Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Questions on this computer


  • Please log in to reply

#1
glhglh

glhglh

    New Member

  • Member
  • Pip
  • 9 posts
a month ago, there were many virus' on this computer. it seems to be clean, but on the endpoint daily logs, it is hit with more possible problems than our other computers. i have attached the logs to see if there might be something that is hidden?

i'm taking the training, but am not far enough to see anything in these logs.

i attached the mbam and rootrepeal logs, not enough room for the otc. i'll attach that in a reply.

Attached Files


Edited by glhglh, 30 October 2009 - 11:16 AM.

  • 0

Advertisements


#2
glhglh

glhglh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
otc log

OTL logfile created on: 10/30/2009 9:58:30 AM - Run 3
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\Betty Mc Niel\Desktop\Virus Programs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.47% Memory free
3.85 Gb Paging File | 3.16 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 467.51 Gb Total Space | 443.07 Gb Free Space | 94.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive S: | 465.64 Gb Total Space | 221.83 Gb Free Space | 47.64% Space Free | Partition Type: NTFS

Computer Name: ADB10-05
Current User Name: bettym
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/30 09:57:05 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty Mc Niel\Desktop\Virus Programs\OTL.exe
PRC - [2009/07/31 15:23:21 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/05 13:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/15 10:35:18 | 00,054,712 | ---- | M] (Abacast, Inc.) -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/09/16 13:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/27 11:28:22 | 02,238,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/07/27 10:40:04 | 01,660,288 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/07/27 10:40:02 | 02,479,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/03/19 18:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2008/02/01 02:25:38 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/02/01 02:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/01/11 19:54:31 | 00,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/09/29 03:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2007/08/11 21:05:27 | 00,558,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2007/05/03 11:04:07 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/03/09 11:09:58 | 00,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2006/09/08 12:21:18 | 02,543,616 | ---- | M] (Software602 a.s.) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\PrnPack.exe
PRC - [2005/11/15 20:44:14 | 01,200,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2005/11/15 20:42:22 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/10/20 10:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe
PRC - [2005/06/10 02:21:01 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2005/04/12 11:15:04 | 00,869,376 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/04/12 02:15:29 | 01,383,936 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004/06/30 17:59:24 | 00,724,992 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
PRC - [2004/05/15 22:10:00 | 00,339,968 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2003/08/01 19:28:24 | 00,474,624 | ---- | M] (Constantin Kaplinsky) -- C:\Program Files\TightVNC\WinVNC.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2000/06/01 09:41:08 | 00,090,112 | ---- | M] () -- C:\ivupdate\IVM.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Smcinst [Auto | Stopped])
SRV - [2009/07/31 15:23:19 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2009/06/05 13:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/27 11:28:22 | 02,238,904 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2008/07/27 10:40:02 | 02,479,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/06/30 05:46:26 | 00,296,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/03/19 18:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2008/02/01 02:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/02/01 02:25:16 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2007/09/29 03:56:34 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007/08/11 21:05:27 | 03,093,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2007/08/11 21:05:27 | 00,558,448 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2007/05/03 11:04:07 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2005/10/20 10:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe -- (QuickBooksDB [Auto | Running])
SRV - [2005/04/12 11:15:04 | 00,869,376 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR [Auto | Stopped])
SRV - [2005/04/12 11:15:04 | 00,869,376 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - [2004/05/15 22:10:00 | 00,516,096 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2003/08/01 19:28:24 | 00,474,624 | ---- | M] (Constantin Kaplinsky) -- C:\Program Files\TightVNC\WinVNC.exe -- (winvnc [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])

========== Modules (SafeList) ==========

MOD - [2009/10/30 09:57:05 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Betty Mc Niel\Desktop\Virus Programs\OTL.exe
MOD - [2008/07/27 10:40:56 | 00,357,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SYSFER.DLL
MOD - [2008/04/13 17:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/09 13:20:28 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Cmaudio] File not found
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PrintPack dispatcher] C:\WINDOWS\System32\spool\drivers\w32x86\3\PrnPack.exe (Software602 a.s.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\TightVNC\WinVNC.exe (Constantin Kaplinsky)
O4 - HKCU..\Run: [AbacastDistributedOnDemand:11] C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe (Abacast, Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAID Manager.lnk = C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe (Integrated Technology Express, Inc.)
O4 - Startup: C:\Documents and Settings\Betty Mc Niel\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Betty Mc Niel\Start Menu\Programs\Startup\IVM.lnk = C:\ivupdate\IVM.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_16.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\spool\drivers\w32x86\3\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : Print2PDF - {5B7027AD-AA6D-40df-8F56-9560F277D2A5} - C:\WINDOWS\System32\spool\drivers\w32x86\3\Print602.dll (Software602 a.s.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\System32\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : Print2Mail - {A156A7A7-14A2-4282-B487-8E25AB68D608} - C:\WINDOWS\System32\Print602.dll (Software602 a.s.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {03A89EFD-E023-A200-A22D-45F77558EB4C} https://content10.il...XCltInstall.dll (ILINCInstall102 Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} http://gowithcrm.ios...ca32/wficat.cab (Citrix ICA Client)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1131483673491 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {B82FA17C-F3A9-11D2-B5DD-0050041B7FF6} http://www.fisbonds....wab/saxfile.cab (SAXFile FileDownload ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://gowithcrm.we...ent/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hedrick.local
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/08 10:17:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========


========== Files - Modified Within 14 Days ==========

[2009/10/30 09:16:03 | 00,013,746 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/30 09:15:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/30 09:15:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/30 07:59:44 | 00,307,200 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Error Report re Symantec2.doc
[2009/10/30 07:59:18 | 00,233,984 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Error Report re Symantec.doc
[2009/10/29 11:46:43 | 00,020,992 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Documents to bring to client meetings.doc
[2009/10/29 10:23:07 | 00,002,028 | ---- | M] () -- C:\Data BGM\Position Export.csv
[2009/10/29 08:17:09 | 00,573,952 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Network Protection Log - Traffic Log.xls
[2009/10/29 08:09:51 | 00,085,790 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Antivirus System Log.csv
[2009/10/29 07:44:54 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Risk Log History.xls
[2009/10/26 10:00:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/22 12:49:43 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\PIMCO Real Return.xls

========== Files - No Company Name ==========
[2009/10/30 07:59:44 | 00,307,200 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Error Report re Symantec2.doc
[2009/10/30 07:59:17 | 00,233,984 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Error Report re Symantec.doc
[2009/10/29 09:50:50 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Documents to bring to client meetings.doc
[2009/10/29 08:09:51 | 00,085,790 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Antivirus System Log.csv
[2009/10/29 08:01:39 | 00,573,952 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Network Protection Log - Traffic Log.xls
[2009/10/29 07:44:53 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\Risk Log History.xls
[2009/10/22 12:49:43 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Desktop\PIMCO Real Return.xls
[2009/03/31 13:41:31 | 00,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2009/01/27 12:39:12 | 00,002,856 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/04/18 11:01:40 | 00,032,256 | ---- | C] () -- C:\WINDOWS\System32\_regtlb.dll
[2007/07/18 12:24:48 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/06 10:42:47 | 00,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2006/04/26 14:10:53 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/03/16 14:38:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/03/02 15:41:17 | 00,013,910 | ---- | C] () -- C:\WINDOWS\HYS.INI
[2006/01/20 13:16:29 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\fusioncache.dat
[2005/12/13 19:11:52 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\$_hpcst$.hpc
[2005/11/17 12:20:51 | 00,000,033 | ---- | C] () -- C:\WINDOWS\schwabcd.ini
[2005/11/16 09:34:09 | 00,099,728 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/11/08 16:40:53 | 00,001,230 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\FASTWiz.html
[2005/11/08 16:37:56 | 00,030,685 | ---- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\FASTWiz.log
[2005/11/08 11:52:23 | 00,000,566 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/08 11:19:25 | 01,580,802 | -H-- | C] () -- C:\Documents and Settings\Betty Mc Niel\Local Settings\Application Data\IconCache.db
[2005/11/08 11:07:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Betty Mc Niel\Application Data\desktop.ini
[2005/11/08 10:32:32 | 00,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2005/11/08 10:31:43 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2005/11/08 10:31:42 | 00,007,100 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2005/11/08 10:31:40 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/11/08 01:26:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/08/04 05:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/26 17:34:56 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\win2000.dll
[2001/08/10 16:37:54 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2009/10/14 12:46:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/24 12:49:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/04/17 08:02:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/06/04 11:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/03/31 13:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/01/18 13:32:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Schwab Performance Technologies
[2009/09/22 19:14:51 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data
[2007/02/13 09:33:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Ahead
[2009/08/06 13:23:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\ICAClient
[2009/03/31 13:42:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Intuit
[2009/09/11 09:37:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Quicken WillMaker
[2008/08/12 14:24:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\U3
[2008/04/18 08:00:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\Uniblue
[2009/08/06 13:19:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Betty Mc Niel\Application Data\webex
[2009/10/26 10:00:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/30 09:15:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[eventlog.dll : MD5=82B24CB70E5944E6E34662205A2A5B78] -> [2004/08/04 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[eventlog.dll : MD5=6D4FEB43EE538FC5428CC7F0565AA656] -> [2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[scecli.dll : MD5=0F78E27F563F2AAF74B91A49E2ABF19A] -> [2004/08/04 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[scecli.dll : MD5=A86BB5E61BF3E39B62AB4C7E7085A084] -> [2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[netlogon.dll : MD5=96353FCECBA774BB8DA74A1C6507015A] -> [2004/08/04 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[netlogon.dll : MD5=1B7F071C51B77C272875C3A23E1E4550] -> [2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[atapi.sys : MD5=CDFE4411A69C224BD1D11B2DA92DAC51] -> [2004/08/04 05:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[atapi.sys : MD5=9F3A2F5AA6875C72BF062C712CFA2674] -> [2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[agp440.sys : MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB] -> [2004/08/04 05:00:00 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[agp440.sys : MD5=08FD04AA961BDC77FB983F328334E3D7] -> [2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP