11:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thinstall [2011/06/18 13:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer [2012/12/02 14:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp360 [2011/05/07 18:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VT Accounts [2011/05/07 18:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VT Transaction [2012/10/29 16:52:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3002E08A-4925-4821-8D06-D5FC4EBFF034} [2008/08/16 13:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Ashampoo [2013/03/28 23:09:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Auslogics [2009/12/07 18:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\BITS [2012/04/28 19:32:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\blekkotb [2013/04/02 12:52:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Claro LTD [2013/03/07 09:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Easeware [2008/12/07 19:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\FarStone [2013/04/08 15:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Foxit Software [2011/11/14 15:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\GARMIN [2013/03/13 23:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\GoforFiles [2008/08/25 01:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Mp3tag [2008/10/22 18:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\MPEG Streamclip [2008/12/02 17:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\MSPWNOUP2006 [2010/01/19 22:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\o2.pl [2013/04/09 01:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\OnlineArmor [2009/01/05 18:04:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\OpenOffice.org [2013/03/06 19:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\PCCUStubInstaller [2013/04/02 13:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\QuickScan [2008/12/02 20:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\SmartDraw [2012/12/02 14:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\spotmau [2013/03/06 19:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\SystemRequirementsLab [2007/01/01 11:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Thinstall [2009/04/09 23:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\Thunderbird [2009/03/14 15:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\tinySpell [2008/08/28 21:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\uTorrent [2012/12/09 12:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\VSRevoGroup [2011/05/07 19:39:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\VT Accounts [2008/10/30 00:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\XnView [2013/03/06 20:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\barbie\Application Data\YourFileDownloader [2011/09/26 13:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer [2013/04/02 13:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\QuickScan [2011/12/30 15:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\{DCD48218-E972-4d0c-9E5F-43462BC13E3B} [2013/04/02 11:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Auslogics [2012/08/10 10:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Babylon [2012/11/29 14:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Claro LTD [2011/04/09 13:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\DeviceDoctorSoftware [2011/04/09 14:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\DriverCure [2012/01/11 20:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\DriverFinder [2012/04/04 12:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\DVDVideoSoft [2012/04/04 12:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\DVDVideoSoftIEHelpers [2011/02/23 12:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Efficient Reminder Free [2011/04/09 18:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\ErrorTeck [2009/05/21 09:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\FarStone [2013/04/08 11:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Foxit Software [2012/05/15 22:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Funmoods [2010/08/21 11:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\FxFotoDB [2011/07/17 22:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\GARMIN [2010/08/22 02:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\GetRightToGo [2012/03/27 14:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\ICQ Search [2012/08/14 20:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Iminent [2012/06/19 09:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Inbox Toolbar [2012/05/10 20:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\mediabarim [2008/10/12 16:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\OnlineArmor [2011/04/09 14:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\ParetoLogic [2012/11/27 20:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\PC Utility Kit [2012/05/21 12:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\PriceGong [2012/06/19 09:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\SiteRanker [2012/08/18 20:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\SpeedyPC Software [2012/01/27 22:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\tinySpell [2011/06/19 13:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\Trusteer [2011/04/08 19:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\uTorrent [2012/12/03 10:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\richie\Application Data\WinZip [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B < End of report >