Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Isass.exe in my Processes List

Started by pauleamonn , Oct 10 2010 08:00 AM

  • Please log in to reply

#1
pauleamonn
Posted 10 October 2010 - 08:00 AM

pauleamonn

    Member

  • Member
  • PipPip
  • 13 posts
HI

I was going through the list of processes running on my computer and found to have Isass.exe running in the list. On the site I was using to check up on the list it said it was indicative of the Optix pro trojan.

I have run all of the scans as recommended on the intro pages (logs below).

Can someone have a look at them for me please and tell me if this Isass is part of a trojan. Also, while one of the scans was running, I think it was the GMER Rootkit Scanner, it showed up a red entry and, at the end, said it had found something.

I'd really appreciate it if someone could look at it for me.

Many thanks

Regards

Paul Eamonn

========================================================================================================

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4787

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/10/2010 10:10:26
mbam-log-2010-10-10 (10-10-26).txt

Scan type: Quick scan
Objects scanned: 131966
Time elapsed: 10 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

======================================================================================================

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-10 14:22:36
Windows 5.1.2600 Service Pack 3
Running: sq29uutw.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kxpdrpob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[212] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 103FDDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2396] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] iwgqbnt <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\iwgqbnt@DisplayName Helper Shell
Reg HKLM\SYSTEM\CurrentControlSet\Services\iwgqbnt@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\iwgqbnt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\iwgqbnt@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\iwgqbnt@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\iwgqbnt@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\iwgqbnt@Description Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Reg HKLM\SYSTEM\CurrentControlSet\Services\iwgqbnt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\iwgqbnt\Parameters@ServiceDll C:\WINDOWS\system32\egdtmwer.dll
Reg HKLM\SYSTEM\ControlSet002\Services\iwgqbnt@DisplayName Helper Shell
Reg HKLM\SYSTEM\ControlSet002\Services\iwgqbnt@Type 32
Reg HKLM\SYSTEM\ControlSet002\Services\iwgqbnt@Start 2
Reg HKLM\SYSTEM\ControlSet002\Services\iwgqbnt@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\iwgqbnt@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet002\Services\iwgqbnt@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\Services\iwgqbnt@Description Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Reg HKLM\SYSTEM\ControlSet002\Services\iwgqbnt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\iwgqbnt\Parameters@ServiceDll C:\WINDOWS\system32\egdtmwer.dll
Reg HKLM\SYSTEM\ControlSet003\Services\iwgqbnt@DisplayName Helper Shell
Reg HKLM\SYSTEM\ControlSet003\Services\iwgqbnt@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\iwgqbnt@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\iwgqbnt@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\iwgqbnt@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\iwgqbnt@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\iwgqbnt@Description Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
Reg HKLM\SYSTEM\ControlSet003\Services\iwgqbnt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\iwgqbnt\Parameters@ServiceDll C:\WINDOWS\system32\egdtmwer.dll

---- EOF - GMER 1.0.15 ----

==========================================================================================================

OTL Extras logfile created on: 10/10/2010 14:27:50 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 494.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.47 Gb Free Space | 57.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER-88CCD6
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\COFFEE~1\COFFEE~1\coffee.exe" "%1" (CoffeeCup Software)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3913:TCP" = 3913:TCP:*:Enabled:thetntn
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_9_114_cnet(2).exe" = C:\Documents and Settings\Administrator\Desktop\avg_free_stb_all_9_114_cnet(2).exe:*:Enabled:avg_free_stb_all_9_114_cnet(2) -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\WINDOWS\system32\freecell.exe" = C:\WINDOWS\system32\freecell.exe:*:Enabled:FreeCell -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" = C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe:*:Enabled:Dr SpeedTouch -- File not found
"C:\WINDOWS\Temp\NavBrowser.exe" = C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser -- (Naviant, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{133CD5EF-A4A1-442a-8D50-910B5DEF76BD}" = 4200_Help
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{34611BCF-3157-405b-A34E-879C7DC79142}" = 4200
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{5DA7BC15-18D3-41A0-9F59-838DA3EAEF17}" = EPSON Easy Photo Print
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{68A2A8FC-2CA0-4b6c-BE09-CC7ABE2A8DDC}" = 4200Trb
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{76760473-CFF1-4A5B-91C7-CC148F087100}" = NetObjects Fusion 11.0
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{9391F2BC-B6F3-4AAC-82CC-5A74A4ED388E}" = EPSON Photo Print
"{9A0DCD97-9648-45ed-A52C-133C728AB2FF}" = 4200Tour
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A62892A7-9D90-4A58-8FFF-78FC5A2BC3C5}" = OpenOffice.org 3.2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}" = ABBYY FineReader 6.0
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"3ivx D4 4.5.1 Decoder" = 3ivx D4 4.5.1 Decoder (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Printer and Utilities" = EPSON Printer Software
"ERUNT_is1" = ERUNT 1.1j
"ESD68 User's Guide" = ESD68 User's Guide
"Full Marks Early Science" = Full Marks Early Science
"HP Photo & Imaging" = HP Image Zone 3.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"Interbank FX Trader 4" = Interbank FX Trader 4 Build 226
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"P3170P Reference Guide" = P3170P Reference Guide
"PROSet" = Intel® PRO Ethernet Adapter and Software
"QuickTime" = QuickTime
"Speccy" = Speccy
"The Journey to Wild Divine" = The Journey to Wild Divine
"Uninstall Presto! BizCard 4.1 Eng" = Presto! BizCard 4.1 Eng
"VLC media player" = VideoLAN VLC media player 0.8.6h
"WallpaperToy" = Wallpaper Changer for Windows XP
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"XnView_is1" = XnView 1.97.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/05/2010 10:21:48 | Computer Name = COMPUTER-88CCD6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 22/05/2010 10:21:54 | Computer Name = COMPUTER-88CCD6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 22/05/2010 10:21:54 | Computer Name = COMPUTER-88CCD6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 13/08/2010 04:48:53 | Computer Name = COMPUTER-88CCD6 | Source = Application Error | ID = 1005
Description = Windows cannot access the file D:\qt-mt310.dll for one of the following
reasons: there is a problem with the network connection, the disk that the file
is stored on, or the storage drivers installed on this computer; or the disk is
missing. Windows closed the program qt-mt310.dll because of this error. Program:
qt-mt310.dll File: D:\qt-mt310.dll The error value is listed in the Additional Data
section. User Action 1. Open the file again. This situation might be a temporary
problem that corrects itself when the program runs again. 2. If the file still cannot
be accessed and - It is on the network, your network administrator should verify
that there is not a problem with the network and that the server can be contacted.
-
It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the
disk is fully inserted into the computer. 3. Check and repair the file system by
running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click
OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem
persists, restore the file from a backup copy. 5. Determine whether other files
on the same disk can be opened. If not, the disk might be damaged. If it is a hard
disk, contact your administrator or computer hardware vendor for further assistance.
Additional
Data Error value: C0000240 Disk type: 5

Error - 13/08/2010 04:48:57 | Computer Name = COMPUTER-88CCD6 | Source = Application Error | ID = 1000
Description = Faulting application menu.exe, version 4.2.0.15, faulting module qt-mt310.dll,
version 0.0.0.0, fault address 0x000e2a66.

Error - 15/08/2010 03:31:09 | Computer Name = COMPUTER-88CCD6 | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 09/09/2010 11:12:33 | Computer Name = COMPUTER-88CCD6 | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 9.0.0.2717, faulting module
winword.exe, version 9.0.0.2717, fault address 0x0048495e.

Error - 13/09/2010 08:25:55 | Computer Name = COMPUTER-88CCD6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 13/09/2010 08:25:55 | Computer Name = COMPUTER-88CCD6 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 06/10/2010 05:55:45 | Computer Name = COMPUTER-88CCD6 | Source = MsiInstaller | ID = 11904
Description = Product: PhotoGallery -- Error 1904.Module C:\Program Files\Common
Files\HP\Memories Disc\2.0\LeadTools\LTStlImgRd.dll failed to register. HRESULT
. Contact your support personnel.

[ System Events ]
Error - 18/07/2010 02:44:11 | Computer Name = COMPUTER-88CCD6 | Source = Service Control Manager | ID = 7023
Description = The Helper Shell service terminated with the following error: %%126

Error - 19/07/2010 01:36:53 | Computer Name = COMPUTER-88CCD6 | Source = Service Control Manager | ID = 7023
Description = The Helper Shell service terminated with the following error: %%126

Error - 19/07/2010 12:54:23 | Computer Name = COMPUTER-88CCD6 | Source = Service Control Manager | ID = 7023
Description = The Helper Shell service terminated with the following error: %%126


< End of report >

=========================================================================================================

OTL logfile created on: 10/10/2010 14:27:50 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 494.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 21.47 Gb Free Space | 57.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER-88CCD6
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/10 14:26:06 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/10/06 10:36:22 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2010/10/05 14:47:40 | 002,067,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/09/26 16:24:50 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/18 18:19:35 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/18 18:19:33 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/17 08:43:10 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 08:43:05 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 08:42:58 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 08:42:56 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/01/25 05:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAAE.EXE
PRC - [2003/08/04 17:28:18 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe
PRC - [2002/12/18 19:12:26 | 000,110,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files\WallpaperToy\Wallpapertoy.Exe


========== Modules (SafeList) ==========

MOD - [2010/10/10 14:26:06 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/10/06 10:36:22 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2010/07/17 08:43:05 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2004/01/05 08:30:14 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/07/17 08:43:12 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 08:42:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/06 08:42:27 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 19:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0521

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/26 18:30:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/18 18:19:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/08 20:09:46 | 000,000,000 | ---D | M]

[2010/05/22 15:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/10/09 09:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5nb1zbqq.default\extensions
[2010/05/23 11:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5nb1zbqq.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/05/23 11:44:44 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5nb1zbqq.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/05/22 15:10:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/02 17:52:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/08/02 17:52:49 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/08/02 17:52:49 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/08/02 17:52:49 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PCTAVApp] C:\Program Files\PC Tools AntiVirus\PCTAV.exe File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe File not found
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe (Microsoft Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1274597423578 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1286609383984 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/12 14:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: iwgqbnt - C:\WINDOWS\System32\egdtmwer.dll File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec_dec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/10 14:26:05 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/10 09:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/10/10 09:55:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/10 09:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/10 09:55:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/10 09:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/10 09:53:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/10 09:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/10 06:34:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/10/08 20:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/08 20:09:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/10/08 16:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\WallpaperToy
[2010/10/08 16:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Desktop Pictures
[2010/10/08 09:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\CoffeeCup Software
[2010/10/08 09:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\CoffeeCup Software
[2010/10/08 09:49:34 | 000,233,472 | ---- | C] (Creative Development LTD) -- C:\WINDOWS\System32\Ilda32.dll
[2010/10/08 09:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\CoffeeCup Software
[2010/10/07 13:28:43 | 000,000,000 | ---D | C] -- C:\Program Files\Overland
[2010/10/07 10:26:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/10/06 22:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
[2010/10/06 22:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Help
[2010/10/06 14:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\HP
[2010/10/06 14:27:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2010/10/06 13:03:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/10/06 12:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2010/10/06 12:40:00 | 003,795,360 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\My Documents\rcsetup138.exe
[2010/10/06 10:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/10/06 10:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/10/06 10:52:46 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/10/06 10:52:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/10/06 10:52:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/10/06 10:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/10/06 10:39:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Smart Panel
[2010/10/06 10:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\NewSoft
[2010/10/06 10:36:22 | 000,039,936 | ---- | C] (C-Dilla Ltd) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
[2010/10/06 10:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ABBYY
[2010/10/06 10:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ABBYY
[2010/10/06 10:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY
[2010/10/06 10:35:08 | 000,708,696 | ---- | C] (Digital Creations 2) -- C:\WINDOWS\System32\python21.dll
[2010/10/06 10:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Python
[2010/10/06 10:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\Smart Panel
[2010/10/06 10:28:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2010/10/05 20:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Interbank FX Trader 4
[2010/10/04 11:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Elliott
[2010/10/04 10:55:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Rolls royce_files
[2010/09/29 20:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Milk of Paradise
[2010/09/29 20:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/09/28 19:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Unzipped
[2010/09/28 18:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Trans
[2010/09/28 09:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\Full Marks
[2010/09/27 18:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010/09/27 15:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/09/27 15:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2010/09/26 09:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedTouch
[2010/09/17 12:14:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ref=dp_olp_used_files
[2010/09/15 10:31:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\cpspecial_files
[2010/09/15 10:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/09/08 19:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/09/03 10:53:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\products_files
[2010/09/03 09:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Circle
[2010/07/17 08:43:09 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/16 07:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\IACCW
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/10 14:26:06 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/10/10 14:22:48 | 003,145,782 | -H-- | M] () -- C:\WINDOWS\System32\toyhide.bmp
[2010/10/10 11:40:29 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\sq29uutw.exe
[2010/10/10 11:26:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/10 11:25:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/10 11:24:52 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/10/10 11:24:52 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/10/10 10:11:26 | 004,839,930 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/10/10 09:55:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/10 09:52:10 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/10/10 09:24:55 | 065,837,306 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/10/10 09:06:24 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/10 09:06:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/10 09:06:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/10/10 06:53:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/10 06:35:42 | 000,000,394 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/10/09 09:36:16 | 001,632,326 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\untitled.bmp
[2010/10/09 08:59:09 | 000,001,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Paint (2).lnk
[2010/10/08 20:10:30 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/08 16:38:37 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Wallpaper Changer.lnk
[2010/10/08 11:18:19 | 001,632,326 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\meg's house.bmp
[2010/10/08 10:18:29 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Backup of WE NEED YOU!!!.wbk
[2010/10/08 09:46:44 | 027,042,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CoffeeFreeHTML9.5.exe
[2010/10/07 18:20:08 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SPACE RESERVED FOR VOLUNTEERS.doc
[2010/10/07 18:11:57 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Word (2).lnk
[2010/10/07 16:11:46 | 026,072,118 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\File0004.bmp
[2010/10/07 16:09:57 | 006,591,702 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\File0003.bmp
[2010/10/07 15:56:38 | 006,591,702 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\File0002.bmp
[2010/10/07 10:27:36 | 000,427,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/07 10:27:36 | 000,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/07 10:27:36 | 000,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/06 14:27:27 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/10/06 12:40:02 | 003,795,360 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\My Documents\rcsetup138.exe
[2010/10/06 11:03:09 | 000,029,134 | ---- | M] () -- C:\WINDOWS\hpoins03.dat
[2010/10/06 10:42:40 | 001,646,622 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\File0001.bmp
[2010/10/06 10:39:16 | 000,000,029 | ---- | M] () -- C:\WINDOWS\DEBUGSM.INI
[2010/10/06 10:37:36 | 000,001,629 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\P3170P Reference Guide.lnk
[2010/10/06 10:36:22 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
[2010/10/06 10:35:13 | 000,001,575 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Smart Panel.lnk
[2010/10/06 10:30:49 | 000,000,025 | ---- | M] () -- C:\WINDOWS\CDE P3170EIF.ini
[2010/10/05 20:43:25 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Interbank FX Trader 4.lnk
[2010/10/05 03:02:20 | 002,687,858 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DSC_0099.JPG
[2010/10/04 12:45:37 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hi Folks.doc
[2010/10/04 11:53:15 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Backup of Hi Folks.wbk
[2010/10/04 11:07:07 | 000,023,696 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/10/04 11:04:10 | 000,035,047 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HPIM0944.JPG
[2010/10/04 11:04:00 | 000,035,034 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HPIM0955.JPG
[2010/10/04 10:55:47 | 000,023,259 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Rolls royce.htm
[2010/09/29 19:30:33 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/09/28 09:19:32 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/27 15:13:30 | 000,001,907 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON File Manager.lnk
[2010/09/27 15:08:28 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ESD68 User's Guide.lnk
[2010/09/27 15:08:05 | 000,000,025 | ---- | M] () -- C:\WINDOWS\CDED68PE.ini
[2010/09/17 12:14:54 | 000,139,982 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ref=dp_olp_used.htm
[2010/09/16 13:26:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/15 10:31:13 | 000,067,921 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cpspecial.htm
[2010/09/14 09:03:25 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\List of Vitamins and Their Roles.doc
[2010/09/09 15:12:32 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Psychic Jokes.doc
[2010/09/03 10:53:39 | 000,018,273 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\products.html
[2010/08/17 18:46:13 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Backup of Spirit Message Board 9.wbk
[2010/08/16 12:01:33 | 000,012,798 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\List4.odt
[2010/08/16 11:38:35 | 000,016,468 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\List2.odt
[2010/08/15 18:37:43 | 000,015,349 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\List1.odt
[2010/08/15 11:30:20 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\FreeListA.doc
[2010/08/15 11:29:56 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ListD.doc
[2010/08/15 11:29:35 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ListC.doc
[2010/08/15 11:29:10 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ListB.doc
[2010/08/15 11:27:41 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ListA.doc
[2010/08/15 11:24:37 | 000,434,176 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\db1.mdb
[2010/08/15 11:14:23 | 000,016,099 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\List3.odt
[2010/08/15 11:03:50 | 000,016,754 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\FreeList.odt
[2010/08/15 10:32:03 | 000,012,300 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Play.odt
[2010/08/12 08:49:49 | 000,026,220 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\attachments_12_08_2010.zip
[2010/07/19 19:43:20 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ancient texts on Siddhis are wrong.doc
[2010/07/17 08:43:12 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 08:43:09 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 08:42:58 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/10 11:40:28 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\sq29uutw.exe
[2010/10/10 09:55:55 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/10 09:52:10 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/10/10 07:02:19 | 000,002,312 | ---- | C] () -- C:\Documents and Settings\Administrator\avgrep.txt
[2010/10/10 06:35:42 | 000,000,394 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/10/09 09:36:16 | 001,632,326 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\untitled.bmp
[2010/10/09 08:59:09 | 000,001,515 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Paint (2).lnk
[2010/10/08 20:10:29 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/08 16:39:37 | 003,145,782 | -H-- | C] () -- C:\WINDOWS\System32\toyhide.bmp
[2010/10/08 16:38:37 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Wallpaper Changer.lnk
[2010/10/08 11:18:19 | 001,632,326 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\meg's house.bmp
[2010/10/08 10:18:29 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Backup of WE NEED YOU!!!.wbk
[2010/10/08 09:45:59 | 027,042,224 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CoffeeFreeHTML9.5.exe
[2010/10/07 18:20:08 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SPACE RESERVED FOR VOLUNTEERS.doc
[2010/10/07 16:11:45 | 026,072,118 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\File0004.bmp
[2010/10/07 16:09:57 | 006,591,702 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\File0003.bmp
[2010/10/07 15:56:37 | 006,591,702 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\File0002.bmp
[2010/10/06 14:27:27 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/10/06 10:44:25 | 000,029,134 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2010/10/06 10:44:25 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/10/06 10:44:24 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2010/10/06 10:42:40 | 001,646,622 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\File0001.bmp
[2010/10/06 10:39:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/10/06 10:37:36 | 000,001,629 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\P3170P Reference Guide.lnk
[2010/10/06 10:37:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2010/10/06 10:35:13 | 000,001,575 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Smart Panel.lnk
[2010/10/06 10:35:08 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2010/10/06 10:35:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2010/10/06 10:32:50 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010/10/06 10:32:50 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2010/10/06 10:32:50 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2010/10/06 10:31:28 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\EsFw32.BIN
[2010/10/06 10:30:49 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE P3170EIF.ini
[2010/10/05 20:43:25 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Interbank FX Trader 4.lnk
[2010/10/05 14:48:24 | 002,687,858 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DSC_0099.JPG
[2010/10/04 11:53:14 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Backup of Hi Folks.wbk
[2010/10/04 11:53:14 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hi Folks.doc
[2010/10/04 11:04:09 | 000,035,047 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HPIM0944.JPG
[2010/10/04 11:03:59 | 000,035,034 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HPIM0955.JPG
[2010/10/04 10:55:44 | 000,023,259 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Rolls royce.htm
[2010/09/27 15:13:30 | 000,001,907 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON File Manager.lnk
[2010/09/27 15:08:49 | 000,086,214 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010/09/27 15:08:49 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010/09/27 15:08:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010/09/27 15:08:49 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010/09/27 15:08:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010/09/27 15:08:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010/09/27 15:08:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010/09/27 15:08:49 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010/09/27 15:08:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010/09/27 15:08:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010/09/27 15:08:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010/09/27 15:08:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010/09/27 15:08:48 | 000,013,732 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2010/09/27 15:08:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010/09/27 15:08:48 | 000,006,442 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_IT.cfg
[2010/09/27 15:08:48 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2010/09/27 15:08:48 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2010/09/27 15:08:48 | 000,006,335 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_GE.cfg
[2010/09/27 15:08:48 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2010/09/27 15:08:48 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2010/09/27 15:08:48 | 000,006,122 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_DU.cfg
[2010/09/27 15:08:48 | 000,006,103 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2010/09/27 15:08:48 | 000,005,817 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_KO.cfg
[2010/09/27 15:08:48 | 000,005,436 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_SC.cfg
[2010/09/27 15:08:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010/09/27 15:08:48 | 000,002,889 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_RU.cfg
[2010/09/27 15:08:48 | 000,002,426 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_TC.cfg
[2010/09/27 15:08:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010/09/27 15:08:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010/09/27 15:08:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010/09/27 15:08:28 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ESD68 User's Guide.lnk
[2010/09/27 15:08:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDED68PE.ini
[2010/09/17 12:14:51 | 000,139,982 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ref=dp_olp_used.htm
[2010/09/15 10:31:11 | 000,067,921 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cpspecial.htm
[2010/09/14 09:03:25 | 000,044,544 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\List of Vitamins and Their Roles.doc
[2010/09/09 15:12:32 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Psychic Jokes.doc
[2010/09/03 10:53:37 | 000,018,273 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\products.html
[2010/08/17 18:46:12 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Backup of Spirit Message Board 9.wbk
[2010/08/15 11:30:18 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\FreeListA.doc
[2010/08/15 11:29:55 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ListD.doc
[2010/08/15 11:29:33 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ListC.doc
[2010/08/15 11:29:08 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ListB.doc
[2010/08/15 11:27:39 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ListA.doc
[2010/08/15 10:32:02 | 000,012,300 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Play.odt
[2010/08/15 10:17:05 | 000,016,754 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\FreeList.odt
[2010/08/15 10:16:18 | 000,012,798 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\List4.odt
[2010/08/15 10:00:38 | 000,016,099 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\List3.odt
[2010/08/15 09:52:29 | 000,016,468 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\List2.odt
[2010/08/15 09:30:59 | 000,015,349 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\List1.odt
[2010/08/15 08:31:25 | 000,434,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\db1.mdb
[2010/08/12 08:49:47 | 000,026,220 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\attachments_12_08_2010.zip
[2010/07/19 19:43:19 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ancient texts on Siddhis are wrong.doc
[2010/07/19 19:12:36 | 000,002,473 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Word (2).lnk
[2010/05/23 10:52:05 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2010/03/12 15:10:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/27 13:13:02 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib_dec.dll
[2004/01/05 08:30:18 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[1999/01/22 15:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2010/10/08 09:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoffeeCup Software
[2010/10/06 10:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2010/06/01 07:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2010/10/06 10:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smart Panel
[2010/09/27 14:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\XnView
[2010/05/23 07:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/22 15:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/27 15:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/05/23 12:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/03/12 14:13:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/10/10 09:06:24 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/03/12 14:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2001/09/05 22:00:58 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\gdiplus.dll
[2010/03/12 14:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/12 14:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/23 09:06:35 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/10 11:25:47 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/03/12 13:58:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/12 13:58:35 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/12 13:58:35 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-08 20:34:19

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP