Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

slow pc shuts down itself & sometimes restart issues

Started by EKAT , May 09 2011 05:13 AM

  • Please log in to reply

#1
EKAT
Posted 09 May 2011 - 05:13 AM

EKAT

    New Member

  • Member
  • Pip
  • 1 posts
Pc acts slow thought have a lot of memory installed... pc also shuts down by itself automatically whilst i use it -
additionally when restarting pc sometimes won't boot up the first time takes several times to boot...

I have used spybot seach and destroy but still pc acts this way...





OTL logfile created on: 5/9/2011 2:08:01 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\design\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 5.24 Gb Free Space | 17.88% Space Free | Partition Type: NTFS
Drive D: | 24.41 Gb Total Space | 1.11 Gb Free Space | 4.54% Space Free | Partition Type: NTFS
Drive E: | 244.37 Gb Total Space | 14.53 Gb Free Space | 5.94% Space Free | Partition Type: NTFS

Computer Name: ETICO-09 | User Name: design | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/09 13:48:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\design\Desktop\OTL.exe
PRC - [2011/05/09 13:21:12 | 000,284,880 | ---- | M] () -- C:\WINDOWS\Temp\GuardGuard.exe
PRC - [2011/05/06 22:21:41 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/04/11 17:35:01 | 001,472,720 | ---- | M] () -- C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe
PRC - [2011/03/29 11:51:30 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/01/25 08:45:24 | 000,124,880 | ---- | M] (KeenHigh Tech.) -- C:\Program Files\Philips\GoGear SA3MXX Device Manager\main.exe
PRC - [2010/11/17 16:53:27 | 001,728,512 | ---- | M] () -- C:\Program Files\Chaos Group\V-Ray\3dsmax 2009 for x86\vrlservice.exe
PRC - [2010/11/17 16:53:27 | 000,135,168 | ---- | M] () -- C:\Program Files\Chaos Group\V-Ray\3dsmax 2009 for x86\startvrlservice.exe
PRC - [2010/11/04 22:04:18 | 006,174,008 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2010/10/29 13:25:04 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010/07/12 19:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/01/15 15:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/12 11:14:40 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/11/08 17:11:10 | 001,238,344 | ---- | M] (Famatech International Corp.) -- C:\WINDOWS\system32\rserver30\rserver3.exe
PRC - [2008/11/08 17:10:54 | 000,124,232 | ---- | M] (Famatech International Corp.) -- C:\WINDOWS\system32\rserver30\FamItrfc.Exe
PRC - [2008/11/06 16:42:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/03/10 01:04:52 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
PRC - [2007/05/10 23:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/09/29 23:48:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe


========== Modules (SafeList) ==========

MOD - [2011/05/09 13:48:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\design\Desktop\OTL.exe
MOD - [2010/08/23 19:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/04/11 17:35:01 | 001,472,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe -- (Guard.Mail.ru)
SRV - [2010/11/17 16:53:27 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\Program Files\Chaos Group\V-Ray\3dsmax 2009 for x86\startvrlservice.exe -- (VRLService)
SRV - [2010/01/15 15:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/02/12 11:14:40 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/12/19 10:15:40 | 000,078,536 | ---- | M] (Macrovision ) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe -- (InstallShield Licensing Service)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/08 17:11:10 | 001,238,344 | ---- | M] (Famatech International Corp.) [Auto | Running] -- C:\WINDOWS\System32\rserver30\RServer3.exe -- (RServer3)
SRV - [2008/11/06 16:42:48 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/03/10 01:04:52 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32)
SRV - [2006/09/29 23:48:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe -- (mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit)


========== Driver Services (SafeList) ==========

DRV - [2010/11/01 13:13:21 | 000,083,456 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\rhbeqore.sys -- (rhbeqore)
DRV - [2010/03/09 16:36:18 | 000,080,680 | ---- | M] (Fuzhou Rockchip Electronics Co,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rockusb.sys -- (rockusb)
DRV - [2009/05/07 13:21:22 | 000,018,112 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NTGDT.SYS -- (NTGDT)
DRV - [2009/05/07 13:17:11 | 000,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4.sys -- (ROCKEYNT)
DRV - [2008/10/31 18:53:58 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/24 08:49:26 | 000,045,848 | ---- | M] (Famatech International Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\rserver30\raddrvv3.sys -- (raddrvv3)
DRV - [2008/04/17 17:33:26 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/03 16:31:40 | 000,102,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/08/30 04:41:00 | 000,036,864 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2006/11/01 06:01:56 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rminiv3.sys -- (mirrorv3)
DRV - [2006/02/26 18:02:49 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/04/30 10:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\a348bus.sys -- (a348bus)
DRV - [2004/04/30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\a348scsi.sys -- (a348scsi)
DRV - [2001/08/18 00:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.yahoo.com [binary data]
IE - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...CRufSi_OiO4DZkA
IE - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
IE - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....ch?fr=ffsp1&p="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.mail.ru/cnt/7829"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6483
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: [email protected]:5.0.3
FF - prefs.js..keyword.URL: "http://search.yahoo....ch?fr=ffds1&p="


[2008/11/07 10:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\design\Application Data\Mozilla\Extensions
[2011/02/04 15:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\design\Application Data\Mozilla\Firefox\Profiles\79oxrwit.default\extensions
[2010/09/17 15:01:59 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Documents and Settings\design\Application Data\Mozilla\Firefox\Profiles\79oxrwit.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/02/04 15:36:43 | 000,000,000 | ---D | M] (Спутник @Mail.Ru) -- C:\Documents and Settings\design\Application Data\Mozilla\Firefox\Profiles\79oxrwit.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2010/10/23 17:22:21 | 000,000,000 | ---D | M] (MyPlayCity.Бар) -- C:\Documents and Settings\design\Application Data\Mozilla\Firefox\Profiles\79oxrwit.default\extensions\[email protected]
[2010/10/23 17:22:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\design\Application Data\Mozilla\Firefox\Profiles\79oxrwit.default\extensions\[email protected]\chrome\skin\extensions-hacks
[2010/09/17 15:02:03 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\design\Application Data\Mozilla\Firefox\Profiles\79oxrwit.default\searchplugins\winamp-search.xml
[2010/11/01 10:38:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/24 10:04:52 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2007/02/20 17:04:02 | 002,463,976 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2010/07/12 19:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/05/04 14:09:25 | 000,433,959 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14935 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - File not found
O3 - HKLM\..\Toolbar: (MyPlayCity.Бар) - {EDF7BDB3-F1D6-4b9f-8E93-742A4D9443FC} - C:\Program Files\MyPlayCity\MyPlayCityBarIE\MyPlayCityBar.dll (MyPlayCity.ru)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (MyPlayCity.Бар) - {EDF7BDB3-F1D6-4b9f-8E93-742A4D9443FC} - C:\Program Files\MyPlayCity\MyPlayCityBarIE\MyPlayCityBar.dll (MyPlayCity.ru)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (MyPlayCity.Бар) - {EDF7BDB3-F1D6-4b9f-8E93-742A4D9443FC} - C:\Program Files\MyPlayCity\MyPlayCityBarIE\MyPlayCityBar.dll (MyPlayCity.ru)
O3 - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - File not found
O3 - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - File not found
O3 - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158\..\Toolbar\WebBrowser: (MyPlayCity.Бар) - {EDF7BDB3-F1D6-4b9f-8E93-742A4D9443FC} - C:\Program Files\MyPlayCity\MyPlayCityBarIE\MyPlayCityBar.dll (MyPlayCity.ru)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] E:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [quojapo] File not found
O4 - HKLM..\Run: [Regedit32] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158..\Run: [MSConfig] File not found
O4 - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158..\Run: [MsnMsgr] File not found
O4 - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158..\Run: [quojapo] File not found
O4 - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] File not found
O4 - HKLM..\RunServices: [quojapo] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips Менеджер устройства.lnk = C:\Program Files\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: userini = C:\WINDOWS\system32\userini.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = etico.local
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2987552624-3379121897-3228800612-1158 Winlogon: Shell - (C:\Documents and Settings\design\ctfmon.exe) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\design\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\design\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/01 05:22:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bc9b65e2-f54d-11de-9022-001d92625694}\Shell - "" = AutoRun
O33 - MountPoints2\{bc9b65e2-f54d-11de-9022-001d92625694}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bc9b65e2-f54d-11de-9022-001d92625694}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/09 13:48:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\design\Desktop\OTL.exe
[2011/05/04 18:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Philips
[2011/05/04 14:18:35 | 000,000,000 | ---D | C] -- C:\Program Files\Philips
[2011/05/04 14:18:28 | 000,080,680 | ---- | C] (Fuzhou Rockchip Electronics Co,Ltd.) -- C:\WINDOWS\System32\drivers\rockusb.sys
[2011/05/04 14:18:24 | 000,000,000 | ---D | C] -- C:\temp
[2011/05/02 19:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/02 19:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/02 19:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/04/13 17:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\design\Desktop\vivien
[2011/04/12 13:54:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\design\Desktop\carol lombard
[2011/04/10 16:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Guard.Mail.Ru
[2011/04/09 14:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\design\Desktop\foto dneara
[2009/01/12 19:13:56 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a348bus.sys
[2009/01/12 19:13:56 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a348scsi.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/09 13:48:15 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\design\Desktop\OTL.exe
[2011/05/09 13:29:23 | 000,000,956 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/09 13:24:39 | 000,001,736 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\common.data
[2011/05/09 13:21:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/09 13:21:02 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/09 13:20:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/07 21:28:43 | 000,001,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/05/06 21:47:15 | 000,327,341 | ---- | M] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 26.png
[2011/05/06 21:45:40 | 000,359,066 | ---- | M] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 24.png
[2011/05/06 21:38:52 | 000,359,833 | ---- | M] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 23.png
[2011/05/06 21:38:04 | 000,361,199 | ---- | M] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 22.png
[2011/05/04 18:03:03 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips Менеджер устройства.lnk
[2011/05/04 18:03:03 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Philips Менеджер устройства.lnk
[2011/05/04 14:09:25 | 000,433,959 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/03 09:14:36 | 000,722,554 | ---- | M] () -- C:\Documents and Settings\design\Desktop\Мое фото 3.png
[2011/05/02 21:25:32 | 000,006,006 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/02 19:11:03 | 000,000,952 | ---- | M] () -- C:\Documents and Settings\design\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/02 19:11:03 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\design\Desktop\Spybot - Search & Destroy.lnk
[2011/04/30 21:35:44 | 000,092,378 | ---- | M] () -- C:\Documents and Settings\design\Desktop\1302674821.566635_52.jpg
[2011/04/30 21:19:28 | 000,025,841 | ---- | M] () -- C:\Documents and Settings\design\Desktop\1301470493.076443_7.jpg
[2011/04/30 20:11:28 | 000,020,673 | ---- | M] () -- C:\Documents and Settings\design\Desktop\222157_160275974032192_100001493723284_355596_2628441_n.jpg
[2011/04/30 15:07:19 | 000,150,420 | ---- | M] () -- C:\Documents and Settings\design\Desktop\starface_160186.jpg
[2011/04/29 21:14:27 | 000,044,929 | ---- | M] () -- C:\Documents and Settings\design\Desktop\Paris+Fashion+Week+Alexander+McQueen+Spring+UR-vuD1-_c-l.jpg
[2011/04/29 20:57:11 | 000,089,333 | ---- | M] () -- C:\Documents and Settings\design\Desktop\alexander-mcqueen-fall-2010-06.jpg
[2011/04/29 20:56:46 | 000,086,513 | ---- | M] () -- C:\Documents and Settings\design\Desktop\alexander-mcqueen-fall-2010-05.jpg
[2011/04/29 20:56:32 | 000,103,428 | ---- | M] () -- C:\Documents and Settings\design\Desktop\alexander-mcqueen-fall-2010-03.jpg
[2011/04/29 20:55:56 | 000,097,193 | ---- | M] () -- C:\Documents and Settings\design\Desktop\alexander-mcqueen-fall-2010-01.jpg
[2011/04/29 20:55:36 | 000,100,392 | ---- | M] () -- C:\Documents and Settings\design\Desktop\alexander-mcqueen-fall-2010-08.jpg
[2011/04/28 21:40:28 | 000,054,332 | ---- | M] () -- C:\Documents and Settings\design\My Documents\164879_10150348619085434_514540433_16528552_2675008_n.jpg
[2011/04/28 21:40:26 | 000,307,414 | ---- | M] () -- C:\Documents and Settings\design\My Documents\106.jpg
[2011/04/28 21:35:45 | 000,123,876 | ---- | M] () -- C:\Documents and Settings\design\Desktop\gal1c copy.jpg
[2011/04/28 21:04:28 | 000,306,003 | ---- | M] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 72.png
[2011/04/28 21:03:12 | 000,118,174 | ---- | M] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 95.png
[2011/04/28 21:01:02 | 000,117,585 | ---- | M] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 96.png
[2011/04/28 18:26:27 | 001,003,306 | ---- | M] () -- C:\Documents and Settings\design\Desktop\232 014.JPG
[2011/04/28 18:26:17 | 001,073,653 | ---- | M] () -- C:\Documents and Settings\design\Desktop\232 018.JPG
[2011/04/28 18:26:16 | 000,985,984 | ---- | M] () -- C:\Documents and Settings\design\Desktop\232 015.JPG
[2011/04/28 18:26:00 | 000,993,373 | ---- | M] () -- C:\Documents and Settings\design\Desktop\232 016.JPG
[2011/04/28 18:25:49 | 000,853,314 | ---- | M] () -- C:\Documents and Settings\design\Desktop\232 012.JPG
[2011/04/28 18:25:40 | 000,911,870 | ---- | M] () -- C:\Documents and Settings\design\Desktop\232 011.JPG
[2011/04/28 18:25:37 | 000,855,459 | ---- | M] () -- C:\Documents and Settings\design\Desktop\232 013.JPG
[2011/04/28 18:25:30 | 000,899,878 | ---- | M] () -- C:\Documents and Settings\design\Desktop\232 010.JPG
[2011/04/28 18:24:25 | 000,649,868 | ---- | M] () -- C:\Documents and Settings\design\Desktop\232 009.JPG
[2011/04/28 18:24:03 | 000,658,732 | ---- | M] () -- C:\Documents and Settings\design\Desktop\232 007.JPG
[2011/04/28 18:22:21 | 000,633,537 | ---- | M] () -- C:\Documents and Settings\design\Desktop\232 017.JPG
[2011/04/28 15:59:46 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\design\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/27 17:10:39 | 031,971,908 | ---- | M] () -- C:\Documents and Settings\design\Desktop\200 kg.MPG
[2011/04/25 13:01:56 | 000,034,240 | ---- | M] () -- C:\Documents and Settings\design\Desktop\stilet_nails1.jpg
[2011/04/22 16:06:38 | 000,216,309 | ---- | M] () -- C:\Documents and Settings\design\Desktop\christina-aguilera.jpg
[2011/04/22 11:34:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/15 14:01:01 | 002,331,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/15 10:34:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/15 10:33:06 | 000,444,144 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/15 10:33:06 | 000,072,402 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/14 22:07:54 | 000,642,576 | ---- | M] () -- C:\Documents and Settings\design\Desktop\gal1 copy.jpg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/06 21:47:11 | 000,327,341 | ---- | C] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 26.png
[2011/05/06 21:45:34 | 000,359,066 | ---- | C] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 24.png
[2011/05/06 21:38:49 | 000,359,833 | ---- | C] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 23.png
[2011/05/06 21:37:55 | 000,361,199 | ---- | C] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 22.png
[2011/05/04 18:03:03 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips Менеджер устройства.lnk
[2011/05/04 18:03:03 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Philips Менеджер устройства.lnk
[2011/05/04 14:18:27 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
[2011/05/03 09:14:36 | 000,722,554 | ---- | C] () -- C:\Documents and Settings\design\Desktop\Мое фото 3.png
[2011/05/02 21:24:59 | 000,006,006 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/02 19:11:03 | 000,000,952 | ---- | C] () -- C:\Documents and Settings\design\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/02 19:11:03 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\design\Desktop\Spybot - Search & Destroy.lnk
[2011/04/30 21:35:45 | 000,092,378 | ---- | C] () -- C:\Documents and Settings\design\Desktop\1302674821.566635_52.jpg
[2011/04/30 21:19:30 | 000,025,841 | ---- | C] () -- C:\Documents and Settings\design\Desktop\1301470493.076443_7.jpg
[2011/04/30 20:11:22 | 000,020,673 | ---- | C] () -- C:\Documents and Settings\design\Desktop\222157_160275974032192_100001493723284_355596_2628441_n.jpg
[2011/04/30 15:07:21 | 000,150,420 | ---- | C] () -- C:\Documents and Settings\design\Desktop\starface_160186.jpg
[2011/04/29 21:14:29 | 000,044,929 | ---- | C] () -- C:\Documents and Settings\design\Desktop\Paris+Fashion+Week+Alexander+McQueen+Spring+UR-vuD1-_c-l.jpg
[2011/04/29 20:57:12 | 000,089,333 | ---- | C] () -- C:\Documents and Settings\design\Desktop\alexander-mcqueen-fall-2010-06.jpg
[2011/04/29 20:56:47 | 000,086,513 | ---- | C] () -- C:\Documents and Settings\design\Desktop\alexander-mcqueen-fall-2010-05.jpg
[2011/04/29 20:56:33 | 000,103,428 | ---- | C] () -- C:\Documents and Settings\design\Desktop\alexander-mcqueen-fall-2010-03.jpg
[2011/04/29 20:55:57 | 000,097,193 | ---- | C] () -- C:\Documents and Settings\design\Desktop\alexander-mcqueen-fall-2010-01.jpg
[2011/04/29 20:55:38 | 000,100,392 | ---- | C] () -- C:\Documents and Settings\design\Desktop\alexander-mcqueen-fall-2010-08.jpg
[2011/04/28 21:40:27 | 000,054,332 | ---- | C] () -- C:\Documents and Settings\design\My Documents\164879_10150348619085434_514540433_16528552_2675008_n.jpg
[2011/04/28 21:40:22 | 000,307,414 | ---- | C] () -- C:\Documents and Settings\design\My Documents\106.jpg
[2011/04/28 21:35:42 | 000,123,876 | ---- | C] () -- C:\Documents and Settings\design\Desktop\gal1c copy.jpg
[2011/04/28 21:04:24 | 000,306,003 | ---- | C] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 72.png
[2011/04/28 21:03:10 | 000,118,174 | ---- | C] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 95.png
[2011/04/28 21:00:59 | 000,117,585 | ---- | C] () -- C:\Documents and Settings\design\Desktop\Video call snapshot 96.png
[2011/04/28 18:18:53 | 001,073,653 | ---- | C] () -- C:\Documents and Settings\design\Desktop\232 018.JPG
[2011/04/28 18:18:53 | 001,003,306 | ---- | C] () -- C:\Documents and Settings\design\Desktop\232 014.JPG
[2011/04/28 18:18:53 | 000,993,373 | ---- | C] () -- C:\Documents and Settings\design\Desktop\232 016.JPG
[2011/04/28 18:18:53 | 000,985,984 | ---- | C] () -- C:\Documents and Settings\design\Desktop\232 015.JPG
[2011/04/28 18:18:53 | 000,911,870 | ---- | C] () -- C:\Documents and Settings\design\Desktop\232 011.JPG
[2011/04/28 18:18:53 | 000,899,878 | ---- | C] () -- C:\Documents and Settings\design\Desktop\232 010.JPG
[2011/04/28 18:18:53 | 000,855,459 | ---- | C] () -- C:\Documents and Settings\design\Desktop\232 013.JPG
[2011/04/28 18:18:53 | 000,853,314 | ---- | C] () -- C:\Documents and Settings\design\Desktop\232 012.JPG
[2011/04/28 18:18:53 | 000,658,732 | ---- | C] () -- C:\Documents and Settings\design\Desktop\232 007.JPG
[2011/04/28 18:18:53 | 000,649,868 | ---- | C] () -- C:\Documents and Settings\design\Desktop\232 009.JPG
[2011/04/28 18:18:53 | 000,633,537 | ---- | C] () -- C:\Documents and Settings\design\Desktop\232 017.JPG
[2011/04/27 17:07:16 | 031,971,908 | ---- | C] () -- C:\Documents and Settings\design\Desktop\200 kg.MPG
[2011/04/25 13:01:58 | 000,034,240 | ---- | C] () -- C:\Documents and Settings\design\Desktop\stilet_nails1.jpg
[2011/04/22 16:06:38 | 000,216,309 | ---- | C] () -- C:\Documents and Settings\design\Desktop\christina-aguilera.jpg
[2011/04/14 22:07:47 | 000,642,576 | ---- | C] () -- C:\Documents and Settings\design\Desktop\gal1 copy.jpg
[2010/11/01 13:13:20 | 000,083,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\rhbeqore.sys
[2010/10/29 18:26:32 | 000,302,080 | ---- | C] () -- C:\WINDOWS\4C022957.exe
[2010/10/28 12:16:25 | 000,001,736 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\common.data
[2010/10/28 12:16:22 | 000,000,012 | ---- | C] () -- C:\WINDOWS\System32\crt.dat
[2010/10/28 12:16:21 | 000,296,874 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2010/09/17 15:07:26 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/10 14:46:53 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\VideoConverter_sysquict.dat
[2009/06/10 13:56:11 | 005,206,016 | ---- | C] () -- C:\WINDOWS\System32\mkl_genarts.dll
[2009/06/10 13:56:07 | 000,000,098 | ---- | C] () -- C:\WINDOWS\MSUTIL.INI
[2009/05/07 13:17:11 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\Ry4CoInst.dll
[2009/03/27 15:54:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2009/03/13 15:23:43 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/13 15:23:42 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/03/13 15:23:37 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/13 15:23:36 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/03/13 15:23:36 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/25 12:48:31 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/19 11:54:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/11/14 11:00:41 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\design\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/07 10:46:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/03 23:38:27 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\SLEEP.EXE
[2008/11/03 23:38:27 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\hidcon.exe
[2008/11/01 05:39:36 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/11/01 05:39:35 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/11/01 05:39:34 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/11/01 05:39:34 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/11/01 05:39:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/01 05:39:33 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/11/01 05:39:33 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/11/01 05:39:32 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/11/01 05:39:22 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/11/01 05:24:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/01 05:20:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/31 21:11:35 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/31 21:10:33 | 002,331,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/31 20:04:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/31 18:44:13 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/04/14 06:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007/08/07 20:22:22 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 10:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 10:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/27 17:13:51 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2007/06/08 09:10:38 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\LS3Renderer.dll
[2007/01/31 10:07:38 | 000,018,112 | R--- | C] () -- C:\WINDOWS\System32\drivers\NTGDT.SYS
[2007/01/10 18:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006/12/31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 15:00:00 | 000,444,144 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 15:00:00 | 000,072,402 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/01 12:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/11/03 09:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/11/03 10:17:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/04/11 17:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guard.Mail.Ru
[2009/03/16 15:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
[2010/12/30 11:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/09 16:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\design\Application Data\ACD Systems
[2009/02/12 11:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\design\Application Data\Autodesk
[2009/11/09 12:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\design\Application Data\e-on software
[2009/03/02 12:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\design\Application Data\ICQ
[2011/02/04 15:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\design\Application Data\Mail.Ru
[2010/09/17 15:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\design\Application Data\Opera
[2009/05/07 14:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\design\Application Data\RecoveryFix for Windows
[2010/10/24 22:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\design\Application Data\Thinstall
[2011/05/09 14:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\design\Application Data\uTorrent
[2010/10/23 17:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\design\Application Data\Yandex
[2011/02/04 15:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\{DCD48218-E972-4d0c-9E5F-43462BC13E3B}
[2009/01/08 19:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\simon\Application Data\ICQ

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 597330 bytes -> C:\WINDOWS\Temp:temp

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP