OTL logfile created on: 12/19/2009 11:39:43 AM - Run 1 OTL by OldTimer - Version 3.1.18.0 Folder = C:\Documents and Settings\Steve Kaden\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.00 Mb Total Physical Memory | 113.02 Mb Available Physical Memory | 22.16% Memory free 1.22 Gb Paging File | 0.72 Gb Available in Paging File | 58.90% Paging File free Paging file location(s): c:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.21 Gb Total Space | 17.25 Gb Free Space | 46.37% Space Free | Partition Type: NTFS Drive D: | 494.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: KADEN Current User Name: Steve Kaden Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2009/12/19 11:16:51 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Kaden\Desktop\OTL.exe PRC - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe PRC - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/08/08 23:53:41 | 00,091,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2008/05/02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2008/05/02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2008/04/13 19:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/03/27 23:51:18 | 00,116,032 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe PRC - [2008/03/26 02:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe PRC - [2008/03/25 21:27:58 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe PRC - [2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe PRC - [2008/03/25 20:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe PRC - [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2007/09/04 14:52:08 | 00,095,536 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe PRC - [2007/08/24 16:57:48 | 00,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6172\SiteAdv.exe PRC - [2007/03/14 19:05:48 | 00,257,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2007/03/14 19:05:42 | 00,500,800 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2006/04/02 20:07:44 | 00,389,120 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe PRC - [2003/12/03 06:40:28 | 00,118,784 | ---- | M] (MUSICMATCH, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe PRC - [2003/12/03 06:40:28 | 00,053,248 | ---- | M] (TODO: ) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe PRC - [2003/10/07 16:21:10 | 00,294,912 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe PRC - [2003/09/29 22:21:41 | 00,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2003/08/29 04:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe PRC - [2002/12/17 12:28:00 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe PRC - [2002/10/08 12:00:24 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe PRC - [1997/09/03 23:00:00 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Greetings Workshop\GWREMIND.EXE [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2009/12/19 11:16:51 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Kaden\Desktop\OTL.exe MOD - [2008/05/02 02:42:50 | 00,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll MOD - [2008/04/13 19:11:56 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\linkinfo.dll MOD - [2008/02/04 20:27:48 | 00,011,552 | ---- | M] () -- C:\Program Files\SiteAdvisor\6172\saHook.dll MOD - [2006/12/01 22:54:32 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2009/12/08 15:08:34 | 00,315,776 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Documents and Settings\Steve Kaden\Local Settings\temp\0312631261198262mcinst.exe -- (0312631261198262mcinstcleanup) McAfee Application Installer Cleanup (0312631261198262) SRV - [2009/12/08 14:25:28 | 00,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/09/21 08:08:21 | 01,028,432 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2009/09/16 11:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/05/02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2008/03/25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2008/02/28 11:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2008/02/28 11:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2007/03/14 19:05:42 | 00,500,800 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2006/06/07 16:05:35 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service) SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2002/10/08 12:00:24 | 00,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/11/09 19:05:06 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/18 23:56:12 | 00,000,000 | ---D | M] O1 HOSTS File: (27 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll () O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio) O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation) O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [MISAggregator] File not found O4 - HKLM..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe (TODO: ) O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.) O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.) O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe (America Online, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Steve Kaden\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Documents and Settings\Steve Kaden\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk = C:\Program Files\Greetings Workshop\GWREMIND.EXE (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: 317 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {2B4F4FA8-814A-11D7-B31B-0002A500B281} http://a494.ff.fullaudio.com.edgesuite.net/f/494/8819/1d/software.fullaudio.com/bestbuy_none/3.0.0.40/setup.cab (FASetupStart Control) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1997/10/20 08:37:54 | 00,203,776 | R--- | M] (Microsoft Corporation) - D:\AUTORUN.EXE -- [ CDFS ] O32 - AutoRun File - [1997/07/14 06:01:08 | 00,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{681f1531-f8ab-11da-8045-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{681f1531-f8ab-11da-8045-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{681f1531-f8ab-11da-8045-00038a000015}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{792d7412-db9e-11de-826f-00038a000015}\Shell\AutoRun\command - "" = wdsync.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2009/12/19 11:16:41 | 00,564,736 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve Kaden\Desktop\OTL.exe [2009/12/18 23:55:07 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT [2009/12/18 23:50:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2009/09/01 08:35:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/09/01 08:35:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/09/01 08:35:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/09/01 08:35:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2008/03/02 16:33:25 | 00,007,680 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/02/04 20:27:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor [2007/11/08 15:39:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2006/04/28 15:03:45 | 00,001,778 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/01/02 19:10:37 | 00,076,840 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2005/12/27 07:41:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities [2005/12/13 07:05:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee [2004/10/03 18:56:54 | 00,076,840 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\Application Data\GDIPFONTCACHEV1.DAT [2004/03/10 19:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2003/11/22 18:32:58 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\Application Data\PFP110JPR.{PB [2003/11/22 18:32:58 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\Application Data\PFP110JCM.{PB [2003/10/14 20:26:49 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\Application Data\dm.ini [2003/10/04 14:11:18 | 00,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2003/10/04 13:12:40 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Steve Kaden\Application Data\DESKTOP.INI [2003/10/04 13:12:37 | 04,289,130 | -H-- | C] () -- C:\Documents and Settings\Steve Kaden\Local Settings\Application Data\IconCache.db [2003/10/04 13:12:37 | 00,076,840 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2002/09/03 08:50:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI [6 C:\Documents and Settings\Steve Kaden\My Documents\*.tmp files -> C:\Documents and Settings\Steve Kaden\My Documents\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2009/12/19 11:16:51 | 00,564,736 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve Kaden\Desktop\OTL.exe [2009/12/18 23:55:18 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Steve Kaden\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/12/18 23:46:15 | 00,027,413 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2009/12/18 23:45:55 | 00,001,374 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL [2009/12/18 23:45:48 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Steve Kaden\Ÿ9Ÿ9 [2009/12/18 23:43:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/18 23:43:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT [2009/12/18 23:43:30 | 53,484,3392 | -HS- | M] () -- C:\hiberfil.sys [2009/12/18 23:42:56 | 08,912,896 | ---- | M] () -- C:\Documents and Settings\Steve Kaden\ntuser.dat [2009/12/18 23:42:56 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Steve Kaden\NTUSER.INI [2009/12/17 17:11:06 | 00,095,744 | ---- | M] () -- C:\Documents and Settings\Steve Kaden\My Documents\dmb.doc [2009/12/15 23:07:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/12/15 01:15:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job [2009/12/14 03:06:15 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job [2009/12/10 03:22:23 | 00,403,276 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT [2009/12/10 03:22:23 | 00,063,380 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT [2009/12/10 03:22:22 | 00,473,068 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/09 23:45:00 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/12/06 09:35:11 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List H.doc [2009/12/06 09:30:36 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List G.doc [2009/12/06 09:26:02 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List F.doc [2009/12/06 09:19:28 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List E.doc [2009/12/06 09:15:47 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List D.doc [2009/12/06 09:09:32 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List C.doc [2009/12/06 09:05:53 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List B.doc [2009/12/06 09:02:02 | 00,045,056 | ---- | M] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List A.doc [6 C:\Documents and Settings\Steve Kaden\My Documents\*.tmp files -> C:\Documents and Settings\Steve Kaden\My Documents\*.tmp -> ] [1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2009/12/18 23:55:18 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2009/12/17 17:11:04 | 00,095,744 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\My Documents\dmb.doc [2009/12/06 09:35:11 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List H.doc [2009/12/06 09:30:36 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List G.doc [2009/12/06 09:26:02 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List F.doc [2009/12/06 09:19:28 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List E.doc [2009/12/06 09:15:47 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List D.doc [2009/12/06 09:09:31 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List C.doc [2009/12/06 09:05:53 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List B.doc [2009/12/06 09:02:02 | 00,045,056 | ---- | C] () -- C:\Documents and Settings\Steve Kaden\My Documents\Word List A.doc [2007/08/06 13:17:40 | 00,019,456 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll [2007/08/02 18:11:28 | 00,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll [2007/08/02 18:11:14 | 00,241,664 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll [2007/07/27 15:49:02 | 00,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll [2007/07/27 15:49:02 | 00,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll [2007/06/17 12:26:22 | 00,000,037 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2005/12/05 20:25:22 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll [2005/12/05 13:37:10 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll [2005/08/31 10:43:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll [2005/03/19 13:33:44 | 00,000,419 | ---- | C] () -- C:\WINDOWS\PCPHOTO.INI [2005/01/13 15:27:54 | 00,012,804 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini [2004/12/24 19:35:28 | 00,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini [2004/09/20 21:25:33 | 00,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004/09/17 15:42:02 | 00,000,045 | ---- | C] () -- C:\WINDOWS\AILEIFLH.ini [2004/09/15 05:43:45 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/04/26 16:05:29 | 00,000,727 | ---- | C] () -- C:\WINDOWS\hegames.ini [2004/03/29 16:52:23 | 00,000,023 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI [2004/03/06 13:05:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004/01/06 18:50:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI [2003/12/21 15:54:27 | 00,000,051 | ---- | C] () -- C:\WINDOWS\PRINTFAC.INI [2003/12/07 19:47:52 | 00,000,083 | ---- | C] () -- C:\WINDOWS\CALCULAT.INI [2003/11/22 18:37:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI [2003/10/24 18:31:53 | 00,007,836 | ---- | C] () -- C:\WINDOWS\wsme.ini [2003/09/29 22:23:59 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2003/09/29 22:19:26 | 00,000,626 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2003/09/29 22:19:26 | 00,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini [2003/09/29 22:04:17 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2003/09/29 21:52:02 | 00,000,480 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2003/07/11 09:59:46 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2003/07/11 09:57:52 | 00,000,890 | ---- | C] () -- C:\WINDOWS\ORUN32.INI [2002/11/27 06:30:32 | 00,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll [color=#E56717]========== LOP Check ==========[/color] [2008/07/11 18:07:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2004/02/14 16:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FullAudio [2007/07/08 09:15:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft [2009/12/16 05:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2004/09/21 18:15:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2009/09/01 00:08:15 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} [2007/08/04 16:50:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kaden\Application Data\Aim [2009/02/16 20:52:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kaden\Application Data\Atari [2004/09/30 19:09:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kaden\Application Data\chbr [2009/03/30 19:06:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kaden\Application Data\Cisco [2004/12/12 08:40:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Steve Kaden\Application Data\Leadertech [2009/12/15 01:15:22 | 00,000,352 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/12/14 03:06:15 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys [2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys [2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll [2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll [2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 153 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report >