OTL logfile created on: 26/08/2015 00:31:40 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.44 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 79.09% Memory free 5.27 Gb Paging File | 4.65 Gb Available in Paging File | 88.23% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.40 Gb Total Space | 23.16 Gb Free Space | 61.94% Space Free | Partition Type: NTFS Drive D: | 37.13 Gb Total Space | 36.80 Gb Free Space | 99.12% Space Free | Partition Type: NTFS Drive G: | 1.91 Gb Total Space | 0.10 Gb Free Space | 5.13% Space Free | Partition Type: NTFS Computer Name: IPUF5338 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2015/08/25 21:03:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2015/08/20 01:08:54 | 006,490,904 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe PRC - [2015/08/07 08:30:33 | 005,328,656 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\TeamViewer_Desktop.exe PRC - [2015/08/07 08:30:32 | 018,267,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\TeamViewer.exe PRC - [2015/08/07 08:30:32 | 005,611,280 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\TeamViewer_Service.exe PRC - [2015/08/07 08:19:42 | 000,229,136 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\tv_w32.exe PRC - [2014/08/07 13:11:42 | 000,390,144 | ---- | M] (Sysmex Europe GmbH) -- C:\Sysmex\Sysmex Service Controller\SysmexServiceController.exe PRC - [2014/08/07 13:11:42 | 000,021,504 | ---- | M] (Sysmex Europe GmbH) -- C:\Sysmex\Sysmex Service Controller\Sysmex.ElevatedPrivilegesTaskRunnerService.exe PRC - [2014/08/07 13:11:28 | 000,031,232 | ---- | M] (Sysmex Europe GmbH) -- C:\Sysmex\Sysmex Service Controller\SysmexAgent.exe PRC - [2013/12/19 03:03:08 | 006,837,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\ndp20sp2-kb2901111-x86.exe PRC - [2012/07/04 10:17:42 | 000,999,704 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe PRC - [2012/07/04 10:17:34 | 003,154,464 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe PRC - [2008/04/14 02:12:40 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE PRC - [2008/04/14 02:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2008/04/14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/11/28 03:42:12 | 000,093,736 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe PRC - [2007/11/28 03:40:42 | 000,298,536 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe PRC - [2007/11/23 05:16:24 | 000,114,688 | ---- | M] () -- C:\Program Files\Sysmex\IPU\remoteprt.exe PRC - [2003/06/24 10:13:40 | 000,598,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Bootvis\BootVis.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2015/08/25 19:58:09 | 001,079,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\41fd4a0b59efcd6ab0421b5a92d50715\System.IdentityModel.ni.dll MOD - [2015/08/25 19:58:08 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\37648d172a2fce1901b815d6efd5ede4\System.ServiceModel.ni.dll MOD - [2015/08/25 19:56:46 | 012,185,088 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web\11b4c451e65258339edd7ae6613ef2b0\System.Web.ni.dll MOD - [2015/08/25 19:56:39 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\eab49e99a582401eec59c69c0905a275\System.Runtime.Remoting.ni.dll MOD - [2015/08/25 19:52:52 | 000,134,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\32f222162b5d6c6a0cebe2c190726c60\System.Data.DataSetExtensions.ni.dll MOD - [2015/08/25 19:52:36 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\a04bdc76b38d46bc1c005fe186b9c197\System.ServiceProcess.ni.dll MOD - [2015/08/25 19:52:24 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\48c0a7af8b07688cd484ea9eac6f2ef4\System.Runtime.DurableInstancing.ni.dll MOD - [2015/08/25 19:52:24 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\e252619c36ddddce49e93c87168c58d2\System.Transactions.ni.dll MOD - [2015/08/25 19:52:23 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\63ef9e695c7479c104f18b5e78a8770d\System.Runtime.Serialization.ni.dll MOD - [2015/08/25 19:52:23 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\820f25f16e7a4fa1d2488feba5e4d84a\SMDiagnostics.ni.dll MOD - [2015/08/25 19:52:13 | 001,836,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\65aa3c8dbc376e67ec89ff39c466208d\Microsoft.VisualBasic.ni.dll MOD - [2015/08/25 19:51:59 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\a28fe7d4df167fe5453cc3c88d47b9da\System.Xaml.ni.dll MOD - [2015/08/25 19:47:07 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6c0a2ddd1714e1862b373b16dff0a0c0\System.Windows.Forms.ni.dll MOD - [2015/08/25 19:46:57 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\0ef6e3a1e2f0a4e54de18c45c469026c\System.Data.ni.dll MOD - [2015/08/25 19:46:50 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\646feed3f79e24a7584a108368b9c3a5\System.Core.ni.dll MOD - [2015/08/25 19:46:50 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\56af718db5fe3b683c0ddc1cb72beadb\System.Xml.ni.dll MOD - [2015/08/25 19:46:46 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\bee3a29f77003f92bfc7131e7510e8e5\System.Configuration.ni.dll MOD - [2015/08/25 19:46:45 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\35c1def2cf6f5e3b85f35ca25a8a8162\System.Drawing.ni.dll MOD - [2015/08/25 19:46:41 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\12305e59a4b6cd8e42c690a50e7d71af\System.ni.dll MOD - [2015/08/25 19:46:35 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\c812ab3a105675da261bb37b1540e82a\System.Numerics.ni.dll MOD - [2015/08/25 19:46:34 | 014,418,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\80d081165de90a556f312bde48c1dc48\mscorlib.ni.dll MOD - [2015/08/24 20:28:32 | 000,061,440 | ---- | M] () -- C:\Program Files\CCleaner\Lang\lang-1045.dll MOD - [2015/04/01 21:51:14 | 000,055,576 | ---- | M] () -- C:\Program Files\CCleaner\branding.dll MOD - [2013/01/02 08:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2008/04/14 02:12:40 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE MOD - [2008/04/14 02:12:08 | 000,214,528 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\wbemcomn.dll MOD - [2008/04/14 02:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/14 02:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2007/11/28 03:41:06 | 000,114,688 | ---- | M] () -- C:\WINDOWS\system32\aicext.dll MOD - [2007/11/23 05:16:24 | 000,114,688 | ---- | M] () -- C:\Program Files\Sysmex\IPU\remoteprt.exe MOD - [2007/11/23 05:16:18 | 000,036,864 | ---- | M] () -- C:\WINDOWS\shxrpt.dll MOD - [2007/11/23 05:16:16 | 000,090,112 | ---- | M] () -- C:\WINDOWS\shxmstset.dll MOD - [2007/11/23 05:16:14 | 000,081,920 | ---- | M] () -- C:\WINDOWS\shxfio.dll MOD - [2007/11/23 05:16:06 | 000,073,728 | ---- | M] () -- C:\WINDOWS\shxdate.dll MOD - [2007/11/23 05:16:00 | 000,036,864 | ---- | M] () -- C:\WINDOWS\shxNumber.dll MOD - [2007/11/23 05:15:58 | 000,126,976 | ---- | M] () -- C:\WINDOWS\shxMVC.dll MOD - [2007/11/23 05:15:20 | 000,024,576 | ---- | M] () -- C:\WINDOWS\shxCaptureWindow.dll MOD - [2007/11/23 05:15:18 | 000,045,056 | ---- | M] () -- C:\WINDOWS\ShxGraphCtrl.dll MOD - [2007/11/23 05:15:16 | 000,086,016 | ---- | M] () -- C:\WINDOWS\shxcommon.dll MOD - [2007/11/12 04:00:07 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\sxp2ml3.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2015/08/07 08:30:32 | 005,611,280 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\TeamViewer_Service.exe -- (TeamViewer) SRV - [2014/08/07 13:11:42 | 000,021,504 | ---- | M] (Sysmex Europe GmbH) [Auto | Running] -- C:\Sysmex\Sysmex Service Controller\Sysmex.ElevatedPrivilegesTaskRunnerService.exe -- (SysmexElevatedPrivilegesTaskRunnerService) SRV - [2014/08/07 13:11:28 | 000,031,232 | ---- | M] (Sysmex Europe GmbH) [Auto | Running] -- C:\Sysmex\Sysmex Service Controller\SysmexAgent.exe -- (SysmexRemoteAgent) SRV - [2012/07/04 10:18:44 | 000,183,944 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe -- (ESHASRV) SRV - [2012/07/04 10:18:24 | 000,031,056 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2012/07/04 10:17:42 | 000,999,704 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Endpoint Antivirus\ekrn.exe -- (ekrn) SRV - [2008/04/14 02:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008/04/14 02:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) SRV - [2008/04/14 02:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc) SRV - [2008/04/14 02:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2007/11/28 03:42:14 | 000,185,896 | ---- | M] (ActivIdentity) [Disabled | Stopped] -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca) SRV - [1997/10/01 18:00:00 | 001,036,824 | ---- | M] () [On_Demand | Stopped] -- c:\sqlany50\win32\dbsrv50.exe -- (SQLANYs_SHX_SERVER) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\DgiVecp.sys -- (DgiVecp) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012/07/10 10:16:32 | 000,164,464 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2012/03/29 11:03:54 | 000,123,760 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2012/03/29 11:03:54 | 000,107,280 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2008/07/25 08:18:32 | 000,176,640 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2008/07/19 12:40:46 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) DRV - [2008/06/05 13:58:18 | 000,144,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) DRV - [2008/05/24 02:54:38 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL) DRV - [2008/03/28 12:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO) DRV - [2007/12/18 11:46:34 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2004/08/04 02:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004/08/04 02:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004/08/04 02:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004/08/04 02:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004/08/04 02:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004/08/04 02:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004/08/04 02:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004/08/04 02:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004/08/04 02:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004/08/04 02:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004/08/04 02:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004/08/04 02:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004/08/04 02:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004/08/04 02:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004/08/04 02:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2002/04/04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=all&pf=cmdt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=all&pf=cmdt IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2013/05/16 15:00:14 | 000,000,000 | ---D | M] O1 HOSTS File: ([2006/02/28 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity) O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe (ESET) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SysmexServiceController.exe] C:\Sysmex\Sysmex Service Controller\SysmexServiceController.exe (Sysmex Europe GmbH) O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\remoteprt.exe.lnk = C:\Program Files\Sysmex\IPU\remoteprt.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\XE-2100.exe.lnk = C:\Program Files\Sysmex\IPU\XE-2100.exe (Sysmex) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1440515306234 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.244.153.167 10.244.153.15 195.164.214.9 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D1FA74F-7CD4-4E12-852E-E900E9C28BBC}: DhcpNameServer = 10.244.153.167 10.244.153.15 195.164.214.9 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\ackpbsc: DllName - (C:\WINDOWS\system32\ackpbsc.dll) - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity) O20 - Winlogon\Notify\acunlock: DllName - (C:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{b9811200-bd66-11e2-b5c9-0024810fb6d0}\Shell - "" = AutoRun O33 - MountPoints2\{b9811200-bd66-11e2-b5c9-0024810fb6d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b9811200-bd66-11e2-b5c9-0024810fb6d0}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2015/08/25 22:36:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2015/08/25 21:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera Software [2015/08/25 21:15:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera Software [2015/08/25 21:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Shortcut [2015/08/25 21:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Microsoft Bootvis [2015/08/25 21:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Bootvis [2015/08/25 21:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Opera [2015/08/25 21:07:20 | 000,865,000 | ---- | C] (Application Installer generic ) -- C:\Documents and Settings\Administrator\Desktop\BootVis-Tool-11479-dp.exe [2015/08/25 21:04:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2015/08/25 21:03:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2015/08/25 20:57:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE [2015/08/25 20:56:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache [2015/08/25 20:08:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT [2015/08/25 18:28:40 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll [2015/08/25 18:28:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2015/08/25 18:28:13 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2015/08/25 18:27:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2015/08/25 17:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2015/08/25 17:26:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2015/08/25 17:23:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2015/08/25 17:22:21 | 006,666,544 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup509pro.exe [2015/08/25 17:21:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xp_eos.exe [2015/08/25 17:21:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xp_eos.exe [2015/08/25 17:21:11 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys [2015/08/25 17:20:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys [2015/08/25 17:20:38 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys [2015/08/25 17:20:37 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys [2015/08/25 17:20:37 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys [2015/08/25 17:20:37 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys [2015/08/25 17:20:34 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys [2015/08/25 17:20:34 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys [2015/08/25 17:20:34 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys [2015/08/25 17:19:59 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys [2015/08/25 17:19:59 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys [2015/08/25 17:19:29 | 000,139,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys [2015/08/25 17:18:20 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys [2015/08/25 17:18:13 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys [2015/08/25 17:17:14 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe [2015/08/25 17:17:09 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2015/08/25 17:17:09 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll [2015/08/25 17:17:09 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2015/08/25 17:17:03 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2015/08/25 17:16:47 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2015/08/25 17:16:37 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2015/08/25 17:15:48 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2015/08/25 17:15:48 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2015/08/25 17:15:27 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsvc2.dll [2015/08/25 17:14:34 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll [2015/08/25 17:08:51 | 000,015,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2015/08/25 17:04:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2015/08/24 11:20:29 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2015/08/24 11:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID [2015/08/12 13:16:24 | 000,000,000 | ---D | C] -- C:\Database [2015/08/12 11:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10 [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2015/08/26 00:36:54 | 000,578,960 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2015/08/26 00:36:54 | 000,110,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2015/08/25 22:56:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2015/08/25 22:36:22 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2015/08/25 22:23:04 | 000,037,918 | ---- | M] () -- C:\WINDOWS\M57SYSTEM.INI [2015/08/25 22:16:46 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job [2015/08/25 22:16:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2015/08/25 22:08:42 | 000,000,231 | RHS- | M] () -- C:\boot.ini [2015/08/25 21:54:19 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job [2015/08/25 21:53:00 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2015/08/25 21:11:47 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Opera N Sunday.job [2015/08/25 21:11:47 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Opera N Saturday.job [2015/08/25 21:08:47 | 000,990,720 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\bootvis(dobreprogramy.pl).msi [2015/08/25 21:07:44 | 000,865,000 | ---- | M] (Application Installer generic ) -- C:\Documents and Settings\Administrator\Desktop\BootVis-Tool-11479-dp.exe [2015/08/25 21:03:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2015/08/25 20:56:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2015/08/25 19:09:27 | 000,000,040 | ---- | M] () -- C:\WINDOWS\PumpCount.dat [2015/08/25 17:23:37 | 000,039,900 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20150825_172331.reg [2015/08/25 17:23:09 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2015/08/25 17:18:13 | 006,666,544 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup509pro.exe [2015/08/25 09:11:47 | 000,000,255 | ---- | M] () -- C:\WINDOWS\LOG_M57SYSTEM.INI.xml [2015/08/25 06:37:15 | 000,000,134 | ---- | M] () -- C:\WINDOWS\RMTMNT.INI [2015/08/24 11:20:29 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk [2015/08/12 11:42:50 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2015/08/25 21:11:47 | 000,000,242 | ---- | C] () -- C:\WINDOWS\tasks\Opera N Sunday.job [2015/08/25 21:11:47 | 000,000,242 | ---- | C] () -- C:\WINDOWS\tasks\Opera N Saturday.job [2015/08/25 21:10:44 | 000,990,720 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\bootvis(dobreprogramy.pl).msi [2015/08/25 20:56:26 | 000,000,238 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job [2015/08/25 20:56:26 | 000,000,232 | ---- | C] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job [2015/08/25 17:33:52 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2015/08/25 17:23:33 | 000,039,900 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20150825_172331.reg [2015/08/25 17:23:09 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk [2015/08/25 17:18:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2015/08/25 17:18:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2015/08/24 11:20:29 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk [2015/02/26 22:11:33 | 000,000,255 | ---- | C] () -- C:\WINDOWS\LOG_M57SYSTEM.INI.xml [2015/02/26 22:11:30 | 000,000,253 | ---- | C] () -- C:\WINDOWS\LOG_XE-2100.INI.xml [color=#E56717]========== ZeroAccess Check ==========[/color] [2008/12/10 19:48:52 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >