OTL logfile created on: 16.02.2010 21:16:31 - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Administrator\Desktop\GeekstoGo Windows Server 2003 Standard Edition Service Pack 2 (Version = 5.2.3790) - Type = NTDomainController Internet Explorer (Version = 8.0.6001.18702) Locale: 00000414 | Country: Norway | Language: NOR | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 48,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 24,42 Gb Total Space | 5,92 Gb Free Space | 24,26% Space Free | Partition Type: NTFS Drive D: | 112,28 Gb Total Space | 42,28 Gb Free Space | 37,65% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DC01 Current User Name: administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2010.02.16 15:54:01 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\SBSCREXE.EXE PRC - [2010.02.15 13:57:53 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\GeekstoGo\OTL.exe PRC - [2010.02.10 15:59:36 | 002,074,576 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\Update.exe PRC - [2010.02.02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe PRC - [2010.01.18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe PRC - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe PRC - [2009.12.24 15:46:58 | 000,745,472 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe PRC - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe PRC - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe PRC - [2009.10.11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009.10.11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009.07.29 04:06:06 | 000,069,632 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\NCU\cpqteam.exe PRC - [2009.07.24 11:11:50 | 000,015,400 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe PRC - [2009.07.24 09:22:56 | 000,015,400 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe PRC - [2009.07.17 00:38:44 | 001,585,152 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\smhstart.exe PRC - [2009.07.17 00:32:52 | 000,019,968 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\hpsmhd.exe PRC - [2009.07.17 00:31:32 | 000,053,248 | ---- | M] (Hewlett-Packard Company) -- C:\hp\hpsmh\bin\rotatelogs.exe PRC - [2009.07.13 11:46:28 | 000,007,680 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe PRC - [2009.07.07 15:25:46 | 000,018,472 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\sysdown.exe PRC - [2009.07.01 07:53:02 | 000,019,456 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe PRC - [2009.06.18 16:21:56 | 000,146,944 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Cissesrv\cissesrv.exe PRC - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- d:\Prog_Data\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe PRC - [2009.02.16 12:37:19 | 000,450,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dns.exe PRC - [2008.12.16 20:39:30 | 009,158,656 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe PRC - [2008.11.26 05:59:27 | 005,266,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\store.exe PRC - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008.11.24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2008.11.14 12:29:56 | 000,021,032 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\cpqrcmc.exe PRC - [2008.11.06 11:33:56 | 000,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe PRC - [2008.11.06 11:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe PRC - [2008.08.14 08:31:20 | 000,435,576 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe PRC - [2008.05.14 19:56:34 | 000,873,856 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\PccNTMon.exe PRC - [2008.05.14 19:56:10 | 002,176,384 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcService.exe PRC - [2008.05.14 19:55:14 | 001,328,512 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\DbServer.exe PRC - [2008.05.13 00:01:58 | 000,039,936 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Messaging Security Agent\SMEX_RemoteConfig.exe PRC - [2008.05.13 00:01:58 | 000,039,936 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Messaging Security Agent\SMEX_Master.exe PRC - [2008.05.13 00:01:10 | 000,026,624 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Messaging Security Agent\svcGenericHost.exe PRC - [2008.05.12 23:55:02 | 000,032,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Messaging Security Agent\SMEX_SystemWatcher.exe PRC - [2008.05.09 18:17:40 | 000,984,360 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe PRC - [2008.05.09 18:16:46 | 000,906,536 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe PRC - [2008.05.07 15:45:02 | 000,230,776 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcAoSMgr.exe PRC - [2008.04.17 20:45:58 | 000,488,768 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe PRC - [2008.04.17 20:45:18 | 000,652,552 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe PRC - [2007.04.23 17:53:45 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe PRC - [2007.04.23 17:53:44 | 001,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.04.23 17:53:44 | 000,792,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntfrs.exe PRC - [2007.04.23 17:53:44 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe PRC - [2007.04.23 17:53:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lserver.exe PRC - [2007.04.23 17:53:44 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dfssvc.exe PRC - [2007.04.23 17:53:44 | 000,094,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\llssrv.exe PRC - [2007.04.23 17:53:44 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe PRC - [2007.04.23 17:53:44 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe PRC - [2007.04.23 17:53:44 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2007.04.23 17:53:44 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\w3wp.exe PRC - [2007.04.19 13:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\web server extensions\60\BIN\OWSTIMER.EXE PRC - [2007.01.09 11:25:44 | 000,515,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\VERITAS\Backup Exec\beremote.exe PRC - [2005.09.20 16:53:14 | 000,154,176 | ---- | M] (Symantec Corporation) -- C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe PRC - [2005.08.25 18:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\mad.exe PRC - [2005.08.25 18:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Exchsrvr\bin\exmgmt.exe PRC - [2005.05.03 21:07:32 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe PRC - [2005.04.30 01:53:18 | 000,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe PRC - [2005.03.08 10:23:10 | 000,753,664 | R--- | M] () -- C:\Program Files\HP\Power Manager\DevManBE.exe PRC - [2005.02.28 10:33:28 | 000,176,128 | R--- | M] () -- C:\Program Files\HP\Power Manager\BETaskMgr.exe PRC - [2002.12.17 16:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2010.02.15 13:57:53 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\GeekstoGo\OTL.exe MOD - [2010.02.02 10:13:54 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll MOD - [2009.10.30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll MOD - [2007.02.17 07:04:16 | 001,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_D8713E55\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Running] -- -- (ScanMail_SystemWatcher) SRV - File not found [Auto | Running] -- -- (ScanMail_RemoteConfig) SRV - File not found [Auto | Running] -- -- (ScanMail_Master) SRV - File not found [On_Demand | Stopped] -- -- (MXLW) SRV - [2010.02.16 15:54:01 | 000,037,888 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\WINDOWS\system32\SBSCREXE.EXE -- (SBCore) SRV - [2010.02.02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire) SRV - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService) SRV - [2009.12.24 15:46:58 | 000,745,472 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe -- (cpqvcagent) SRV - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService) SRV - [2009.11.10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2009.10.11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009.07.24 11:11:50 | 000,015,400 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmgserv\cqmgserv.exe -- (CqMgServ) SRV - [2009.07.24 09:23:16 | 000,218,152 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\WINDOWS\system32\CIMntfy\cimntfy.exe -- (CIMnotify) SRV - [2009.07.24 09:22:56 | 000,015,400 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmghost\cqmghost.exe -- (CqMgHost) SRV - [2009.07.17 00:38:44 | 001,585,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\hp\hpsmh\bin\smhstart.exe -- (SysMgmtHp) SRV - [2009.07.13 11:46:28 | 000,007,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe -- (CpqNicMgmt) SRV - [2009.07.07 15:25:46 | 000,018,472 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\sysdown.exe -- (sysdown) SRV - [2009.07.01 07:53:02 | 000,019,456 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\CpqMgmt\cqmgstor\cqmgstor.exe -- (CqMgStor) SRV - [2009.06.18 16:21:56 | 000,146,944 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\Cissesrv\cissesrv.exe -- (Cissesrv) SRV - [2009.05.27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- d:\Prog_Data\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) SRV - [2009.02.16 12:37:19 | 000,450,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dns.exe -- (DNS) SRV - [2008.12.16 20:39:30 | 009,158,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlservr.exe -- (MSSQL$SHAREPOINT) SRV - [2008.12.16 17:51:14 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Binn\sqlagent.EXE -- (SQLAgent$SHAREPOINT) SRV - [2008.11.26 05:59:27 | 005,266,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\store.exe -- (MSExchangeIS) SRV - [2008.11.26 04:43:19 | 003,598,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Exchsrvr\bin\emsmta.exe -- (MSExchangeMTA) SRV - [2008.11.24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2008.11.24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2008.11.24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2008.11.14 12:29:56 | 000,021,032 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\WINDOWS\system32\cpqrcmc.exe -- (CpqRcmc) SRV - [2008.11.06 11:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted) SRV - [2008.05.14 19:56:10 | 002,176,384 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcService.exe -- (ofcservice) SRV - [2008.05.12 23:56:02 | 000,027,136 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Messaging Security Agent\EUQ\EUQMonitor.exe -- (EUQ_Monitor) SRV - [2008.05.09 18:17:40 | 000,984,360 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten) SRV - [2008.05.09 18:16:46 | 000,906,536 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan) SRV - [2008.05.07 15:45:02 | 000,230,776 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcAoSMgr.exe -- (OfcAoSMgr) SRV - [2008.04.17 20:45:58 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe -- (TmPfw) SRV - [2008.04.17 20:45:18 | 000,652,552 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy) SRV - [2008.04.09 11:25:00 | 000,333,064 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\..\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2007.04.23 17:53:45 | 000,069,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe -- (MSSEARCH) SRV - [2007.04.23 17:53:44 | 000,792,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ntfrs.exe -- (NtFrs) SRV - [2007.04.23 17:53:44 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lserver.exe -- (TermServLicensing) SRV - [2007.04.23 17:53:44 | 000,216,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\iisw3adm.dll -- (W3SVC) SRV - [2007.04.23 17:53:44 | 000,164,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dfssvc.exe -- (Dfs) SRV - [2007.04.23 17:53:44 | 000,094,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\llssrv.exe -- (LicenseService) SRV - [2007.04.23 17:53:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tssdis.exe -- (Tssdis) SRV - [2007.04.23 17:53:44 | 000,067,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rsopprov.exe -- (RSoPProv) SRV - [2007.04.23 17:53:44 | 000,050,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\trksvr.dll -- (TrkSvr) SRV - [2007.04.23 17:53:44 | 000,040,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP) SRV - [2007.04.23 17:53:44 | 000,040,448 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ismserv.exe -- (IsmServ) SRV - [2007.04.23 17:53:44 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (DHCPServer) SRV - [2007.04.23 17:53:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2007.04.23 17:53:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (RESvc) SRV - [2007.04.23 17:53:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (POP3Svc) SRV - [2007.04.23 17:53:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (NntpSvc) Network News Transfer Protocol (NNTP) SRV - [2007.04.23 17:53:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IMAP4Svc) SRV - [2007.04.23 17:53:44 | 000,014,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2007.04.23 17:53:44 | 000,012,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\sacsvr.dll -- (sacsvr) SRV - [2007.04.23 17:53:44 | 000,008,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ias.dll -- (IAS) SRV - [2007.04.19 13:08:48 | 000,031,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\OWSTIMER.EXE -- (SPTimer) SRV - [2007.01.09 11:25:44 | 000,515,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\VERITAS\Backup Exec\beremote.exe -- (BackupExecAgentAccelerator) SRV - [2007.01.09 11:25:40 | 003,322,496 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\VERITAS\Backup Exec\beserver.exe -- (BackupExecRPCService) SRV - [2007.01.09 11:25:40 | 001,699,968 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\VERITAS\Backup Exec\bengine.exe -- (BackupExecJobEngine) SRV - [2007.01.09 11:25:40 | 000,841,856 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\VERITAS\Backup Exec\pvlsvr.exe -- (BackupExecDeviceMediaService) SRV - [2005.09.21 15:11:26 | 000,035,904 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\VERITAS\Backup Exec\benetns.exe -- (BackupExecAgentBrowser) SRV - [2005.08.25 18:10:14 | 008,920,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\mad.exe -- (MSExchangeSA) SRV - [2005.08.25 18:10:02 | 003,217,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Exchsrvr\bin\exmgmt.exe -- (MSExchangeMGMT) SRV - [2005.08.25 17:29:52 | 000,339,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Exchsrvr\bin\srsmain.exe -- (MSExchangeSRS) SRV - [2005.05.03 23:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlservr.exe -- (MSSQL$SBSMONITORING) SRV - [2005.05.03 20:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Binn\sqlagent.EXE -- (SQLAgent$SBSMONITORING) SRV - [2005.04.30 01:53:18 | 000,033,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\imbservice.exe -- (MSPOP3Connector) SRV - [2005.03.08 10:23:10 | 000,753,664 | R--- | M] () [Auto | Running] -- C:\Program Files\HP\Power Manager\DevManBE.exe -- (DevManBE) SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.03 08:23:09 | 000,094,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Exchsrvr\bin\events.exe -- (MSExchangeES) SRV - [2002.12.17 16:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe -- (MSSQL$BKUPEXEC) SRV - [2002.12.17 16:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlagent.EXE -- (SQLAgent$BKUPEXEC) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/softAdmin.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/softAdmin.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2007.04.23 17:53:44 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [CPQTEAM] C:\Program Files\HP\NCU\cpqteam.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [DWPersistentQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation) O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.) O4 - HKLM..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe (Symantec Corporation) O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Server Management.lnk = C:\Program Files\Microsoft Windows Small Business Server\Administration\LaunchConsole.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Power Manager Status.lnk = C:\Program Files\HP\Power Manager\BETaskMgr.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.) O15 - HKCU\..Trusted Domains: dc01 ([]http in Local intranet) O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://dc01.septikservice.local:4343/officescan/console/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class) O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://dc01.septikservice.local:4343/officescan/console/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab (DLM Control) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://dc01.septikservice.local:4343/officescan/console/ClientInstall/RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212764816906 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212764896515 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC2A} https://dc01.septikservice.local:4343/SMB/console/html/root/AtxEnc.cab (Encrypt Class) O16 - DPF: {9DCD8EB7-E925-45C9-9321-8CA843FBED3C} https://dc01.septikservice.local:4343/SMB/console/html/root/AtxConsole.cab (Security Server Management Console) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Septikservice.local O18 - Protocol\Handler\hpapp {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\bin\hpapp.dll (Hewlett-Packard Company) O18 - Protocol\Handler\hpapp\Apps - No CLSID value found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - File not found O29 - HKLM SecurityProviders - (pwdssp.dll) - C:\WINDOWS\System32\pwdssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.06.05 11:04:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{63e826aa-1ad9-11df-bed8-001f29c64912}\Shell - "" = AutoRun O33 - MountPoints2\{63e826aa-1ad9-11df-bed8-001f29c64912}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{63e826aa-1ad9-11df-bed8-001f29c64912}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{63e827ad-1ad9-11df-bed8-001f29c64912}\Shell\AutoRun\command - "" = F:\hbcd\wintools\autorun.exe -- File not found O33 - MountPoints2\{63e827ad-1ad9-11df-bed8-001f29c64912}\Shell\Option1\Command - "" = F:\hbcd\wintools\autorun.exe -- File not found O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\hbcd\wintools\autorun.exe -- File not found O33 - MountPoints2\E\Shell\Option1\Command - "" = E:\hbcd\wintools\autorun.exe -- File not found O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: Ias - C:\WINDOWS\system32\ias.dll (Microsoft Corporation) NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sacsvr - C:\WINDOWS\system32\sacsvr.dll (Microsoft Corporation) NetSvcs: TrkSvr - C:\WINDOWS\system32\trksvr.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found SystemRestore not available. [color=#E56717]========== Files/Folders - Created Within 14 Days ==========[/color] [2010.02.16 20:39:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.02.16 20:33:31 | 000,673,728 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll [2010.02.16 20:33:31 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys [2010.02.16 19:24:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CIMntfy [2010.02.16 19:24:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CpqMgmt [2010.02.16 16:16:00 | 000,024,656 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\HPTapeFirmwareVersion.dll [2010.02.16 16:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard [2010.02.16 15:24:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2010.02.16 12:23:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.02.16 12:23:32 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.02.16 12:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes [2010.02.16 10:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3 [2010.02.15 14:08:13 | 000,059,664 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys [2010.02.15 14:08:13 | 000,033,552 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys [2010.02.15 14:08:12 | 000,051,984 | --S- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys [2010.02.15 13:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GeekstoGo [2010.02.15 09:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro [2010.02.14 17:56:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert [2010.02.14 14:59:04 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll [2010.02.14 14:59:03 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old [2010.02.14 14:59:03 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll [2010.02.14 14:59:03 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll [2010.02.14 14:56:32 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2010.02.14 14:56:25 | 000,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2010.02.14 14:56:25 | 000,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2010.02.14 14:56:06 | 000,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2010.02.14 14:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools [2010.02.14 14:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor [2010.02.14 14:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools [2010.02.14 14:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools [2010.02.14 14:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010.02.14 14:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR [2010.02.14 14:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2010.02.14 14:44:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads [2010.02.14 14:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent [2010.02.14 13:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS [2010.02.14 13:30:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic [2010.02.14 13:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2010.02.14 13:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations [2010.02.14 13:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft [2010.02.14 13:27:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft [2010.02.14 13:16:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Redirected [2010.02.12 11:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ICS [2010.02.12 11:06:56 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2010.02.12 11:06:56 | 000,052,752 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys [2010.02.12 11:06:56 | 000,052,624 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys [2010.02.12 11:01:54 | 000,000,000 | ---D | C] -- C:\MGtools [2010.02.12 10:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\log [2010.02.11 17:10:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010.02.11 16:47:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\DoctorWeb [2010.02.11 16:41:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8 [2010.02.11 16:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2010.02.11 16:06:42 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5 [2010.02.11 13:53:02 | 000,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\TMPassthru.sys [2010.02.09 11:20:38 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe [2010.02.08 23:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2010.02.08 23:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2009.07.29 16:59:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2008.06.05 11:04:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2008.06.05 11:04:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2008.06.05 11:04:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [color=#E56717]========== Files - Modified Within 14 Days ==========[/color] [2010.02.16 21:22:18 | 080,181,280 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010.02.16 21:21:41 | 000,012,953 | ---- | M] () -- C:\WINDOWS\cfgall.ini [2010.02.16 21:17:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.02.16 21:00:22 | 000,002,586 | ---- | M] () -- C:\WINDOWS\System32\licstr.cpa [2010.02.16 20:54:38 | 001,237,260 | ---- | M] () -- C:\WINDOWS\System32\besnmp.TRC [2010.02.16 20:52:06 | 000,003,101 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2010.02.16 20:50:56 | 001,454,338 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.02.16 20:50:56 | 001,107,860 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.02.16 20:50:56 | 000,311,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.02.16 20:48:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.02.16 20:47:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.02.16 20:45:53 | 001,076,276 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010.02.16 20:43:33 | 002,621,440 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2010.02.16 20:43:33 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2010.02.16 20:43:25 | 005,894,082 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db [2010.02.16 20:42:19 | 000,005,296 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.02.16 20:01:59 | 000,001,365 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP System Management Homepage.lnk [2010.02.16 19:27:37 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\report.file [2010.02.16 12:23:37 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.02.16 12:00:08 | 000,000,764 | ---- | M] () -- C:\WINDOWS\tasks\ShadowCopyVolume{db34fce4-32e7-11dd-83e5-001f29c64912}.job [2010.02.15 19:32:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010.02.15 13:29:42 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Document.rtf [2010.02.15 13:22:28 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [2010.02.15 08:17:15 | 000,003,120 | ---- | M] () -- C:\rollback.ini [2010.02.15 07:32:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010.02.15 01:32:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010.02.14 23:38:47 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.02.14 23:38:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010.02.14 23:31:51 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache [2010.02.14 23:29:42 | 000,000,202 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BitDefender Online Scanner.url [2010.02.14 18:00:01 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job [2010.02.14 14:42:45 | 000,065,536 | ---- | M] () -- C:\WINDOWS\NETLOGON.CHG [2010.02.14 13:16:45 | 000,001,702 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp [2010.02.12 11:06:25 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini [2010.02.12 11:03:21 | 000,141,828 | ---- | M] () -- C:\MGlogs.zip [2010.02.12 11:02:34 | 000,000,294 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Trend install.doc [2010.02.11 17:10:38 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk [2010.02.11 16:31:19 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2010.02.11 10:17:17 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Documents and Settings\Administrator\Desktop\HousecallLauncher.exe [2010.02.10 08:41:01 | 000,005,018 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol [2010.02.08 17:25:24 | 000,005,105 | ---- | M] () -- C:\WINDOWS\cfgms.ini [2010.02.08 17:25:24 | 000,004,278 | ---- | M] () -- C:\WINDOWS\cfgspyms.ini [2010.02.08 17:25:18 | 000,005,113 | ---- | M] () -- C:\WINDOWS\cfgrs.ini [2010.02.08 17:25:18 | 000,004,291 | ---- | M] () -- C:\WINDOWS\cfgrs_ex.ini [2010.02.05 09:25:38 | 000,070,408 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2010.02.05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [color=#E56717]========== Files Created - No Company Name ==========[/color] [2010.02.16 20:40:28 | 000,005,296 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010.02.16 19:23:01 | 000,001,365 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP System Management Homepage.lnk [2010.02.16 19:21:45 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\report.file [2010.02.16 12:23:37 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.02.15 13:29:42 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Document.rtf [2010.02.14 14:59:04 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old [2010.02.14 14:59:04 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll [2010.02.14 14:59:04 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml [2010.02.14 14:59:04 | 000,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml [2010.02.14 14:59:03 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip [2010.02.14 14:59:03 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip [2010.02.14 14:56:32 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat [2010.02.14 14:56:25 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat [2010.02.14 14:56:25 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat [2010.02.14 14:56:18 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk [2010.02.14 14:56:07 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat [2010.02.14 14:42:10 | 000,000,458 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job [2010.02.14 14:38:24 | 080,174,112 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010.02.14 14:38:24 | 001,076,276 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010.02.14 14:38:14 | 000,003,120 | ---- | C] () -- C:\rollback.ini [2010.02.14 13:32:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010.02.14 13:32:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010.02.14 13:32:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010.02.14 13:32:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010.02.14 13:32:45 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010.02.12 11:02:34 | 000,000,294 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Trend install.doc [2010.02.12 11:01:55 | 000,141,828 | ---- | C] () -- C:\MGlogs.zip [2010.02.11 17:10:38 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk [2010.02.11 16:51:11 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BitDefender Online Scanner.url [2010.02.11 16:28:03 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2010.02.09 11:20:44 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache [2009.12.22 09:39:50 | 000,005,229 | ---- | C] () -- C:\WINDOWS\cfgps.ini [2009.12.22 09:39:50 | 000,004,389 | ---- | C] () -- C:\WINDOWS\cfgspyps.ini [2009.12.21 13:39:39 | 000,005,105 | ---- | C] () -- C:\WINDOWS\cfgms.ini [2009.12.21 13:39:39 | 000,004,278 | ---- | C] () -- C:\WINDOWS\cfgspyms.ini [2009.12.21 13:39:31 | 000,005,113 | ---- | C] () -- C:\WINDOWS\cfgrs.ini [2009.12.21 13:39:31 | 000,004,291 | ---- | C] () -- C:\WINDOWS\cfgrs_ex.ini [2009.12.08 20:31:58 | 000,046,424 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll [2009.12.08 20:31:56 | 000,030,040 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll [2009.12.08 20:31:54 | 000,148,824 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll [2009.09.02 13:19:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.07.01 07:53:02 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\cqstrutl.dll [2009.05.14 14:29:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2009.04.02 14:09:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\cpqimlv.INI [2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2008.10.02 11:33:15 | 000,000,415 | ---- | C] () -- C:\WINDOWS\OPPA.INI [2008.08.14 08:32:18 | 000,012,953 | ---- | C] () -- C:\WINDOWS\cfgall.ini [2008.06.11 13:12:51 | 000,000,204 | ---- | C] () -- C:\WINDOWS\OPLK.INI [2008.06.05 13:08:10 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat [2008.06.05 12:56:42 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2008.06.05 12:49:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini [2008.06.05 12:49:32 | 000,017,579 | ---- | C] () -- C:\WINDOWS\System32\nntpctrs.ini [2008.06.05 12:49:12 | 000,179,577 | ---- | C] () -- C:\WINDOWS\System32\schema.ini [2008.06.05 12:48:50 | 000,024,819 | ---- | C] () -- C:\WINDOWS\System32\ntdsctrs.ini [2008.06.05 12:48:50 | 000,020,386 | ---- | C] () -- C:\WINDOWS\System32\ntfrsrep.ini [2008.06.05 12:48:50 | 000,005,597 | ---- | C] () -- C:\WINDOWS\System32\ntfrscon.ini [2008.06.05 12:47:48 | 000,011,030 | ---- | C] () -- C:\WINDOWS\System32\ipsecprf.ini [2008.06.05 12:47:42 | 000,011,817 | ---- | C] () -- C:\WINDOWS\System32\iasperf.ini [2008.06.05 12:45:20 | 000,011,597 | ---- | C] () -- C:\WINDOWS\System32\dnsperf.ini [2008.06.05 12:43:34 | 000,002,360 | ---- | C] () -- C:\WINDOWS\System32\dhcpctrs.ini [2008.06.05 11:02:04 | 000,021,792 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2008.06.05 11:02:04 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2008.06.05 11:02:02 | 000,050,666 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2008.06.05 11:02:02 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2008.06.05 11:02:02 | 000,010,793 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2003.01.07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [color=#E56717]========== LOP Check ==========[/color] [2010.02.15 04:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent [2009.09.01 13:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search [2010.02.11 16:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2010.02.15 10:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic [2010.02.14 13:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS [2010.02.14 13:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Redirected [2010.02.16 21:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2009.09.30 10:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visma [2009.01.09 10:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visma Software [2010.02.14 23:38:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job [2010.02.15 19:32:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job [2010.02.15 01:32:04 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job [2010.02.15 07:32:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job [2010.02.14 23:38:47 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2010.02.14 18:00:01 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job [2010.01.27 22:30:00 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\reboot.job [2010.02.16 20:43:58 | 000,032,552 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt [2010.02.16 12:00:08 | 000,000,764 | ---- | M] () -- C:\WINDOWS\Tasks\ShadowCopyVolume{db34fce4-32e7-11dd-83e5-001f29c64912}.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2002.10.21 13:02:28 | 000,271,360 | ---- | M] (Compaq Computer Corp.) -- C:\GUICMD.EXE [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2003.07.15 00:49:24 | 006,553,075 | R--- | M] () .cab file -- C:\ClientApps\w2ksp4\i386\NEW\sp4.cab:AGP440.sys [2004.08.04 09:05:44 | 018,738,937 | R--- | M] () .cab file -- C:\ClientApps\wxpsp2\i386\sp2.cab:AGP440.sys [2007.04.23 17:53:44 | 016,191,101 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2003.07.15 00:49:24 | 006,553,075 | R--- | M] () .cab file -- C:\ClientApps\w2ksp4\i386\NEW\sp4.cab:atapi.sys [2004.08.04 09:05:44 | 018,738,937 | R--- | M] () .cab file -- C:\ClientApps\wxpsp2\i386\sp2.cab:atapi.sys [2007.04.23 17:53:44 | 016,191,101 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2007.04.23 17:53:44 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=FF953A8F08CA3F822127654375786BBE -- C:\WINDOWS\system32\drivers\atapi.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2007.04.23 17:53:44 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=3AAB2418271343FE97F98AEF93F50E5F -- C:\WINDOWS\system32\dllcache\eventlog.dll [2007.04.23 17:53:44 | 000,068,608 | ---- | M] (Microsoft Corporation) MD5=3AAB2418271343FE97F98AEF93F50E5F -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color] [2007.04.23 17:53:44 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2007.04.23 17:53:44 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\system32\netlogon.dll [color=#A23BEC]< MD5 for: SCECLI.DLL >[/color] [2007.04.23 17:53:44 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\system32\dllcache\scecli.dll [2007.04.23 17:53:44 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\system32\scecli.dll [color=#A23BEC]< MD5 for: SYMMPI.SYS >[/color] [2007.04.23 17:53:44 | 016,191,101 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:symmpi.sys [2007.02.17 03:04:30 | 000,049,664 | ---- | M] (LSI Logic) MD5=868204832E011E2D64281D7EABEE572E -- C:\WINDOWS\system32\dllcache\symmpi.sys [2007.02.17 03:04:30 | 000,049,664 | ---- | M] (LSI Logic) MD5=868204832E011E2D64281D7EABEE572E -- C:\WINDOWS\system32\drivers\symmpi.sys [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color] [2009.03.08 04:33:06 | 000,420,352 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\vbscript.dll [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color] [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color] [2008.06.05 12:53:26 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008.06.05 12:53:26 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008.06.05 12:53:26 | 000,532,480 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 < End of report >