Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-06-2015 01 Ran by XXXX (administrator) on XXXX-0EA46F90D0 on 20-06-2015 23:33:56 Running from F:\DOWNLOADS Loaded Profiles: XXXX (Available Profiles: XXXX & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe () C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Nalpeiron Ltd.) C:\WINDOWS\system32\nlssrv32.exe (Vimicro) C:\WINDOWS\VMSnap3.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Program Files\IObit\Advanced SystemCare 7\RealTimeProtector.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [{8467e01f-0496-42ce-b247-88ef205b4880}] => C:\Documents and Settings\All Users\Application Data\Package Cache\{8467e01f-0496-42ce-b247-88ef205b4880}\Avira.OE.Setup.Bundle.exe [825760 2015-06-19] (Avira Operations GmbH & Co. KG) <===== ATTENTION HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2010-10-26] (ATI Technologies Inc.) HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\Run: [uTorrent] => C:\Documents and Settings\XXXX\Application Data\uTorrent\uTorrent.exe [1769824 2015-05-11] (BitTorrent Inc.) HKU\S-1-5-21-1177238915-1035525444-682003330-1003\...\Run: [AdobeBridge] => [X] HKU\S-1-5-18\...\Run: [AviraSpeedup] => "C:\Program Files\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun HKU\S-1-5-18\...\RunOnce: [RunNarrator] => C:\WINDOWS\system32\Narrator.exe [53760 2008-04-14] (Microsoft Corporation) SecurityProviders: msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File AlternateShell: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1177238915-1035525444-682003330-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1177238915-1035525444-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yandex.ru/?clid=47355 HKU\S-1-5-21-1177238915-1035525444-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope Yandex URL = http://yandex.ru/yandsearch?clid=47356&text={searchTerms} SearchScopes: HKLM -> Yandex URL = http://yandex.ru/yandsearch?clid=47356&text={searchTerms} SearchScopes: HKU\S-1-5-21-1177238915-1035525444-682003330-1003 -> DefaultScope Yandex URL = http://yandex.ru/yandsearch?clid=47356&text={searchTerms} SearchScopes: HKU\S-1-5-21-1177238915-1035525444-682003330-1003 -> Moikrug URL = http://moikrug.ru/persons/?clid=47356&charset=utf-8&keywords={searchTerms}&submitted=1 SearchScopes: HKU\S-1-5-21-1177238915-1035525444-682003330-1003 -> Yandex URL = http://yandex.ru/yandsearch?clid=47356&text={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-20] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-20] (Oracle Corporation) Toolbar: HKLM - ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll [2014-10-05] (IObit) Toolbar: HKLM - Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll [2010-10-07] (ООО «ЯНДЕКС») Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.) Toolbar: HKU\.DEFAULT -> Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll [2010-10-07] (ООО «ЯНДЕКС») Toolbar: HKU\S-1-5-21-1177238915-1035525444-682003330-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.) Toolbar: HKU\S-1-5-21-1177238915-1035525444-682003330-1003 -> Яндекс.Бар - {91397D20-1446-11D4-8AF4-0040CA1127B6} - C:\Program Files\Yandex\YandexBarIE\yndbar.dll [2010-10-07] (ООО «ЯНДЕКС») Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 FireFox: ======== FF ProfilePath: C:\Documents and Settings\XXXX\Application Data\Mozilla\Firefox\Profiles\8ssyqsaa.default FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] () FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-20] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-20] (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-14] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1177238915-1035525444-682003330-1003: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Documents and Settings\XXXX\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF user.js: detected! => C:\Documents and Settings\XXXX\Application Data\Mozilla\Firefox\Profiles\8ssyqsaa.default\user.js [2014-10-05] FF Extension: Avira Browser Safety - C:\Documents and Settings\XXXX\Application Data\Mozilla\Firefox\Profiles\8ssyqsaa.default\Extensions\abs@avira.com [2015-05-27] FF Extension: Advanced SystemCare Surfing Protection - C:\Documents and Settings\XXXX\Application Data\Mozilla\Firefox\Profiles\8ssyqsaa.default\Extensions\ascsurfingprotection@iobit.com [2014-10-05] FF Extension: SaveFrom.net helper - C:\Documents and Settings\XXXX\Application Data\Mozilla\Firefox\Profiles\8ssyqsaa.default\Extensions\helper@savefrom.net.xpi [2014-10-01] FF Extension: &Yandex Elements& - C:\Documents and Settings\XXXX\Application Data\Mozilla\Firefox\Profiles\8ssyqsaa.default\Extensions\yasearch@yandex.ru.xpi [2015-03-21] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-10-09] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-20] Chrome: ======= CHR Profile: C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Please enter your password) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2015-06-07] CHR Extension: (Audiotool) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2015-06-07] CHR Extension: (Adblock Plus) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-07] CHR Extension: (Image Downloader) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2015-06-07] CHR Extension: (Tampermonkey) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-06-07] CHR Extension: (No Name) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjdikaegbgijlebmpjbobaabekdknnnh [2015-06-20] CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-06-05] CHR Extension: (AdBlock) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-07] CHR Extension: (Save Text to Google Drive™) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcckpoladnboalokmkldjabamjpkafo [2015-06-07] CHR Extension: (Pin It Button) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-06-07] CHR Extension: (ButtonBass Dubstep Balls) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmjadonkmcblbkocpaaefjbceiijfdg [2015-06-07] CHR Extension: (Save For Later - Bookmark manager) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kfokknghaopioakjibdkmjoaghcileob [2015-06-07] CHR Extension: (Image Downloader Plus) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kkdehodanbfebhhmpjfnlajdldkffehg [2015-06-07] CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-05] CHR Extension: (AudioSauna) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2015-06-07] CHR Extension: (Google Input Tools) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mclkkofklkfljcocdinagocijmpgbhab [2015-06-07] CHR Extension: (Pocket) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-06-07] CHR Extension: (Highlight Keywords for Google Search) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhahncknpppipmgjchbbhehkfglelepf [2015-06-07] CHR Extension: (Save to Pocket) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-06-07] CHR Extension: (Google Wallet) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-05] CHR Extension: (Hover Zoom) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-06-07] CHR Extension: (Adblock Pro) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-06-07] CHR Extension: (Blackout) - C:\Documents and Settings\XXXX\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oenklamjcaaefbpmbgpijnoenfpbobid [2015-06-07] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ATTENTION: => Could not perform signature verification. Cryptographic Service is not running. R2 AdvancedSystemCareService7; C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit) S2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [153448 2012-01-05] (Alcohol Soft Development Team) R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit) R2 MA_CMIDI_InstallerService; C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe [94208 2007-01-08] () S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [4595064 2012-11-09] (Native Instruments GmbH) S3 wxpSvc; C:\Program Files\webcamXP5\wService.exe [5222720 2015-02-17] (Moonware Studios) S2 Avira.OE.ServiceHost; No ImagePath ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [96256 2013-07-09] (Advanced Micro Devices) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 MA_CMIDI; C:\WINDOWS\System32\drivers\ma_cmidi.sys [21888 2006-08-16] (M-Audio) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation) R3 mlkumidi; C:\WINDOWS\System32\drivers\mlkumidi.sys [41536 2012-08-29] (MusicLab, Inc.) R0 mv61xxmm; C:\WINDOWS\system32\Drivers\mv61xxmm.sys [14184 2014-02-12] (Marvell Semiconductor Inc.) R0 mv64xxmm; C:\WINDOWS\system32\Drivers\mv64xxmm.sys [5632 2014-02-12] (Marvell Semiconductor Inc.) R0 mvxxmm; C:\WINDOWS\system32\Drivers\mvxxmm.sys [14184 2014-02-12] (Marvell Semiconductor Inc.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 pwdrvio; C:\WINDOWS\system32\pwdrvio.sys [15688 2013-09-30] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [10320 2013-09-30] () R3 SmbDrvI; C:\WINDOWS\System32\DRIVERS\Smb_driver_Intel.sys [39280 2014-07-28] (Synaptics Incorporated) R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [320120 2014-10-28] (Duplex Secure Ltd.) S3 SynasUSB; C:\WINDOWS\System32\drivers\SynasUSB.sys [23288 2007-10-24] (SIA Syncrosoft) S3 vvftav303; C:\WINDOWS\System32\drivers\vvftav303.sys [480128 2007-06-23] (Vimicro Corporation) S3 ZSMC30x; C:\WINDOWS\System32\Drivers\usbVM303.sys [1472768 2007-05-15] (Vimicro Corporation) U3 am8n9tsr; C:\WINDOWS\system32\Drivers\am8n9tsr.sys [0 ] (Marvell Semiconductor Inc.) <==== ATTENTION (zero byte File/Folder) R3 amsint32; \??\C:\WINDOWS\system32\drivers\slsis.sys [X] U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.) S3 SliceDisk5; No ImagePath U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-03-09] () U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-20 23:33 - 2015-06-20 23:34 - 00000000 ____D C:\FRST 2015-06-20 23:00 - 2015-06-20 23:00 - 00003882 _____ C:\WINDOWS\KB2909921-IE8.log 2015-06-20 21:00 - 2015-06-20 21:00 - 00000000 ____D C:\Documents and Settings\XXXX\Local Settings\Application Data\Sun 2015-06-20 21:00 - 2015-06-20 21:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ZHP 2015-06-20 21:00 - 2015-06-20 21:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java 2015-06-20 14:17 - 2015-06-20 18:51 - 00043820 _____ C:\Documents and Settings\XXXX\Desktop\ZHPDiag.txt 2015-06-20 13:55 - 2015-06-20 13:55 - 00000000 ____D C:\Program Files\Common Files\Java 2015-06-20 13:55 - 2015-06-20 13:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sun 2015-06-20 13:54 - 2015-06-20 13:54 - 00146432 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2015-06-20 13:54 - 2015-06-20 13:54 - 00096352 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2015-06-20 13:54 - 2015-06-20 13:54 - 00000000 ____D C:\Program Files\Java 2015-06-20 13:54 - 2015-06-20 13:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Oracle 2015-06-20 13:40 - 2015-06-20 13:40 - 00103140 _____ C:\gqlv.exe 2015-06-20 13:40 - 2015-06-20 13:40 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\Sun 2015-06-20 12:27 - 2015-06-20 21:00 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-06-20 12:05 - 2015-06-20 12:05 - 00000000 _____ C:\asc_rdflag 2015-06-20 10:21 - 2015-06-20 10:21 - 00000412 _____ C:\JavaRa.log 2015-06-20 09:38 - 2015-06-20 20:57 - 00000000 ____D C:\Program Files\ZHPDiag 2015-06-20 09:38 - 2015-06-20 20:57 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\ZHP 2015-06-20 09:38 - 2015-06-20 09:38 - 00001628 _____ C:\Documents and Settings\XXXX\Desktop\ZHPFix.lnk 2015-06-20 09:38 - 2015-06-20 09:38 - 00001523 _____ C:\Documents and Settings\XXXX\Desktop\ZHPDiag.lnk 2015-06-19 23:17 - 2015-06-20 20:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software 2015-06-19 22:22 - 2015-06-20 13:18 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-06-19 22:22 - 2015-06-19 22:22 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-19 22:22 - 2015-06-19 22:22 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-06-19 22:22 - 2015-06-19 22:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-19 22:22 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-06-19 22:15 - 2015-06-20 13:19 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2015-06-19 22:02 - 2015-06-19 22:02 - 00003540 _____ C:\Documents and Settings\XXXX\Desktop\Rkill.txt 2015-06-19 20:32 - 2015-06-20 23:01 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-06-19 20:32 - 2015-06-20 23:01 - 00000052 _____ C:\WINDOWS\wiaservc.log 2015-06-19 20:32 - 2015-06-19 20:32 - 00000000 _____ C:\WINDOWS\Sti_Trace.log 2015-06-19 20:12 - 2015-06-19 20:12 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\Graphium 2015-06-19 19:25 - 2015-06-19 19:25 - 49717485 _____ C:\Documents and Settings\XXXX\Desktop\Untitled Narration.wma 2015-06-19 18:28 - 2015-06-19 18:28 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\MysteryTag 2015-06-19 18:25 - 2015-06-19 18:25 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\Eipix 2015-06-19 18:22 - 2015-06-19 18:22 - 00000000 ____D C:\Documents and Settings\XXXX\Start Menu\Programs\Beyond the Invisible - Evening 1.0 2015-06-19 18:01 - 2015-06-19 18:01 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\Malwarebytes 2015-06-19 18:00 - 2015-06-19 22:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2015-06-15 09:31 - 2015-06-15 09:31 - 00013241 _____ C:\Program Files\INSTALL.LOG 2015-06-15 09:30 - 2015-06-15 09:30 - 00000000 ____D C:\Program Files\Protype 2015-06-15 09:30 - 2002-05-19 09:24 - 00180224 _____ C:\Program Files\FType2K.exe 2015-06-15 09:30 - 2002-05-13 15:19 - 00008628 _____ C:\Program Files\Flex2K.GID 2015-06-15 09:30 - 2002-05-13 13:06 - 00131072 _____ C:\Program Files\Remove.exe 2015-06-15 09:30 - 2001-09-28 17:00 - 00164864 _____ C:\Program Files\UNWISE.EXE 2015-06-15 09:30 - 2000-10-16 14:50 - 00007202 _____ C:\Program Files\Fdos.com 2015-06-08 00:56 - 2015-06-20 23:00 - 00032518 _____ C:\WINDOWS\SchedLgU.Txt 2015-06-06 12:24 - 2015-06-06 12:24 - 00000000 ____D C:\Program Files\5Group 2015-06-06 12:24 - 2015-06-06 12:24 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\5Group 2015-06-06 12:20 - 2015-06-15 09:31 - 00000000 ____D C:\Program Files\standart 2015-06-06 12:20 - 2015-06-15 09:31 - 00000000 ____D C:\Program Files\Flex_utl 2015-06-06 12:20 - 2015-06-15 09:30 - 00000000 ____D C:\Program Files\live 2015-06-06 12:20 - 2015-06-15 09:30 - 00000000 ____D C:\Program Files\cyrillic 2015-06-06 12:20 - 2015-06-06 12:20 - 00005611 _____ C:\Program Files\!sfxunst.ini 2015-06-06 12:20 - 2015-06-06 12:20 - 00000000 ____D C:\Documents and Settings\XXXX\Start Menu\Programs\Datecs Applications 2015-06-06 12:20 - 2002-05-12 13:57 - 00218403 _____ C:\Program Files\Flex2K.hlp 2015-06-06 12:20 - 2000-10-25 19:44 - 00206848 _____ C:\Program Files\Flex2K.exe 2015-06-06 12:20 - 2000-10-19 00:56 - 00086528 _____ C:\Program Files\SetupUtl.exe 2015-06-06 12:20 - 2000-10-18 19:54 - 00044842 _____ (e-merge GmbH) C:\Program Files\SXUNINST.EXE 2015-06-06 12:20 - 1996-02-23 16:26 - 00007316 _____ C:\Program Files\CP_856.NLS 2015-06-06 12:20 - 1995-08-24 08:50 - 00006868 _____ C:\Program Files\cp_1251.nls 2015-06-06 12:12 - 2015-06-06 12:12 - 00000000 ____D C:\Program Files\Datecs 2015-06-06 12:09 - 2002-04-23 00:17 - 00045056 _____ C:\WINDOWS\system32\newdll.dll 2015-06-06 12:07 - 2015-06-06 12:07 - 00000000 ____D C:\Documents and Settings\XXXX\Local Settings\Application Data\Help 2015-06-06 12:07 - 2015-06-06 12:07 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\Help 2015-06-06 00:31 - 2015-06-06 00:31 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\Organic 2 Digital 2015-06-05 21:56 - 2015-06-06 09:21 - 00000400 __RSH C:\Documents and Settings\All Users\ntuser.pol 2015-06-05 19:49 - 2015-06-05 19:49 - 00000000 ____D C:\Program Files\MagicDisc 2015-06-05 19:49 - 2015-06-05 19:49 - 00000000 ____D C:\Documents and Settings\XXXX\Start Menu\Programs\MagicDisc 2015-06-05 19:49 - 2009-02-24 18:42 - 00116736 _____ (MagicISO, Inc.) C:\WINDOWS\system32\Drivers\mcdbus.sys 2015-06-05 13:19 - 2015-06-05 13:19 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.0 2015-06-05 13:19 - 2015-06-05 13:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MiniTool Partition Wizard Free 9.0 2015-06-05 06:38 - 2015-01-14 11:27 - 02894848 _____ C:\WINDOWS\system32\pwNative.exe 2015-06-05 06:38 - 2013-09-30 16:26 - 00015688 ____N C:\WINDOWS\system32\pwdrvio.sys 2015-06-05 06:38 - 2013-09-30 16:26 - 00010320 ____N C:\WINDOWS\system32\pwdspio.sys 2015-06-05 00:06 - 2015-06-05 05:56 - 00000032 _____ C:\WINDOWS\system32\Eu(12-20131107).OD 2015-06-04 23:53 - 2015-06-04 23:54 - 00000032 _____ C:\WINDOWS\system32\Eu(0-00000000).OD 2015-06-04 23:04 - 2015-06-04 23:10 - 00000000 ____D C:\Documents and Settings\HARRYS FLASH\SLAX MODULS 2015-06-04 22:20 - 2015-06-04 22:20 - 00000000 ____D C:\Program Files\MagicISO 2015-06-04 22:20 - 2015-06-04 22:20 - 00000000 ____D C:\Documents and Settings\XXXX\Start Menu\Programs\MagicISO 2015-06-04 22:19 - 2015-04-21 16:08 - 00000296 _____ C:\Documents and Settings\HARRYS FLASH\WMPInfo.xml 2015-06-04 22:19 - 2015-04-16 10:40 - 00000068 _____ C:\Documents and Settings\HARRYS FLASH\pmp_usb.ini 2015-06-04 22:19 - 2015-04-16 10:36 - 00000032 _____ C:\Documents and Settings\HARRYS FLASH\winamp_metadata.idx 2015-06-04 22:19 - 2015-04-16 10:36 - 00000008 _____ C:\Documents and Settings\HARRYS FLASH\winamp_metadata.dat 2015-06-04 22:19 - 2015-03-10 10:47 - 00045094 _____ C:\Documents and Settings\HARRYS FLASH\HBCD.txt 2015-06-04 22:19 - 2015-03-10 10:47 - 00001089 _____ C:\Documents and Settings\HARRYS FLASH\changes.txt 2015-06-04 22:19 - 2015-03-10 10:47 - 00000086 _____ C:\Documents and Settings\HARRYS FLASH\syslinux.cfg 2015-06-04 22:19 - 2015-02-03 19:06 - 00005411 _____ C:\Documents and Settings\HARRYS FLASH\menu.lst 2015-06-04 22:19 - 2014-12-28 07:14 - 00000521 _____ C:\Documents and Settings\HARRYS FLASH\stenata.txt 2015-06-04 22:19 - 2014-10-29 20:24 - 01309525 _____ (pendrivelinux.com) C:\Documents and Settings\HARRYS FLASH\YUMI-2.0.1.0.exe 2015-06-04 22:19 - 2014-05-31 07:49 - 521269248 _____ C:\Documents and Settings\HARRYS FLASH\Hiren's.BootCD.14.0.iso 2015-06-04 22:19 - 2014-03-17 17:47 - 03067400 _____ C:\Documents and Settings\HARRYS FLASH\MagicISO Maker 5.5 Build 281 (kaldata.com).exe 2015-06-04 22:19 - 2012-06-16 01:10 - 00432376 _____ (akeo.ie) C:\Documents and Settings\HARRYS FLASH\Rufus.exe 2015-06-04 22:19 - 2011-05-25 05:33 - 00255716 _____ C:\Documents and Settings\HARRYS FLASH\grldr 2015-06-04 22:19 - 2008-04-14 17:00 - 00052585 ____H (Microsoft Corporation) C:\Documents and Settings\HARRYS FLASH\MAGICDISC.EXE 2015-06-04 22:19 - 2008-04-14 17:00 - 00052585 ____H (Microsoft Corporation) C:\Documents and Settings\HARRYS FLASH\LOGONUI.EXE 2015-06-04 22:19 - 2008-04-14 17:00 - 00052585 ____H (Microsoft Corporation) C:\Documents and Settings\HARRYS FLASH\FINDANDMOUNT.EXE 2015-06-04 22:19 - 2008-04-14 01:01 - 00250048 _____ C:\Documents and Settings\HARRYS FLASH\ntldr 2015-06-04 22:17 - 2015-06-19 21:44 - 00000000 ____D C:\Documents and Settings\HARRYS FLASH 2015-06-04 01:20 - 2015-06-19 18:06 - 00000000 ____D C:\Documents and Settings\XXXX\Start Menu\Programs\Vampire Legends 2 - The Untold Story of Elizabeth Bathory CE 2015-06-04 01:19 - 2015-06-04 01:19 - 00000000 ____D C:\Documents and Settings\XXXX\Start Menu\Programs\Witch Hunters 2 Full Moon Ceremony CE 1.0 2015-06-04 01:10 - 2015-06-04 01:10 - 00000000 ____D C:\Program Files\Foxy Games 2015-06-01 10:01 - 2015-06-01 10:01 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\VendelGAMES 2015-05-31 23:21 - 2015-05-31 23:21 - 00000000 ____D C:\Documents and Settings\XXXX\Start Menu\Programs\Spirit of Revenge - Cursed Castle Collectors Edition 2015-05-31 23:18 - 2015-06-19 22:59 - 00000000 ____D C:\Program Files\LeeGT-Games 2015-05-23 23:01 - 2015-05-23 23:01 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\Mariaglorum 2015-05-23 22:57 - 2015-05-23 22:57 - 00000000 ____D C:\Documents and Settings\XXXX\Start Menu\Programs\Mystery of the Ancients 4. Deadly Cold CE 1.0 2015-05-22 13:39 - 2015-05-22 13:39 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\Aspell ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-20 23:34 - 2014-09-26 12:12 - 00000000 ____D C:\Documents and Settings\XXXX\Local Settings\Temp 2015-06-20 23:19 - 2014-09-26 13:43 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-06-20 23:04 - 2014-09-26 12:07 - 01598805 _____ C:\WINDOWS\WindowsUpdate.log 2015-06-20 23:03 - 2014-09-27 19:03 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\uTorrent 2015-06-20 23:01 - 2014-09-26 13:43 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-06-20 23:01 - 2014-09-26 13:23 - 00000220 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2015-06-20 23:01 - 2014-09-26 12:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-06-20 23:00 - 2014-10-28 16:24 - 00020029 _____ C:\WINDOWS\mlkumidi.log 2015-06-20 23:00 - 2014-09-26 12:12 - 00000178 ___SH C:\Documents and Settings\XXXX\ntuser.ini 2015-06-20 22:27 - 2014-10-22 19:22 - 00000994 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1035525444-682003330-1003UA.job 2015-06-20 21:00 - 2015-03-03 18:50 - 00000000 ____D C:\Documents and Settings\XXXX\Desktop\M 2015-06-20 21:00 - 2014-10-20 18:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Package Cache 2015-06-20 20:57 - 2014-10-01 12:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-06-20 20:56 - 2014-11-25 20:18 - 00000000 ____D C:\Program Files\Calibre2 2015-06-20 20:54 - 2014-09-26 12:12 - 00000000 ____D C:\Documents and Settings\XXXX 2015-06-20 20:53 - 2014-09-26 12:06 - 00000000 ____D C:\WINDOWS\system32\Restore 2015-06-20 19:50 - 2014-12-23 01:34 - 00000000 ____D C:\Program Files\KMPlayer 2015-06-20 19:27 - 2014-10-22 19:22 - 00000972 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1177238915-1035525444-682003330-1003Core.job 2015-06-20 19:24 - 2014-11-25 22:41 - 00000000 ____D C:\Documents and Settings\XXXX\My Documents\Calibre Library 2015-06-20 12:16 - 2014-09-26 13:26 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\Skype 2015-06-20 12:05 - 2014-11-01 11:53 - 40902656 _____ C:\WINDOWS\system32\config\software.iodefrag.bak 2015-06-20 12:05 - 2014-11-01 11:53 - 00290816 _____ C:\WINDOWS\system32\config\default.iodefrag.bak 2015-06-20 12:05 - 2014-11-01 11:53 - 00057344 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak 2015-06-20 12:05 - 2014-11-01 11:53 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak 2015-06-20 10:43 - 2014-10-19 12:35 - 00000000 ____D C:\WINDOWS\Minidump 2015-06-20 10:41 - 2014-10-31 11:15 - 40902656 _____ C:\WINDOWS\system32\config\software.iobit 2015-06-20 10:41 - 2014-10-31 11:15 - 00290816 _____ C:\WINDOWS\system32\config\default.iobit 2015-06-20 10:41 - 2014-10-31 11:15 - 00057344 _____ C:\WINDOWS\system32\config\SECURITY.iobit 2015-06-20 10:41 - 2014-10-31 11:15 - 00024576 _____ C:\WINDOWS\system32\config\SAM.iobit 2015-06-20 10:41 - 2014-09-26 12:10 - 00000000 __SHD C:\Documents and Settings\NetworkService 2015-06-20 08:56 - 2014-09-26 14:54 - 00000000 ____D C:\WINDOWS\Media 2015-06-20 02:00 - 2015-01-24 17:25 - 00000340 _____ C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-XXXX-0EA46F90D0-XXXX.job 2015-06-19 23:09 - 2014-09-26 14:54 - 00000000 ____D C:\WINDOWS\ime 2015-06-19 23:08 - 2014-09-27 21:29 - 00000000 ____D C:\Program Files\CursorMania 2015-06-19 22:59 - 2015-05-06 22:01 - 00000000 ____D C:\Games 2015-06-19 20:47 - 2014-11-06 18:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\TEMP 2015-06-19 20:32 - 2014-10-14 00:11 - 00000000 ____D C:\Documents and Settings\XXXX\Local Settings\Application Data\WMTools Downloaded Files 2015-06-19 20:17 - 2014-10-07 14:53 - 00000000 ____D C:\Documents and Settings\XXXX\Application Data\vlc 2015-06-19 19:51 - 2014-10-02 20:29 - 00114176 _____ C:\Documents and Settings\XXXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-06-19 17:39 - 2008-04-14 14:00 - 00000681 _____ C:\WINDOWS\win.ini 2015-06-19 17:39 - 2008-04-14 14:00 - 00000309 _____ C:\WINDOWS\system.ini 2015-06-19 17:28 - 2014-10-28 16:37 - 00000124 _____ C:\Documents and Settings\XXXX\My Documents\ax_files.xml 2015-06-18 12:30 - 2014-10-02 19:55 - 00065424 _____ C:\Documents and Settings\XXXX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2015-06-16 21:12 - 2008-04-14 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-06-15 09:44 - 2014-09-26 14:58 - 03553232 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-06-15 09:00 - 2014-10-05 19:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData 2015-06-09 00:17 - 2014-02-12 16:56 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe 2015-06-08 00:43 - 2014-10-20 18:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avira 2015-06-08 00:43 - 2014-10-20 18:54 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Avira 2015-06-05 15:35 - 2014-10-03 05:02 - 00324374 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2015-06-05 15:35 - 2014-09-26 12:11 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini 2015-06-05 15:26 - 2015-02-18 13:10 - 00000020 _____ C:\WINDOWS\OverlayXP.ini 2015-06-05 13:24 - 2014-10-03 05:02 - 08465774 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1177238915-1035525444-682003330-1003-0.dat 2015-06-05 13:19 - 2014-09-26 14:58 - 00000211 ___SH C:\boot.ini 2015-06-05 06:11 - 2014-09-26 12:11 - 00000000 __SHD C:\Documents and Settings\LocalService 2015-06-04 00:54 - 2014-10-07 19:31 - 00000000 ____D C:\PDF 2015-06-04 00:21 - 2014-10-07 15:25 - 00000000 ____D C:\Documents and Settings\XXXX\My Documents\ACID Pro 7.0 Projects 2015-06-03 19:23 - 2014-09-26 13:17 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups 2015-06-03 16:50 - 2014-11-13 17:58 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job ==================== Files in the root of some directories ======= 2015-06-06 12:20 - 2015-06-06 12:20 - 0005611 _____ () C:\Program Files\!sfxunst.ini 2015-06-06 12:20 - 1995-08-24 08:50 - 0006868 _____ () C:\Program Files\cp_1251.nls 2015-06-06 12:20 - 1996-02-23 16:26 - 0007316 _____ () C:\Program Files\CP_856.NLS 2015-06-15 09:30 - 2000-10-16 14:50 - 0007202 _____ () C:\Program Files\Fdos.com 2015-06-06 12:20 - 2000-10-25 19:44 - 0206848 _____ () C:\Program Files\Flex2K.exe 2015-06-15 09:30 - 2002-05-13 15:19 - 0008628 _____ () C:\Program Files\Flex2K.GID 2015-06-06 12:20 - 2002-05-12 13:57 - 0218403 _____ () C:\Program Files\Flex2K.hlp 2015-06-15 09:30 - 2002-05-19 09:24 - 0180224 _____ () C:\Program Files\FType2K.exe 2015-06-15 09:31 - 2015-06-15 09:31 - 0013241 _____ () C:\Program Files\INSTALL.LOG 2015-06-15 09:30 - 2002-05-13 13:06 - 0131072 _____ () C:\Program Files\Remove.exe 2015-06-06 12:20 - 2000-10-19 00:56 - 0086528 _____ () C:\Program Files\SetupUtl.exe 2015-06-06 12:20 - 2000-10-18 19:54 - 0044842 _____ (e-merge GmbH) C:\Program Files\SXUNINST.EXE 2014-10-28 16:13 - 2009-11-05 10:50 - 9535488 _____ (Softube) C:\Program Files\Tube Delay.dll 2015-06-15 09:30 - 2001-09-28 17:00 - 0164864 _____ () C:\Program Files\UNWISE.EXE 2015-02-19 03:13 - 2015-02-19 03:13 - 0000132 _____ () C:\Documents and Settings\XXXX\Application Data\Adobe BMP Format CS5 Prefs 2015-02-12 00:30 - 2015-02-12 00:42 - 0000188 _____ () C:\Documents and Settings\XXXX\Application Data\wss.ini 2014-10-02 20:29 - 2015-06-19 19:51 - 0114176 _____ () C:\Documents and Settings\XXXX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini Files to move or delete: ==================== C:\Documents and Settings\All Users\Application Data\Package Cache\{8467e01f-0496-42ce-b247-88ef205b4880}\Avira.OE.Setup.Bundle.exe C:\Documents and Settings\HARRYS FLASH\FINDANDMOUNT.EXE C:\Documents and Settings\HARRYS FLASH\LOGONUI.EXE C:\Documents and Settings\HARRYS FLASH\MAGICDISC.EXE C:\Documents and Settings\HARRYS FLASH\MagicISO Maker 5.5 Build 281 (kaldata.com).exe C:\Documents and Settings\HARRYS FLASH\Rufus.exe C:\Documents and Settings\HARRYS FLASH\winamp_metadata.dat C:\Documents and Settings\HARRYS FLASH\YUMI-2.0.1.0.exe Some files in TEMP: ==================== C:\Documents and Settings\XXXX\Local Settings\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe [2014-02-12 16:55] - [2014-02-12 16:55] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d C:\WINDOWS\system32\winlogon.exe [2014-02-12 16:56] - [2014-02-12 16:56] - 0509440 ____A (Microsoft Corporation) 4a83111aa75d8a26ab0eabc03cfc95e0 C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe [2014-02-12 16:56] - [2014-02-12 16:56] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End of log ============================