OTL logfile created on: 9/24/2013 6:05:42 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.48 Mb Total Physical Memory | 220.81 Mb Available Physical Memory | 28.77% Memory free 1.83 Gb Paging File | 1.23 Gb Available in Paging File | 66.88% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 15.62 Gb Total Space | 0.65 Gb Free Space | 4.14% Space Free | Partition Type: NTFS Drive D: | 23.44 Gb Total Space | 0.60 Gb Free Space | 2.56% Space Free | Partition Type: NTFS Drive E: | 109.98 Gb Total Space | 1.38 Gb Free Space | 1.26% Space Free | Partition Type: NTFS Computer Name: KRKA | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/09/24 18:03:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe PRC - [2013/08/17 13:49:48 | 000,337,816 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013/07/06 01:51:16 | 000,243,624 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2009/07/01 18:38:40 | 001,481,056 | ---- | M] (Nullsoft) -- C:\Program Files\Winamp\winamp.exe PRC - [2008/07/03 11:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006/08/02 23:12:00 | 000,638,976 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/08/17 13:49:46 | 003,551,640 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013/07/04 21:11:41 | 006,277,488 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2009/07/01 18:36:42 | 001,506,304 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ff.dll MOD - [2009/07/01 18:35:10 | 000,025,600 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_hotkeys.dll MOD - [2009/07/01 18:35:04 | 000,294,912 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_ml.dll MOD - [2009/07/01 18:34:36 | 000,025,088 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_tray.dll MOD - [2009/07/01 18:34:34 | 000,107,520 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_cdda.dll MOD - [2009/07/01 18:34:10 | 000,006,656 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_linein.dll MOD - [2009/07/01 18:34:08 | 000,098,304 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_midi.dll MOD - [2009/07/01 18:34:00 | 000,160,768 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mod.dll MOD - [2009/07/01 18:33:44 | 000,267,776 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp3.dll MOD - [2009/07/01 18:33:36 | 000,038,400 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_mp4.dll MOD - [2009/07/01 18:33:18 | 000,231,424 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_vorbis.dll MOD - [2009/07/01 18:32:56 | 000,047,104 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_ds.dll MOD - [2009/07/01 18:32:52 | 000,018,432 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_wave.dll MOD - [2009/07/01 18:32:34 | 000,616,960 | ---- | M] () -- C:\Program Files\Winamp\System\jnetlib.w5s MOD - [2009/07/01 18:32:18 | 000,365,056 | ---- | M] () -- C:\Program Files\Winamp\System\aacPlusDecoder.w5s MOD - [2009/07/01 18:32:12 | 000,297,472 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wm.dll MOD - [2009/07/01 18:31:38 | 000,019,456 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_disk.dll MOD - [2009/07/01 18:31:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_wave.dll MOD - [2009/07/01 18:31:26 | 000,018,944 | ---- | M] () -- C:\Program Files\Winamp\System\tagz.w5s MOD - [2009/07/01 18:31:20 | 000,201,728 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_pmp.dll MOD - [2009/07/01 18:30:58 | 000,104,960 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_ipod.dll MOD - [2009/07/01 18:30:48 | 000,017,920 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_njb.dll MOD - [2009/07/01 18:30:44 | 000,114,176 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_p4s.dll MOD - [2009/07/01 18:30:36 | 000,256,000 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_online.dll MOD - [2009/07/01 18:29:44 | 000,087,552 | ---- | M] () -- C:\Program Files\Winamp\System\xml.w5s MOD - [2009/07/01 18:29:40 | 000,078,336 | ---- | M] () -- C:\Program Files\Winamp\System\png.w5s MOD - [2009/07/01 18:29:36 | 000,020,480 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_bookmarks.dll MOD - [2009/07/01 18:29:32 | 000,194,048 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_disc.dll MOD - [2009/07/01 18:29:16 | 000,042,496 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_history.dll MOD - [2009/07/01 18:28:58 | 000,275,968 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_local.dll MOD - [2009/07/01 18:28:00 | 000,076,288 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_playlists.dll MOD - [2009/07/01 18:27:54 | 000,075,776 | ---- | M] () -- C:\Program Files\Winamp\System\playlist.w5s MOD - [2009/07/01 18:27:20 | 000,045,568 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_orgler.dll MOD - [2009/07/01 18:27:06 | 000,018,432 | ---- | M] () -- C:\Program Files\Winamp\System\auth.w5s MOD - [2009/07/01 18:27:00 | 000,011,264 | ---- | M] () -- C:\Program Files\Winamp\System\filereader.w5s MOD - [2009/07/01 18:26:56 | 000,042,496 | ---- | M] () -- C:\Program Files\Winamp\Plugins\pmp_usb.dll MOD - [2009/07/01 18:26:46 | 000,024,064 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_rg.dll MOD - [2009/07/01 18:26:44 | 000,104,448 | ---- | M] () -- C:\Program Files\Winamp\System\jpeg.w5s MOD - [2009/07/01 18:26:38 | 000,045,568 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_impex.dll MOD - [2009/07/01 18:26:28 | 000,028,160 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_transcode.dll MOD - [2009/07/01 18:25:38 | 000,038,400 | ---- | M] () -- C:\Program Files\Winamp\Plugins\in_flac.dll MOD - [2009/07/01 18:25:16 | 000,007,168 | ---- | M] () -- C:\Program Files\Winamp\System\bmp.w5s MOD - [2009/07/01 18:25:14 | 000,015,872 | ---- | M] () -- C:\Program Files\Winamp\System\gif.w5s MOD - [2009/07/01 18:25:06 | 000,026,624 | ---- | M] () -- C:\Program Files\Winamp\System\timer.w5s MOD - [2009/07/01 18:24:50 | 000,013,824 | ---- | M] () -- C:\Program Files\Winamp\System\gracenote.w5s MOD - [2009/07/01 18:24:46 | 000,057,856 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_plg.dll MOD - [2009/07/01 18:24:34 | 000,026,624 | ---- | M] () -- C:\Program Files\Winamp\Plugins\ml_autotag.dll MOD - [2009/07/01 18:24:28 | 000,024,576 | ---- | M] () -- C:\Program Files\Winamp\System\dlmgr.w5s MOD - [2009/07/01 18:23:28 | 000,009,728 | ---- | M] () -- C:\Program Files\Winamp\System\primo.w5s MOD - [2009/07/01 18:23:26 | 000,869,376 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_dropbox.dll MOD - [2009/07/01 18:21:02 | 000,064,000 | ---- | M] () -- C:\Program Files\Winamp\tataki.dll MOD - [2009/07/01 18:20:28 | 000,087,040 | ---- | M] () -- C:\Program Files\Winamp\nde.dll MOD - [2009/07/01 18:20:18 | 000,238,080 | ---- | M] () -- C:\Program Files\Winamp\libsndfile.dll MOD - [2009/04/28 22:20:12 | 000,210,432 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_jumpex.dll MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2008/05/02 00:15:38 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2008/04/14 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2004/09/12 22:17:42 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\CopyToSendTo.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2013/08/17 13:49:46 | 000,179,096 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/07/25 09:40:44 | 000,224,112 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/07/06 01:51:16 | 000,243,624 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RT61.sys -- (RT61) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hrnhln.sys -- (aic32p) DRV - [2012/06/12 02:57:20 | 006,629,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2012/02/23 20:31:22 | 000,099,856 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService) DRV - [2008/12/30 13:29:33 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008/12/30 13:29:33 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008/12/30 13:14:47 | 003,720,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService) DRV - [2008/12/30 13:14:40 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts) DRV - [2006/11/10 15:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool) DRV - [2006/08/18 07:52:00 | 004,017,536 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) DRV - [2006/02/25 16:13:06 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "www.google.rs" FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.9.5 FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.9.6 FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/03 16:52:32 | 000,000,000 | ---D | M] [2013/06/27 15:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2013/09/19 18:43:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iui3bszj.default\extensions [2013/09/19 18:43:29 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iui3bszj.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013/07/15 02:38:55 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iui3bszj.default\extensions\netvideohunter@netvideohunter.com [2013/08/31 19:12:38 | 000,332,487 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iui3bszj.default\extensions\artur.dubovoy@gmail.com.xpi [2013/09/09 00:41:43 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iui3bszj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/08/17 13:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/08/17 13:49:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013/07/05 16:06:26 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 92.60.224.20 92.60.224.30 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{928532FC-2468-4CAC-A3D6-E1A6051E6316}: DhcpNameServer = 92.60.224.20 92.60.224.30 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013/06/27 14:58:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/09/24 04:45:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2013/09/23 17:28:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos [2013/09/23 17:28:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools [2013/09/17 20:12:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder [2013/09/15 20:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild [2013/09/15 20:21:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer [2013/09/15 20:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies [2013/09/15 20:20:56 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll [2013/09/15 20:20:55 | 000,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe [2013/09/10 02:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files [2013/09/03 17:04:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2013/09/03 16:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2013/09/03 16:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe [2013/09/03 16:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AutoUpdate [2013/09/03 16:36:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Eltima Software [2013/09/03 16:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2013/09/03 16:17:21 | 000,000,000 | ---D | C] -- C:\Output [2013/09/03 16:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\PDF Password Remover v3.1 [2013/09/01 21:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2013/09/01 21:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID [2013/09/01 14:20:45 | 000,000,000 | ---D | C] -- C:\games [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/09/24 11:20:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/09/19 16:49:41 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/09/17 15:52:32 | 007,078,758 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AUD002.amr [2013/09/15 20:52:54 | 000,098,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/09/15 20:24:38 | 000,427,922 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/09/15 20:24:38 | 000,066,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/09/12 17:28:15 | 000,016,896 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/09/03 16:52:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk [2013/09/03 16:15:05 | 000,000,082 | ---- | M] () -- C:\WINDOWS\winDecrypt.INI [2013/09/01 21:53:19 | 000,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/09/17 20:10:27 | 007,078,758 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AUD002.amr [2013/09/15 20:24:17 | 000,064,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2013/09/03 16:52:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk [2013/09/03 16:52:33 | 000,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk [2013/09/03 16:14:22 | 000,000,082 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI [2013/09/01 21:53:19 | 000,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk [2013/07/05 19:44:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2013/07/05 01:39:14 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2013/07/05 01:25:26 | 000,001,019 | ---- | C] () -- C:\WINDOWS\ATICIM.INI [2013/07/04 21:47:34 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2013/07/04 21:47:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2013/07/04 21:47:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2013/07/04 21:47:33 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2013/06/30 12:37:23 | 000,016,896 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/06/27 16:48:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2013/06/27 16:47:22 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2013/06/27 16:46:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2013/06/27 16:43:18 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/06/27 15:08:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2013/06/27 15:07:55 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2013/06/27 15:07:43 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2013/06/27 14:59:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013/06/27 14:54:11 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2013/07/05 01:35:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/10/16 01:04:06 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2008/04/14 12:00:00 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02B2B479 < End of report >