OTL logfile created on: 3/6/2012 11:45:21 AM - Run 2 OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\bumi\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 2.75 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 77.13% Memory free 5.50 Gb Paging File | 4.81 Gb Available in Paging File | 87.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 172.79 Gb Total Space | 132.03 Gb Free Space | 76.41% Space Free | Partition Type: NTFS Drive D: | 115.20 Gb Total Space | 95.73 Gb Free Space | 83.10% Space Free | Partition Type: NTFS Computer Name: BUMI-MSI | User Name: bumi | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/03/05 16:58:34 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\bumi\Desktop\OotTLl.exe PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/08/26 20:36:00 | 002,684,256 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe PRC - [2009/08/11 00:59:50 | 000,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe PRC - [2009/08/11 00:59:48 | 000,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe PRC - [2009/07/31 06:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe PRC - [2009/07/24 18:52:08 | 002,068,480 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2009/07/10 00:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files\System Control Manager\MSIService.exe PRC - [2009/06/08 23:34:00 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe PRC - [2009/06/04 00:33:00 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe PRC - [2008/07/24 20:24:00 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011/07/21 12:03:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/08/11 00:59:50 | 000,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2009/08/11 00:59:48 | 000,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) SRV - [2009/07/31 06:20:00 | 000,144,752 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009/07/10 00:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aar4d080) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/05/15 11:58:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009/08/28 20:49:00 | 000,169,064 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2009/08/05 23:44:00 | 000,049,400 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2009/08/05 21:55:00 | 000,061,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2009/08/05 01:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2009/07/31 01:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET) DRV - [2009/07/29 05:01:00 | 000,069,480 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2009/07/24 20:31:00 | 000,021,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2009/07/13 23:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009/07/13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD) DRV - [2009/06/29 08:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\nvsmu.sys -- (nvsmu) DRV - [2009/06/19 18:58:00 | 000,009,608 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\Toshidpt.sys -- (toshidpt) DRV - [2009/06/19 18:57:00 | 000,079,872 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2009/06/19 18:56:00 | 000,042,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2009/06/17 20:59:00 | 000,046,984 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\windows\system32\DRIVERS\tosporte.sys -- (tosporte) DRV - [2009/06/06 22:29:00 | 009,759,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/06/04 09:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009/04/30 14:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008/04/25 15:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2005/08/30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gazeta.hit.gemius.pl/hitredir/id=1_2aoau32zKrY2K8AzHtuKPMXfaG5wd126fPuctBzrP.67/stparam=loptipgnqn/url=http://www.gazeta.pl/0,0.html?promocja=pit2011_wyb01&utm_campaign=p_124 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{29D7CAFE-DB69-4271-8595-1C479CCEEA16}: "URL" = http://start.facemoods.com/?a=vsl&s={searchTerms}&f=4 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://interia.pl/" FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0 FF - prefs.js..extensions.enabledItems: {3697b17c-b572-4862-a5e6-7f922c0f3403}:1.1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/24 06:30:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/06 11:37:54 | 000,000,000 | ---D | M] [2010/05/14 21:12:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bumi\AppData\Roaming\mozilla\Extensions [2012/03/06 11:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bumi\AppData\Roaming\mozilla\Firefox\Profiles\a5mbrjpr.default\extensions [2012/02/23 21:57:37 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\bumi\AppData\Roaming\mozilla\Firefox\Profiles\a5mbrjpr.default\extensions\welcome@toolmin.com [2010/05/14 21:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/02/24 06:30:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/06 23:45:14 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012/02/06 23:45:14 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012/02/06 23:45:14 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012/02/06 23:45:14 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012/02/06 23:45:14 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012/02/06 23:45:14 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012/03/05 08:32:56 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\bumi\AppData\Roaming\toolplugin\toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found. O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.204.152.34 194.204.159.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BB8BC48-3C52-48E5-A57F-41C62E2B718A}: DhcpNameServer = 194.204.152.34 194.204.159.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{e8c0f84f-6010-11df-90ed-cd13722cd18a}\Shell - "" = AutoRun O33 - MountPoints2\{e8c0f84f-6010-11df-90ed-cd13722cd18a}\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/03/06 11:37:53 | 000,000,000 | ---D | C] -- C:\_OTL [2012/03/05 16:58:32 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\bumi\Desktop\OotTLl.exe [2012/02/23 21:57:37 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2012/02/23 21:57:34 | 000,000,000 | ---D | C] -- C:\Users\bumi\AppData\Roaming\toolplugin [2012/02/16 03:00:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2012/02/16 03:00:43 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2012/02/16 03:00:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2012/02/16 03:00:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2012/02/16 03:00:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2012/02/16 03:00:39 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2012/02/16 00:58:39 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2011/12/15 17:14:24 | 002,161,160 | ---- | C] (DownVision ) -- C:\Users\bumi\AppData\Local\setup.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/03/06 11:43:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/03/06 11:43:25 | 2213,990,400 | -HS- | M] () -- C:\hiberfil.sys [2012/03/06 11:42:40 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/03/06 11:42:39 | 000,017,600 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/03/06 10:37:31 | 000,687,828 | ---- | M] () -- C:\windows\System32\perfh015.dat [2012/03/06 10:37:31 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/03/06 10:37:31 | 000,131,382 | ---- | M] () -- C:\windows\System32\perfc015.dat [2012/03/06 10:37:31 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/03/05 16:58:34 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\bumi\Desktop\OotTLl.exe [2012/03/05 16:47:28 | 000,605,989 | ---- | M] () -- C:\Users\bumi\Desktop\adwcleaner.exe [2012/03/05 16:08:13 | 000,302,592 | ---- | M] () -- C:\Users\bumi\Desktop\luq4912h.exe [2012/03/05 08:32:56 | 000,000,761 | RHS- | M] () -- C:\windows\System32\drivers\etc\hosts [2012/03/01 09:14:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl [2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe [2012/02/16 03:18:55 | 000,376,464 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/03/05 16:47:26 | 000,605,989 | ---- | C] () -- C:\Users\bumi\Desktop\adwcleaner.exe [2012/03/05 16:08:10 | 000,302,592 | ---- | C] () -- C:\Users\bumi\Desktop\luq4912h.exe [2011/12/15 17:14:14 | 000,460,624 | ---- | C] () -- C:\Users\bumi\AppData\Local\promo.exe [2011/07/25 16:53:20 | 000,004,608 | ---- | C] () -- C:\Users\bumi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/05/15 11:19:24 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll [2010/05/15 00:13:05 | 000,000,174 | ---- | C] () -- C:\Users\bumi\AppData\Roaming\wklnhst.dat < End of report >