OTL logfile created on: 17/10/2009 17:42:06 - Run 1 OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 509.98 Mb Total Physical Memory | 359.66 Mb Available Physical Memory | 70.52% Memory free 1.22 Gb Paging File | 1.15 Gb Available in Paging File | 93.98% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 37.25 Gb Total Space | 28.86 Gb Free Space | 77.48% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-QJH89Y24C4 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009/10/17 17:35:17 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL-log file checker.exe PRC - [2008/04/14 13:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\windows\explorer.exe [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/10/14 18:44:11 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Stopped]) SRV - [2008/04/14 13:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) SRV - [2002/01/29 14:33:14 | 00,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService [Auto | Stopped]) SRV - [2001/10/25 03:02:00 | 00,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2 [Auto | Stopped]) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: (736 bytes) - C:\windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [EPSON Stylus CX3200] C:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [igfxhkcmd] C:\windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\windows\System32\igfxtray.exe (Intel Corporation) O4 - HKCU..\Run: [Boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe () O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\ray\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\windows\System32\nwprovau.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 125 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/05/24 23:09:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found O35 - comfile [open] -- "%1" %* File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - Service key not found. File not found NetSvcs: Ias - Service key not found. File not found NetSvcs: Iprip - Service key not found. File not found NetSvcs: Irmon - Service key not found. File not found NetSvcs: NWCWorkstation - Service key not found. File not found NetSvcs: Nwsapagent - Service key not found. File not found NetSvcs: WmdmPmSp - Service key not found. File not found NetSvcs: helpsvc - C:\windows\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation) [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2009/10/11 18:00:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8 [2009/10/11 18:50:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage [2009/10/14 18:30:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG8 [2009/10/12 22:06:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Office Genuine Advantage [2009/10/11 18:00:28 | 00,000,000 | ---D | C] -- C:\Program Files\AVG [2009/10/17 17:32:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/10/17 17:35:14 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL-log file checker.exe [2009/10/17 17:32:26 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2009/10/17 17:32:24 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2009/10/17 17:32:05 | 04,045,536 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe [2009/10/17 17:28:17 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe [2009/10/17 17:16:29 | 00,000,000 | ---D | C] -- C:\windows\CSC [2009/10/14 21:56:54 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$ [2009/10/14 18:45:21 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll [2009/10/14 18:45:20 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys [2009/10/14 18:45:13 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys [2009/10/14 18:45:11 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys [2009/10/14 18:44:35 | 00,000,000 | ---D | C] -- C:\windows\System32\drivers\Avg [2009/10/14 18:15:34 | 00,000,000 | ---D | C] -- C:\windows\ie8updates [2009/10/14 18:12:17 | 00,000,000 | -H-D | C] -- C:\windows\ie8 [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\zh-TW [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\zh-HK [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\tr-TR [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\sv-SE [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\pt-BR [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\nl-NL [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\nb-NO [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\ko-KR [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\it-IT [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\he-IL [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\fr-FR [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\fi-FI [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\es-ES [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\el-GR [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\de-DE [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\da-DK [2009/10/11 17:46:57 | 00,000,000 | ---D | C] -- C:\windows\System32\ar-SA [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2009/10/17 17:35:17 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL-log file checker.exe [2009/10/17 17:32:28 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/17 17:32:05 | 04,045,536 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe [2009/10/17 17:28:18 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe [2009/10/17 17:16:46 | 00,013,646 | ---- | M] () -- C:\windows\System32\wpa.dbl [2009/10/17 17:16:21 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat [2009/10/17 17:08:41 | 00,000,236 | ---- | M] () -- C:\windows\tasks\OGALogon.job [2009/10/17 17:08:33 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2009/10/17 16:59:24 | 00,000,000 | ---- | M] () -- C:\boot.ini [2009/10/17 16:58:52 | 00,000,613 | ---- | M] () -- C:\windows\win.ini [2009/10/17 16:58:52 | 00,000,227 | ---- | M] () -- C:\windows\system.ini [2009/10/16 15:54:42 | 03,982,792 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2009/10/16 09:28:07 | 42,945,854 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm [2009/10/16 09:08:16 | 00,033,037 | ---- | M] () -- C:\windows\System32\drivers\Avg\microavi.avg [2009/10/14 22:00:08 | 00,001,393 | ---- | M] () -- C:\windows\imsins.BAK [2009/10/14 18:45:22 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk [2009/10/14 18:45:21 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\avgrsstx.dll [2009/10/14 18:45:20 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgtdix.sys [2009/10/14 18:45:13 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgldx86.sys [2009/10/14 18:45:11 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\System32\drivers\avgmfx86.sys [2009/10/14 18:44:41 | 00,492,629 | ---- | M] () -- C:\windows\System32\drivers\Avg\miniavi.avg [2009/10/14 18:44:39 | 06,061,540 | ---- | M] () -- C:\windows\System32\drivers\Avg\avi7.avg [2009/10/14 18:04:34 | 00,359,961 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Warning by Jenny Joseph-2nd copy.mht [2009/10/14 08:42:28 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Pond.doc [2009/10/14 08:41:44 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\blank.doc [2009/10/10 09:04:37 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\womens group members.doc [2009/10/10 07:59:45 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Alice Band news letter.doc [2009/10/10 07:00:50 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\~$blank.doc [2009/10/06 00:06:34 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\The Old Man.doc [2009/10/05 21:45:32 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\free lance gardiner.doc [color=#E56717]========== Files - No Company Name ==========[/color] [2009/10/17 17:32:28 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/10/14 18:45:22 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 8.5.lnk [2009/10/14 18:44:43 | 42,945,854 | ---- | C] () -- C:\windows\System32\drivers\Avg\incavi.avm [2009/10/14 18:44:41 | 00,033,037 | ---- | C] () -- C:\windows\System32\drivers\Avg\microavi.avg [2009/10/14 18:44:39 | 00,492,629 | ---- | C] () -- C:\windows\System32\drivers\Avg\miniavi.avg [2009/10/14 18:44:35 | 06,061,540 | ---- | C] () -- C:\windows\System32\drivers\Avg\avi7.avg [2009/10/14 18:04:32 | 00,359,961 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Warning by Jenny Joseph-2nd copy.mht [2009/10/14 08:42:28 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Pond.doc [2009/10/11 17:48:39 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Outlook Express.lnk [2009/10/11 17:46:58 | 00,000,236 | ---- | C] () -- C:\windows\tasks\OGALogon.job [2009/10/10 07:59:45 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Alice Band news letter.doc [2009/10/10 07:00:50 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\~$blank.doc [2009/10/05 23:50:32 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\The Old Man.doc [2009/10/05 09:07:20 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\free lance gardiner.doc [2009/08/03 15:07:42 | 00,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll [2009/05/01 16:05:37 | 00,010,536 | ---- | C] () -- C:\windows\System32\drivers\Hmonitor.sys [2009/03/27 16:20:00 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI [2009/01/18 16:57:46 | 00,290,919 | ---- | C] () -- C:\windows\System32\pythoncom21.dll [2009/01/18 16:57:46 | 00,057,344 | ---- | C] () -- C:\windows\System32\PyWinTypes21.dll [2009/01/18 16:55:50 | 00,096,768 | ---- | C] () -- C:\windows\SlantAdj.dll [2009/01/18 16:55:50 | 00,000,072 | R--- | C] () -- C:\windows\System32\epDPE.ini [2009/01/18 16:54:23 | 00,122,880 | ---- | C] () -- C:\windows\System32\EEBAPI.dll [2009/01/18 16:54:23 | 00,102,400 | ---- | C] () -- C:\windows\System32\EEBDSCVR.dll [2009/01/18 16:54:23 | 00,065,536 | ---- | C] () -- C:\windows\System32\EBAPI.dll [2008/10/16 23:16:33 | 00,106,496 | ---- | C] () -- C:\windows\System32\PixText.dll [2008/05/25 00:06:46 | 00,019,832 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2008/05/25 00:03:40 | 03,982,792 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2008/05/24 23:22:39 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/05/24 23:13:52 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini [2008/05/24 15:54:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2003/06/20 13:00:00 | 00,000,613 | ---- | C] () -- C:\windows\win.ini [2003/06/20 13:00:00 | 00,000,227 | ---- | C] () -- C:\windows\system.ini [2000/09/08 17:53:50 | 00,073,839 | ---- | C] () -- C:\windows\System32\KodakOneTouch.dll [color=#E56717]========== LOP Check ==========[/color] [2009/10/14 18:30:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data [2009/01/18 17:05:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ArcSoft [2008/10/16 23:04:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics [2009/07/16 10:57:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org1.9.79 [2009/03/27 15:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simply Super Software [2009/10/14 18:42:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data [2009/03/27 17:04:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier [2009/04/30 20:49:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2003/06/20 13:00:00 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini [2009/10/17 17:08:41 | 00,000,236 | ---- | M] () -- C:\windows\Tasks\OGALogon.job [2009/10/17 17:08:33 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< %systemroot%\system32\eventlog.dll >[/color] [2008/04/14 13:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\eventlog.dll [color=#A23BEC]< %systemroot%\system32\scecli.dll >[/color] [2008/04/14 13:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\windows\system32\scecli.dll [color=#A23BEC]< %systemroot%\netlogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\cngaudit.dll >[/color] [color=#A23BEC]< %systemroot%\system32\sceclt.dll >[/color] [color=#A23BEC]< %systemroot%\ntelogon.dll >[/color] [color=#A23BEC]< %systemroot%\system32\logevent.dll >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 < End of report >