malware problems

**ken545** · 2011-08-25, 19:47

Yes, these updates come out faster than I can post them

**trawa** · 2011-08-26, 01:20

So here's the skinny... Latest Java installed and verified... I don't have a Cache tab, so I selected the General tab, temp Internet files/ settings button... and clicked delete files... Also went through the list of files that were found with the Eset online scanner and checked those directories to see if the files still existed.... Seems they are all gone for now... So what would you like me to do next?

**ken545** · 2011-08-26, 03:26

Lets do this, let me take a final look

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**trawa** · 2011-08-26, 18:59

THANKS... Here are the log's...

OTL logfile created on: 8/26/2011 11:53:27 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\weaz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 84.37% Memory free
5.09 Gb Paging File | 4.70 Gb Available in Paging File | 92.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.60 Gb Total Space | 19.66 Gb Free Space | 48.43% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 34.05 Gb Free Space | 69.74% Space Free | Partition Type: NTFS
Drive E: | 195.32 Gb Total Space | 104.84 Gb Free Space | 53.68% Space Free | Partition Type: NTFS
Drive F: | 201.17 Gb Total Space | 16.14 Gb Free Space | 8.02% Space Free | Partition Type: NTFS
Drive G: | 212.72 Gb Total Space | 154.71 Gb Free Space | 72.73% Space Free | Partition Type: NTFS
Drive O: | 485.34 Mb Total Space | 485.34 Mb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: WEEZ-DBCAD9B369 | User Name: weaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\weaz\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
PRC - C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dd7e99ceeb047243863f6ad5c803bf59\System.Runtime.Remoting.ni.dll ()
MOD - C:\weaz\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3632.28362__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3632.28362__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3632.28368__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3632.28362__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3632.28243__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3632.28307__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3632.28345__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3632.28218__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3632.28326__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3632.28245__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3632.28319__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3632.28229__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3632.28346__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3632.28290__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3632.28244__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3632.28277__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3632.28238__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3632.28244__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3632.28229__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Runtime\2.0.3632.28389__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3632.28360__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3632.28298__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3632.28299__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3632.28359__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3632.28298__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3632.28280__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3632.28312__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3632.28246__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3632.28321__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3632.28247__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3632.28232__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3632.28273__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3632.28287__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3632.28286__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3632.28252__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3632.28288__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3632.28293__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3632.28278__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3632.28279__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3621.42212__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3621.42210__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3621.42227__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3621.42278__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3621.42271__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3621.42225__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3621.42271__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3621.42190__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3621.42192__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3621.42329__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3621.42223__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3621.42228__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3621.42202__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3621.42196__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3621.42274__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3621.42246__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3621.42267__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3621.42241__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3621.42213__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3621.42244__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3621.42217__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3621.42209__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Shared\2.0.3621.42268__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3621.42241__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3621.42211__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3621.42240__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3621.42221__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3632.28381__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3621.42247__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3621.42226__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3621.42243__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3632.28353__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3621.42214__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3621.42224__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3621.42229__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3621.42211__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3621.42225__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3621.42213__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3632.28212__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3632.28331__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3632.28237__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3632.28338__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3632.28336__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3632.28215__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3632.28217__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3621.42219__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3621.42205__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3621.42192__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3621.42221__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3621.42200__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3621.42221__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3632.28224__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3632.28215__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3632.28213__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3621.42217__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3621.42221__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3621.42249__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3632.28338__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\355411a730577e41a36241ccc0c10d99\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\6495df73abc4b54c8677c79c251d16a1\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\de8b438f97f82f4285cf205cf0e35242\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\76749e9a21552747a53aa4dfc3c1da9d\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f04b06c158f9d3458e111cd3cac10701\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\84d9727cfb9f494a99e3b7b6f94d75c0\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\58d499e4e715364da83739e2f443a49a\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\29cb1537dfa6574584a4cae061853dc7\mscorlib.ni.dll ()
MOD - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\WINDOWS\system32\P17.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)
SRV - (astcc) -- C:\WINDOWS\system32\astsrv.exe (Nalpeiron Ltd.)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (GEST Service) -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe ()
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

========== Driver Services (SafeList) ==========

DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MAUSBMP) Service for M-Audio Mobile Pre (WDM) -- C:\WINDOWS\system32\drivers\mausbmp.sys (Avid Technology, Inc.)
DRV - (rig3avs) -- C:\WINDOWS\system32\drivers\rig3avs.sys (Native Instruments GmbH)
DRV - (rig3usb) -- C:\WINDOWS\system32\drivers\rig3usb.sys (Native Instruments GmbH)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys ()
DRV - (easdrv) -- C:\WINDOWS\system32\drivers\easdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam E3500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1482476501-854245398-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1482476501-854245398-839522115-1003\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-1482476501-854245398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-854245398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com,www.plimus.com,regnow.com,www.regnow.com,

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/firefox"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/20 18:37:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/26 11:43:58 | 000,000,000 | ---D | M]

[2011/08/21 21:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\weaz\Application Data\Mozilla\Extensions
[2011/08/26 11:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\weaz\Application Data\Mozilla\Firefox\Profiles\hp43wxme.default\extensions
[2010/02/06 04:37:59 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\weaz\Application Data\Mozilla\Firefox\Profiles\hp43wxme.default\extensions\personas@christopher.beard
[2011/08/25 18:08:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/25 18:06:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/25 18:08:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/07/19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

Hosts file not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-1482476501-854245398-839522115-1003..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-854245398-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1482476501-854245398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1482476501-854245398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1482476501-854245398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files\Savevid\redirect.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/.../en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/07 00:22:41 | 000,006,478 | ---- | M] () - C:\AutoEnginuity.log -- [ NTFS ]
O32 - AutoRun File - [2009/09/12 06:04:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/26 11:47:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\weaz\Desktop\OTL.exe
[2011/08/25 18:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/25 18:07:12 | 000,908,576 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\weaz\Desktop\jxpiinstall.exe
[2011/08/25 18:06:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/08/25 18:06:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/08/25 18:06:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/08/25 18:06:52 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/08/25 18:06:41 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/08/25 12:05:18 | 016,619,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\weaz\Desktop\jre-6u26-windows-i586.exe
[2011/08/25 00:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2011/08/25 00:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\Advanced.Archive.Password.Recovery.Professional.v4.53.incl.serial-iOTA
[2011/08/24 17:36:42 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\weaz\Desktop\esetsmartinstaller_enu.exe
[2011/08/24 04:11:10 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\weaz\Desktop\aswMBR.exe
[2011/08/24 02:13:51 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\weaz\Desktop\TDSSKiller.exe
[2011/08/23 18:03:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\enigne toolz
[2011/08/23 01:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\My Documents\TADS
[2011/08/22 01:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\yugioh cards
[2011/08/21 22:39:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\dragway
[2011/08/21 22:23:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\summit parts order
[2011/08/21 12:06:12 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\weaz\Desktop\dds.scr
[2011/08/21 12:05:51 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\weaz\Desktop\erunt-setup.exe
[2011/08/20 22:28:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/20 20:38:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\weaz\Recent
[2011/08/20 20:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/08/20 18:40:09 | 000,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2011/08/20 18:40:09 | 000,287,744 | ---- | C] (Kristal StudioDFileDescription) -- C:\WINDOWS\System32\divxa32.acm
[2011/08/20 18:40:09 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2011/08/20 18:40:09 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2011/08/20 18:40:09 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011/08/20 18:40:09 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2011/08/20 18:40:09 | 000,039,936 | ---- | C] (Disappearing Inc.) -- C:\WINDOWS\System32\huffyuv.dll
[2011/08/20 18:13:27 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/20 17:38:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\weaz\Start Menu\Programs\Administrative Tools
[2011/08/20 17:37:38 | 004,179,402 | R--- | C] (Swearware) -- C:\Documents and Settings\weaz\Desktop\ComboFix.exe
[2011/08/20 17:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\backups
[2011/08/20 17:32:50 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\weaz\Desktop\HijackThis.exe
[2011/08/20 16:57:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/08/20 16:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/08/20 16:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/08/20 16:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/08/20 15:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/08/20 15:32:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/20 14:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/20 14:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/17 21:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\383 shitz
[2011/08/16 17:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\91 maro
[2011/08/16 11:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\Camera Card
[2011/08/15 19:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\Carz showz PA
[2011/08/11 18:58:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Application Data\Malwarebytes
[2011/08/11 18:58:47 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/11 18:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/11 18:58:44 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/11 18:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/11 17:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LoveChess Age Of Egypt
[2011/08/11 17:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\LoveChess Age Of Egypt
[2011/08/10 19:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\blue 92 parachute parts n pics
[2011/08/08 15:12:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\kris crazy movies
[2011/08/05 18:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\popodupa
[2011/08/05 18:37:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\poopoopoop
[2011/08/05 18:07:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}
[2011/08/05 18:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\Savevid
[2011/07/30 22:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\car showz palatine
[2011/07/30 02:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Application Data\MOVAVI
[2011/07/30 02:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Movavi Video Editor 6
[2011/07/30 02:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\weaz\Desktop\Movavi Video Editor 6
[2002/04/11 01:41:06 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/26 11:47:51 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\weaz\Desktop\OTL.exe
[2011/08/26 11:44:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/26 11:43:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/08/25 18:07:30 | 000,908,576 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\weaz\Desktop\jxpiinstall.exe
[2011/08/25 12:05:24 | 016,619,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\weaz\Desktop\jre-6u26-windows-i586.exe
[2011/08/25 00:32:13 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\weaz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/25 00:16:47 | 002,395,439 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\Advanced.Archive.Password.Recovery.Professional.v4.53 FULL.rar
[2011/08/25 00:04:40 | 000,235,090 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\Insidious_2011_720p_RC_BDRip_XviD_AC3_FLAWL3SS.torrent
[2011/08/24 17:36:46 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\weaz\Desktop\esetsmartinstaller_enu.exe
[2011/08/24 04:12:33 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\MBR.dat
[2011/08/24 04:11:27 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\weaz\Desktop\aswMBR.exe
[2011/08/23 01:26:32 | 000,065,536 | ---- | M] () -- C:\WINDOWS\TADSUINS.EXE
[2011/08/22 21:49:35 | 000,142,231 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\[PC GAME - Multi10] Video Strip Poker Classic 2007 [TNTvillage] [h33t].torrent
[2011/08/22 15:48:36 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\weaz\Desktop\TDSSKiller.exe
[2011/08/21 21:19:14 | 000,000,425 | RHS- | M] () -- C:\boot.ini
[2011/08/21 12:59:05 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\attach.zip
[2011/08/21 12:06:15 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\weaz\Desktop\dds.scr
[2011/08/21 12:06:00 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\weaz\Desktop\erunt-setup.exe
[2011/08/21 11:35:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/20 20:28:39 | 001,389,603 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\tdsskiller.zip
[2011/08/20 18:12:13 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2011/08/20 17:38:06 | 004,179,402 | R--- | M] (Swearware) -- C:\Documents and Settings\weaz\Desktop\ComboFix.exe
[2011/08/20 17:32:51 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\weaz\Desktop\HijackThis.exe
[2011/08/20 17:17:06 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\wxeclw.sys
[2011/08/20 04:42:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/17 23:03:32 | 000,448,341 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\rad camaro.JPG
[2011/08/16 18:14:17 | 001,102,424 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\91 maro.rar
[2011/08/11 19:02:04 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\cymxadkq.sys
[2011/08/08 03:00:00 | 000,074,752 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/08 03:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2011/08/01 00:28:38 | 005,655,598 | ---- | M] () -- C:\Documents and Settings\weaz\Desktop\Queen - Bohemian Rhapsody.mp3
[2011/07/30 02:15:42 | 000,005,117 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hvcatrnw.tht
[2011/07/29 23:18:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/25 00:16:43 | 002,395,439 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\Advanced.Archive.Password.Recovery.Professional.v4.53 FULL.rar
[2011/08/25 00:04:39 | 000,235,090 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\Insidious_2011_720p_RC_BDRip_XviD_AC3_FLAWL3SS.torrent
[2011/08/24 04:12:33 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\MBR.dat
[2011/08/23 01:27:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\TADSUINS.EXE
[2011/08/22 21:49:35 | 000,142,231 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\[PC GAME - Multi10] Video Strip Poker Classic 2007 [TNTvillage] [h33t].torrent
[2011/08/21 12:59:05 | 000,002,527 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\attach.zip
[2011/08/20 20:28:30 | 001,389,603 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\tdsskiller.zip
[2011/08/20 18:40:13 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/08/20 18:40:09 | 003,164,160 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2011/08/20 18:40:09 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2011/08/20 18:40:08 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/08/20 18:40:08 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/08/20 18:40:08 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/08/20 17:39:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/20 17:17:05 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\wxeclw.sys
[2011/08/16 18:14:00 | 001,102,424 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\91 maro.rar
[2011/08/15 20:02:01 | 000,448,341 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\rad camaro.JPG
[2011/08/11 19:02:04 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cymxadkq.sys
[2011/08/01 00:28:28 | 005,655,598 | ---- | C] () -- C:\Documents and Settings\weaz\Desktop\Queen - Bohemian Rhapsody.mp3
[2011/07/30 02:15:42 | 000,005,117 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hvcatrnw.tht
[2010/11/14 20:48:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/25 15:19:48 | 002,349,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/23 20:54:12 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2010/06/09 21:34:38 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\weaz\Local Settings\Application Data\fusioncache.dat
[2010/05/05 13:59:15 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2010/05/05 13:59:15 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/04/17 19:08:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2010/04/17 19:08:03 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2010/01/18 23:51:50 | 000,347,472 | ---- | C] () -- C:\Documents and Settings\weaz\Local Settings\Application Data\MB.SAV
[2009/12/29 21:22:37 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/12/19 21:19:21 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2009/12/16 18:45:34 | 000,270,848 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2009/12/12 17:18:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2009/12/12 17:18:57 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2009/11/14 14:17:12 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/11/14 14:17:04 | 000,103,736 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/11/14 14:16:39 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/11/07 01:16:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/11/04 22:38:02 | 000,874,502 | ---- | C] () -- C:\WINDOWS\System32\kernel32new.dll
[2009/11/04 22:38:02 | 000,681,478 | ---- | C] () -- C:\WINDOWS\System32\msvcrtnew.dll
[2009/11/04 22:38:02 | 000,187,398 | ---- | C] () -- C:\WINDOWS\System32\d3d10core.dll
[2009/10/08 15:36:09 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\weaz\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 22:49:52 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/09/26 22:49:52 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\846596EC1C.sys
[2009/09/26 21:25:14 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/19 03:27:37 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/19 03:27:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/19 03:27:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/19 03:27:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/12 07:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/09/12 07:04:17 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/09/12 07:04:07 | 000,000,236 | ---- | C] () -- C:\Program Files\Common Files\dx.reg
[2009/09/12 07:04:06 | 001,029,126 | ---- | C] () -- C:\WINDOWS\System32\d3d10.dll
[2009/09/12 07:04:06 | 000,716,153 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2009/09/12 07:04:06 | 000,005,298 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2009/09/12 07:03:03 | 000,006,010 | ---- | C] () -- C:\WINDOWS\System32\ma004103.bin
[2009/09/12 06:42:26 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/09/12 06:33:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/12 06:22:54 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/09/12 06:07:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/12 06:01:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/12 00:52:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/12 00:49:35 | 000,271,784 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/13 20:42:20 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/08/13 20:42:20 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/14 10:09:12 | 000,197,982 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/02/18 12:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 15:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/10/28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/08/18 13:27:42 | 000,034,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2008/07/26 09:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2005/05/03 11:38:42 | 000,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2004/08/03 19:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/10/02 10:48:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2001/08/23 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 07:00:00 | 000,439,154 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 07:00:00 | 000,071,114 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/09/12 06:53:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/02/13 14:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/08/12 19:39:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/30 21:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\xml_param
[2010/02/13 14:04:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2010/03/28 17:32:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{784E3329-1B2A-421E-9427-596088B766F6}
[2009/09/14 00:55:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2011/08/05 18:07:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}
[2010/02/13 14:03:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
[2009/09/14 00:55:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EFBDC0EC-2698-4A44-8AAD-4113D6D8BB82}
[2009/10/27 23:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\2K Sports
[2010/08/15 00:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Audacity
[2009/11/20 13:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\BoneTown
[2011/08/20 19:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\foobar2000
[2009/12/29 21:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Leadertech
[2011/07/30 02:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\MOVAVI
[2009/09/26 05:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\NetMedia Providers
[2009/12/12 17:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Progression
[2010/08/11 23:54:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Publish Providers
[2009/10/14 21:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Roni Music
[2011/04/01 23:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Rovio
[2010/02/01 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\Sony
[2011/08/25 02:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\weaz\Application Data\uTorrent

========== Purity Check ==========

< End of report >

**trawa** · 2011-08-26, 19:00

OTL Extras logfile created on: 8/26/2011 11:53:27 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\weaz\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 84.37% Memory free
5.09 Gb Paging File | 4.70 Gb Available in Paging File | 92.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40.60 Gb Total Space | 19.66 Gb Free Space | 48.43% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 34.05 Gb Free Space | 69.74% Space Free | Partition Type: NTFS
Drive E: | 195.32 Gb Total Space | 104.84 Gb Free Space | 53.68% Space Free | Partition Type: NTFS
Drive F: | 201.17 Gb Total Space | 16.14 Gb Free Space | 8.02% Space Free | Partition Type: NTFS
Drive G: | 212.72 Gb Total Space | 154.71 Gb Free Space | 72.73% Space Free | Partition Type: NTFS
Drive O: | 485.34 Mb Total Space | 485.34 Mb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: WEEZ-DBCAD9B369 | User Name: weaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1482476501-854245398-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
jsfile [edit] -- "C:\weaz\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "G:\Corel PSP Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [compress] -- C:\Documents and Settings\weaz\Desktop\KGB Archiver\kgb_arch_compress.exe "%1\"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"G:\OF Dragon Rising\OFDR.exe" = G:\OF Dragon Rising\OFDR.exe:*:Enabled:OF Dragon Rising -- (Codemasters Software Company Limited)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox.exe -- (Mozilla Corporation)
"G:\gta IV\Rockstar Games Social Club\RGSCLauncher.exe" = G:\gta IV\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"G:\gta IV\Grand Theft Auto IV\LaunchGTAIV.exe" = G:\gta IV\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"G:\gta IV\Grand Theft Auto IV\GTAIV.exe" = G:\gta IV\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03030CB1-AEA1-90F8-6442-AC063AA1AE20}" = ccc-core-static
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1508CFA3-1A63-43A0-9C79-E521E8F337FD}" = Cam Analyzer v3.8
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1A3D8A23-3215-46B7-AB97-E304ADABFC18}" = ESET NOD32 Antivirus
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1A5F9CD3-7BD3-F68F-1267-7C1157AFE531}" = Catalyst Control Center Graphics Full New
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2623D63C-B2C5-4D5A-9C62-830D2C4682D7}" = Dyno-Scan for Windows 8.0.0
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 27
"{29082A9B-0144-5189-78B3-1E8D47DD644D}" = ccc-core-preinstall
"{2956585F-DB2F-45C2-9363-F8CB0BB4F2A7}" = Sony ACID Pro 6.0
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2FAAECD0-1929-11DA-6784-006853A418BE}" = LoveChess Age Of Egypt
"{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}" = Windows 7 USB/DVD Download Tool
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3F1420A7-FF17-40F0-B4FE-3481B8D10081}" = MaxiLink
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5201A854-5EC2-4B23-BB01-941ADDCF1DDE}" = CSR Hall
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{58BEE9AE-625D-4177-BC5E-E6E0794C092E}" = MaxiLink
"{5E7C721D-B008-4269-A1C4-2CE7E9757983}" = BoneTown
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{71CFE572-6C01-96C4-F90E-36C147C98123}" = Catalyst Control Center InstallProxy
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73090A5A-E0C0-4E0B-A320-E183877061A5}" = ALLDATA Repair
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
"{870FB7F0-59C3-099B-4ABF-A9F977393EE9}" = ccc-utility
"{885DDF98-4E4C-4D80-59C9-B785F2D314E4}" = Catalyst Control Center Graphics Previews Common
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91ADB100-2654-4F20-A319-3088D356DEED}" = MobilePre
"{A6EB4CB7-DA32-2FAA-7078-7C0C2882D9DF}" = CCC Help English
"{A816AE22-1878-CACA-7541-47C56F9A96F7}" = ATI Catalyst Install Manager
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B3D87264-EAC9-4DE8-8D0E-E758CA1413A0}_is1" = Disciples III
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B90AC632-A6FF-4755-80BA-D48CD7809E08}" = ScanTool
"{B918272C-7E6E-194F-53E9-D3B566480686}" = Catalyst Control Center Graphics Light
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C8A92B59-E083-7715-F78F-FDD77B121C3C}" = Catalyst Control Center HydraVision Full
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DEE4D866-5145-4AF9-B38A-A25AD3F69FFD}" = ScanTool
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1BCD1EA-73CE-B1BF-70DC-A1A6EF3132EE}" = Catalyst Control Center Graphics Full Existing
"{F2E92959-8856-6656-BE20-4E2F6685F170}" = Catalyst Control Center Core Implementation
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FE1F501D-27BA-4C44-A552-52B02250EC58}" = Engine Analyzer v3.4
"23C892DBF52DDAF3C9BD2BB6E9805E79FCD09A67" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"7-Zip" = 7-Zip 4.65
"A2E63BDAC649E514867CB43CE0B4F9DB111206C2" = Windows Driver Package - FTDI CDM Driver Package (05/19/2006 2.00.00)
"AB2094562DCCF887D275D26D0C18F6D23EBE5E07" = Windows Driver Package - STMicroelectronics (STTub203) USB
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazing Slow Downer" = Amazing Slow Downer (remove only)
"ATI Display Driver" = ATI Display Driver
"AutoTap 3.1" = AutoTap 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Cam Pro Plus Demo" = Cam Pro Plus Demo
"CamQuest6 Cam Selection.0408" = CamQuest6 Cam Selection.0408
"CCleaner" = CCleaner
"DirectX10 for Windows XP - Win2000, 2003,..._is1" = DirectX10 RC2 Pre Fix 3
"Drag2003_is1" = Drag2003 v4.05
"Dyno2003_is1" = Dyno2003 v4.05
"EasyBCD" = EasyBCD 1.7.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"foobar2000" = foobar2000 v0.9.6.1
"FTDICOMM" = FTDI USB Serial Converter Drivers
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.6.0
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Movavi Video Editor 6" = Movavi Video Editor
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Rig Kontrol 3 Driver" = Native Instruments Rig Kontrol 3 Driver
"Native Instruments Service Center" = Native Instruments Service Center
"PowerISO" = PowerISO
"ReValver Mk III_is1" = ReValver Mk III
"SaveVid Plug-in" = SaveVid Plug-in
"SysInfo" = Creative System Information
"TuxGuitar_0" = TuxGuitar 1.2
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Video Converter" = Xilisoft Video Converter 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1482476501-854245398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced Archive Password Recovery" = Advanced Archive Password Recovery

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/25/2010 4:11:06 PM | Computer Name = WEEZ-DBCAD9B369 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application rgsc.exe, version 1.0.0.0, stamp 49432158, faulting
module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address
0x00012aeb.

Error - 10/25/2010 4:11:38 PM | Computer Name = WEEZ-DBCAD9B369 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application rgsc.exe, version 1.0.0.0, stamp 49432158, faulting
module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address
0x00012aeb.

Error - 10/25/2010 4:11:41 PM | Computer Name = WEEZ-DBCAD9B369 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application rgsc.exe, version 1.0.0.0, stamp 49432158, faulting
module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address
0x00012aeb.

Error - 10/25/2010 4:18:45 PM | Computer Name = WEEZ-DBCAD9B369 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application rgsc.exe, version 1.0.0.0, stamp 49432158, faulting
module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address
0x00012aeb.

Error - 10/25/2010 4:18:48 PM | Computer Name = WEEZ-DBCAD9B369 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application rgsc.exe, version 1.0.0.0, stamp 49432158, faulting
module kernel32.dll, version 5.1.2600.5512, stamp 4802a12c, debug? 0, fault address
0x00012aeb.

Error - 10/25/2010 4:29:13 PM | Computer Name = WEEZ-DBCAD9B369 | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 15.0.0.498, faulting module
setup.exe, version 15.0.0.498, fault address 0x000295fe.

Error - 10/29/2010 1:27:32 AM | Computer Name = WEEZ-DBCAD9B369 | Source = Application Error | ID = 1000
Description = Faulting application gtaiv.exe, version 1.0.0.0, faulting module gtaiv.exe,
version 1.0.0.0, fault address 0x00515fa2.

Error - 11/14/2010 9:56:02 PM | Computer Name = WEEZ-DBCAD9B369 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 5.0.0.152, faulting module
kernel32.dll, version 5.1.2600.5512, fault address 0x00012aeb.

Error - 11/26/2010 2:48:09 PM | Computer Name = WEEZ-DBCAD9B369 | Source = Application Error | ID = 1000
Description = Faulting application gtaiv.exe, version 1.0.0.0, faulting module gtaiv.exe,
version 1.0.0.0, fault address 0x0052946e.

Error - 12/25/2010 3:13:49 PM | Computer Name = WEEZ-DBCAD9B369 | Source = Application Error | ID = 1000
Description = Faulting application sysdiag.exe, version 0.0.0.0, faulting module
shlwapi.dll, version 6.0.2900.5512, fault address 0x0000417e.

[ System Events ]
Error - 8/26/2011 12:44:51 PM | Computer Name = WEEZ-DBCAD9B369 | Source = Service Control Manager | ID = 7031
Description = The Eset Service service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 8/26/2011 12:44:51 PM | Computer Name = WEEZ-DBCAD9B369 | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Eset Service service, but
this action failed with the following error: %%1058

< End of report >

**ken545** · 2011-08-26, 19:59

All running ok ?

**trawa** · 2011-08-26, 20:07

Seems to be running fine... I guess if you don't see any other issues then it should be good. I guess if I do experience any symptoms then I'll come back, but as for right now... It's good. Thanks for the help! I really appreciate it.

**ken545** · 2011-08-26, 21:47

Great,

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

Malwarebytes is the free version and yours to keep and will not be removed

Keeping your Java updated is very important to the security of your system, info here on how to update
http://forums.spybot.info/showpost.p...80&postcount=2

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

**trawa** · 2011-08-27, 04:00

Thanks Ken, Keep up the good work. Much obliged.

**ken545** · 2011-08-27, 10:52

C:\Program Files\uTorrent

Just want to point out that your firewall is allowing access to the above program which means anything you download good or bad will be allowed in, this is most likely how you got infected. Knowing what I know and doing what I do I would never allow any programs of this type on any of my systems, you would be doing yourself a huge favor by uninstalling it and staying away from any type of File Sharing.

http://www.esecurityguy.com/p2p_file_sharing
http://www.fbi.gov/scams-safety/peertopeer
http://www.pbcomp.com.au/dangers-wit...-software.html
http://www.usatoday.com/tech/columni...ing-woes_x.htm
http://www.ttu.edu/safecomputing/lub...mended/p2p.php

Take care,

Ken

Thread: malware problems

Thread Tools

Display

Posting Permissions