OTL logfile created on: 11/11/2009 5:56:34 PM - Run 5
OTL by OldTimer - Version 3.0.22.1     Folder = C:\Documents and Settings\Betty Mc Niel\Desktop\Virus Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.36% Memory free
3.85 Gb Paging File | 3.06 Gb Available in Paging File | 79.39% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 467.51 Gb Total Space | 440.25 Gb Free Space | 94.17% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 465.64 Gb Total Space | 221.07 Gb Free Space | 47.48% Space Free | Partition Type: NTFS
 
Computer Name: ADB10-05
Current User Name: bettym
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2009/10/30 08:57:05 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty Mc Niel\Desktop\Virus Programs\OTL.exe
PRC - [2009/07/31 14:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/15 09:35:18 | 00,054,712 | ---- | M] (Abacast, Inc.) -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/05 15:07:20 | 02,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/02 18:07:18 | 00,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil10b.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/27 10:30:06 | 00,624,056 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
PRC - [2008/07/27 10:28:22 | 02,238,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/07/27 09:40:04 | 01,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/07/27 09:40:02 | 02,479,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2008/02/01 01:25:38 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 01:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/01/11 18:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/09/29 02:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/08/11 20:05:27 | 00,558,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2007/05/03 10:04:07 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/03/09 10:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/09/08 11:21:18 | 02,543,616 | ---- | M] (Software602 a.s.) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\PrnPack.exe
PRC - [2005/11/15 19:44:14 | 01,200,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2005/11/15 19:42:22 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/10/20 09:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe
PRC - [2005/06/10 01:21:01 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2005/04/12 10:15:04 | 00,869,376 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/04/12 01:15:29 | 01,383,936 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004/06/30 16:59:24 | 00,724,992 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
PRC - [2004/05/15 21:10:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2003/08/01 18:28:24 | 00,474,624 | ---- | M] (Constantin Kaplinsky) -- C:\Program Files\TightVNC\WinVNC.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2000/06/01 08:41:08 | 00,090,112 | ---- | M] () -- C:\ivupdate\IVM.exe
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found --  -- (Smcinst [Auto | Stopped])
SRV - [2009/07/31 14:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/06/05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/27 10:28:22 | 02,238,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2008/07/27 09:40:02 | 02,479,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/06/30 04:46:26 | 00,296,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC [On_Demand | Stopped])
SRV - [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/19 17:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2008/02/01 01:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/02/01 01:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2007/09/29 02:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/08/11 20:05:27 | 03,093,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/08/11 20:05:27 | 00,558,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2007/05/03 10:04:07 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2005/11/14 00:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/10/20 09:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe -- (QuickBooksDB [Auto | Running])
SRV - [2005/04/12 10:15:04 | 00,869,376 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR [Auto | Stopped])
SRV - [2005/04/12 10:15:04 | 00,869,376 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2004/05/15 21:10:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2003/08/01 18:28:24 | 00,474,624 | ---- | M] (Constantin Kaplinsky) -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2009/10/30 08:57:05 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty Mc Niel\Desktop\Virus Programs\OTL.exe
MOD - [2008/07/27 09:40:56 | 00,357,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SYSFER.DLL
MOD - [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/09 12:20:28 | 00,000,000 | ---D | M]
 
 
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PrintPack dispatcher] C:\WINDOWS\System32\spool\drivers\w32x86\3\PrnPack.exe (Software602 a.s.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck]  File not found
O4 - HKLM..\Run: [WinVNC] C:\Program Files\TightVNC\WinVNC.exe (Constantin Kaplinsky)
O4 - HKCU..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe (Abacast, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe (Integrated Technology Express, Inc.)
O4 - Startup: C:\Documents and Settings\Betty Mc Niel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Betty Mc Niel\Start Menu\Programs\Startup\IVM.lnk = C:\ivupdate\IVM.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\spool\drivers\w32x86\3\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\spool\drivers\w32x86\3\Print602.dll (Software602 a.s.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\System32\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\System32\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://content10.ilinc.com/download/AXCltInstall.dll (ILINCInstall102 Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://gowithcrm.iosourcing.com/Citrix/ICAWEB/en/ica32/wficat.cab (Citrix ICA Client)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131483673491 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} http://www.fisbonds.com/fisbonds/schwab/saxfile.cab (SAXFile FileDownload ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://gowithcrm.webex.com/client/T27L/event/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hedrick.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/08 09:17:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
 
[color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color]
 
[2009/10/30 09:39:15 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/10/30 11:10:18 | 16,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Documents and Settings\Betty Mc Niel\Desktop\setup-spybotsd162.exe
[2009/10/30 10:00:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2009/10/30 09:55:59 | 00,000,000 | -HSD | C] -- C:\Config.Msi
 
[color=#E56717]========== Files - Modified Within 14 Days ==========[/color]
 
[2009/11/11 17:44:24 | 00,013,746 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/11 17:43:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/11 17:43:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/11 03:08:09 | 00,370,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/10 12:58:17 | 00,077,860 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\System log.csv
[2009/11/09 10:00:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/09 09:13:57 | 00,015,776 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Quarantine Log.csv
[2009/11/05 14:09:59 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Risk log.xls
[2009/11/05 14:09:31 | 00,023,203 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Risk log.csv
[2009/11/05 11:50:21 | 00,005,519 | ---- | M] () -- C:\Data BGM\Position Export.csv
[2009/11/04 14:40:08 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/02 07:25:36 | 00,446,368 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/02 07:25:36 | 00,073,492 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/02 07:25:30 | 00,530,612 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/30 11:16:20 | 16,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Documents and Settings\Betty Mc Niel\Desktop\setup-spybotsd162.exe
[2009/10/29 10:46:43 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Documents to bring to client meetings.doc
[2009/10/29 07:09:51 | 00,085,790 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Antivirus System Log.csv
 
[color=#E56717]========== Files - No Company Name ==========[/color]
[2009/11/10 12:58:17 | 00,077,860 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\System log.csv
[2009/11/09 09:13:56 | 00,015,776 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Quarantine Log.csv
[2009/11/05 14:09:59 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Risk log.xls
[2009/11/05 14:09:30 | 00,023,203 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Risk log.csv
[2009/10/29 08:50:50 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Documents to bring to client meetings.doc
[2009/10/29 07:09:51 | 00,085,790 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Antivirus System Log.csv
[2009/03/31 12:41:31 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/01/27 11:39:12 | 00,002,856 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/04/18 10:01:40 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\_regtlb.dll
[2007/07/18 11:24:48 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/06 09:42:47 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/04/26 13:10:53 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/16 13:38:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/03/02 14:41:17 | 00,013,910 | ---- | C] () -- C:\WINDOWS\HYS.INI
[2006/01/20 12:16:29 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\fusioncache.dat
[2005/12/13 18:11:52 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\$_hpcst$.hpc
[2005/11/17 11:20:51 | 00,000,033 | ---- | C] () -- C:\WINDOWS\schwabcd.ini
[2005/11/16 08:34:09 | 00,099,728 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/11/08 15:40:53 | 00,001,230 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\FASTWiz.html
[2005/11/08 15:37:56 | 00,030,685 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\FASTWiz.log
[2005/11/08 10:52:23 | 00,000,566 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/08 10:19:25 | 01,580,802 | -H-- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\IconCache.db
[2005/11/08 10:07:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\desktop.ini
[2005/11/08 09:32:32 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/11/08 09:31:43 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2005/11/08 09:31:42 | 00,007,100 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/11/08 09:31:40 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/11/08 00:26:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/04 04:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 04:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/26 16:34:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2001/08/10 15:37:54 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/10/14 11:46:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/24 11:49:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/04/17 07:02:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/06/04 10:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/03/31 12:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/01/18 12:32:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Schwab Performance Technologies
[2009/09/22 18:14:51 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data
[2007/02/13 08:33:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Ahead
[2009/08/06 12:23:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\ICAClient
[2009/03/31 12:42:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Intuit
[2009/09/11 08:37:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Quicken WillMaker
[2008/08/12 13:24:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\U3
[2008/04/18 07:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Uniblue
[2009/08/06 12:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\webex
[2009/11/09 10:00:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/11 17:43:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\eventlog.dll /s /md5 >[/color]
[eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll
 
[color=#A23BEC]< %SYSTEMDRIVE%\scecli.dll /s /md5 >[/color]
[scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll
 
[color=#A23BEC]< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[/color]
[netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/04 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll
 
[color=#A23BEC]< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\sceclt.dll /s /md5 >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\logevent.dll /s /md5 >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\iaStor.sys /s /md5 >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\nvstor.sys /s /md5 >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\atapi.sys /s /md5 >[/color]
[atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/04 04:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys
 
[color=#A23BEC]< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\viasraid.sys /s /md5 >[/color]
 
[color=#A23BEC]< %SYSTEMDRIVE%\AGP440.sys /s /md5 >[/color]
[agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/04 04:00:00 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
 
[color=#A23BEC]< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >[/color]
< End of report >