OTL logfile created on: 11/25/2009 9:16:30 AM - Run 1
OTL by OldTimer - Version 3.1.10.1 Folder = G:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.73 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 76.58% Memory free
1.94 Gb Paging File | 1.69 Gb Available in Paging File | 87.05% Paging File free
Paging file location(s): C:\pagefile.sys 360 720 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 7.27 Gb Free Space | 19.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 476.45 Mb Total Space | 465.16 Mb Free Space | 97.63% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: P19152-AV
Current User Name: techaide
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2009/11/25 09:12:44 | 00,970,085 | ---- | M] (Faronics Corporation) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
PRC - [2009/11/25 09:11:50 | 00,531,456 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2008/04/15 00:05:18 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2007/12/10 08:45:27 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2007/12/10 08:45:04 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2007/12/10 08:44:51 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
PRC - [2007/12/10 08:44:47 | 00,790,528 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe
PRC - [2007/06/13 02:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2007/04/04 06:22:26 | 00,743,296 | ---- | M] (Faronics Corporation) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
PRC - [2006/04/02 12:13:02 | 02,596,864 | ---- | M] () -- C:\Documents and Settings\techaide\Application Data\U3\08B0E86050114936\Launchpad.exe
PRC - [2006/01/19 09:22:20 | 00,049,152 | ---- | M] (Pinnacle Systems) -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
PRC - [2005/05/03 23:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
PRC - [2004/09/22 18:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wdfmgr.exe
========== Modules (SafeList) ========== MOD - [2009/11/25 09:11:50 | 00,531,456 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
MOD - [2006/05/22 12:45:29 | 00,614,400 | ---- | M] (New.net, Inc.) -- C:\Program Files\NewDotNet\newdotnet7_22.dll
MOD - [2004/08/03 23:57:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINNT\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/03 23:56:42 | 00,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\framedyn.dll
========== Win32 Services (SafeList) ========== SRV - File not found -- -- (MsUpdate4)
SRV - [2008/10/27 12:47:05 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/04/15 00:05:18 | 00,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2007/12/10 08:45:27 | 00,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2007/12/10 08:45:04 | 00,069,632 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2007/12/10 08:44:51 | 00,266,240 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe -- (Sophos Agent)
SRV - [2007/12/10 08:44:47 | 00,790,528 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe -- (Sophos Message Router)
SRV - [2007/04/04 06:22:26 | 00,743,296 | ---- | M] (Faronics Corporation) -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe -- (DF5Serv)
SRV - [2006/01/19 09:22:20 | 00,049,152 | ---- | M] (Pinnacle Systems) -- c:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -- (PinnacleSys.MediaServer)
SRV - [2005/05/03 23:04:28 | 09,150,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe -- (MSSQL$PINNACLESYS)
SRV - [2005/05/03 21:50:28 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper)
SRV - [2005/05/03 20:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE -- (SQLAgent$PINNACLESYS)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/22 18:46:10 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wdfmgr.exe -- (UMWdf)
SRV - [2004/08/03 23:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINNT\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2003/03/03 10:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.garpal.wednet.eduIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft...amp;ar=iesearchIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.gatewaybiz.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn...st/srchcust.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.garpal.wednet.edu/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: (734 bytes) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {2C929DE8-0CF2-696E-B27F-C8B4563BF7F4} - No CLSID value found.
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll File not found
O4 - HKLM..\Run: [New.net Startup] C:\Program Files\NewDotNet\newdotnet7_22.dll (New.net, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = Welcome to the Gar-Pal Network --- Educational Use Only
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = Use of this network is limited to education and research and all use must be consistent with the goals of the Garfield and Palouse School Districts. Network access and Internet use is limited to those persons who have been issued district approved accounts. Use will be in accordance with the districts' Acceptable Use Procedures and Internet Code of Conduct. For more information,contact either school office. All use of this network is subject to review and/or monitoring.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\NewDotNet\newdotnet7_22.dll (New.net, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NewDotNet\newdotnet7_22.dll (New.net, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NewDotNet\newdotnet7_22.dll (New.net, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\NewDotNet\newdotnet7_22.dll (New.net, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\NewDotNet\newdotnet7_22.dll (New.net, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB (DoMoreRunExe.DoMoreRun)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9}
http://protect.micro...b?1118520135015 (MSSecurityAdvisor Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
http://by102fd.bay10...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} file://C:\Program Files\gateway\helpspot\TechTools.CAB (TechToolsActivex.TechTools)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.micros...b?1130276248593 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
http://us.games2.yim...ctl_0_0_0_1.ocx (ExentInf Class)
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB (RunExeActiveX.RunExe)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F}
http://v4.windowsupd...8112.5196064815 (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FE5D6722-826F-11D5-A24E-0060B0F1A5AE}
http://www.tukati.co...0.20/tukati.cab (Tukati Launcher)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = garpal.wednet.edu
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DfLogon: DllName - LogonDll.dll - C:\WINNT\System32\LogonDll.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/03 14:11:40 | 00,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/13 11:08:58 | 00,000,145 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4a5ff787-5e41-11db-b2d6-0007e961066d}\Shell - "" = AutoRun
O33 - MountPoints2\{4a5ff787-5e41-11db-b2d6-0007e961066d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a5ff787-5e41-11db-b2d6-0007e961066d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006/02/13 11:09:04 | 00,921,600 | R--- | M] ()
O33 - MountPoints2\{75beb8d6-acc4-11db-b2f1-0007e961066d}\Shell - "" = AutoRun
O33 - MountPoints2\{75beb8d6-acc4-11db-b2f1-0007e961066d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{75beb8d6-acc4-11db-b2f1-0007e961066d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2006/02/13 11:09:04 | 00,921,600 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (/k:C) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
========== Files/Folders - Created Within 14 Days ========== [2009/11/25 09:16:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\techaide\Application Data\U3
[2009/11/19 13:57:31 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/19 13:41:34 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2009/11/19 13:41:02 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/16 13:21:11 | 00,000,000 | ---D | C] -- C:\WINNT\pss
[2009/11/16 13:20:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\techaide\Application Data\Nvu
[2009/11/16 13:20:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\techaide\Application Data\Mozilla
[2009/11/16 13:20:21 | 00,000,000 | ---D | C] -- C:\Program Files\Nvu
[2009/11/16 13:14:00 | 00,000,000 | --SD | C] -- C:\Documents and Settings\techaide\UserData
========== Files - Modified Within 14 Days ========== [2009/11/25 09:15:58 | 01,048,576 | -H-- | M] () -- C:\Documents and Settings\techaide\NTUSER.DAT
[2009/11/25 09:12:34 | 00,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2009/11/24 14:28:00 | 00,465,578 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2009/11/24 14:28:00 | 00,398,180 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2009/11/24 14:28:00 | 00,060,380 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2009/11/24 14:23:51 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/11/24 14:23:40 | 18,610,13504 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/19 13:49:38 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\techaide\ntuser.ini
[2009/11/19 13:49:34 | 02,003,204 | -H-- | M] () -- C:\Documents and Settings\techaide\Local Settings\Application Data\IconCache.db
[2009/11/19 13:49:14 | 00,000,634 | ---- | M] () -- C:\WINNT\win.ini
[2009/11/19 13:49:14 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2009/11/19 13:49:14 | 00,000,207 | RHS- | M] () -- C:\boot.ini
[2009/11/19 13:13:35 | 00,000,605 | ---- | M] () -- C:\WINNT\QUICKEN.INI
[2009/11/16 13:20:26 | 00,000,568 | ---- | M] () -- C:\Documents and Settings\techaide\Desktop\Nvu.lnk
[2009/11/13 01:04:19 | 00,282,128 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
========== Files Created - No Company Name ========== [2009/11/16 13:20:26 | 00,000,568 | ---- | C] () -- C:\Documents and Settings\techaide\Desktop\Nvu.lnk
[2008/01/25 13:34:22 | 02,003,204 | -H-- | C] () -- C:\Documents and Settings\techaide\Local Settings\Application Data\IconCache.db
[2008/01/25 13:30:35 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\techaide\Application Data\desktop.ini
[2007/04/12 12:01:40 | 00,065,536 | ---- | C] () -- C:\WINNT\System32\LogonDll.dll
[2007/01/03 14:27:21 | 00,194,248 | ---- | C] () -- C:\WINNT\System32\LTRFD13n.DLL
[2006/12/06 13:50:51 | 00,363,520 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2006/12/06 13:50:49 | 00,733,696 | ---- | C] () -- C:\WINNT\System32\qedwipes.dll
[2006/12/06 13:50:49 | 00,562,176 | ---- | C] () -- C:\WINNT\System32\qedit.dll
[2006/12/06 13:50:48 | 00,385,024 | ---- | C] () -- C:\WINNT\System32\qdvd.dll
[2006/12/06 13:50:48 | 00,279,040 | ---- | C] () -- C:\WINNT\System32\qdv.dll
[2006/12/06 13:50:48 | 00,192,512 | ---- | C] () -- C:\WINNT\System32\qcap.dll
[2006/12/06 13:50:48 | 00,070,656 | ---- | C] () -- C:\WINNT\System32\amstream.dll
[2006/12/06 13:50:48 | 00,059,904 | ---- | C] () -- C:\WINNT\System32\devenum.dll
[2006/12/06 13:50:48 | 00,035,328 | ---- | C] () -- C:\WINNT\System32\mciqtz32.dll
[2006/12/06 13:50:48 | 00,014,336 | ---- | C] () -- C:\WINNT\System32\msdmo.dll
[2006/11/21 14:46:22 | 00,000,050 | ---- | C] () -- C:\WINNT\wwp.INI
[2006/09/01 12:19:12 | 00,001,208 | ---- | C] () -- C:\WINNT\VFO.INI
[2006/09/01 12:19:11 | 00,196,096 | ---- | C] () -- C:\WINNT\System32\macd32.dll
[2006/09/01 12:19:11 | 00,138,752 | ---- | C] () -- C:\WINNT\System32\mase32.dll
[2006/09/01 12:19:11 | 00,136,192 | ---- | C] () -- C:\WINNT\System32\mamc32.dll
[2006/09/01 12:19:11 | 00,057,856 | ---- | C] () -- C:\WINNT\System32\masd32.dll
[2006/09/01 12:19:09 | 00,027,648 | ---- | C] () -- C:\WINNT\System32\ma32.dll
[2005/11/18 13:51:26 | 00,001,368 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2005/10/24 13:15:15 | 00,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2004/05/05 11:46:04 | 00,355,112 | ---- | C] () -- C:\WINNT\System32\msjetoledb40.dll
[2003/11/12 14:48:08 | 00,000,003 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2003/10/30 15:00:42 | 00,019,968 | ---- | C] () -- C:\WINNT\System32\cpuinf32.dll
[2003/09/11 11:31:59 | 00,000,370 | ---- | C] () -- C:\WINNT\ODBC.INI
[2003/07/08 12:14:30 | 00,000,061 | ---- | C] () -- C:\WINNT\smscfg.ini
[2003/07/08 12:01:07 | 00,000,605 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2003/07/08 12:01:07 | 00,000,052 | ---- | C] () -- C:\WINNT\intuprof.ini
[2003/07/08 11:59:13 | 00,000,701 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI
[2003/05/30 08:00:02 | 01,290,752 | ---- | C] () -- C:\WINNT\System32\quartz.dll
[2003/05/12 07:57:34 | 00,000,781 | ---- | C] () -- C:\WINNT\orun32.ini
[2003/05/12 07:32:50 | 00,000,000 | ---- | C] () -- C:\WINNT\control.ini
[2003/05/12 07:27:51 | 00,000,037 | ---- | C] () -- C:\WINNT\vbaddin.ini
[2003/05/12 07:27:51 | 00,000,036 | ---- | C] () -- C:\WINNT\vb.ini
[2003/05/12 07:27:04 | 00,013,223 | ---- | C] () -- C:\WINNT\System32\tslabels.ini
[2003/05/12 07:27:03 | 00,001,931 | ---- | C] () -- C:\WINNT\System32\msdtcprf.ini
[2003/05/12 07:22:09 | 00,465,578 | ---- | C] () -- C:\WINNT\System32\PerfStringBackup.INI
[2003/05/12 07:22:08 | 00,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2003/05/12 07:21:44 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2002/11/26 11:15:52 | 00,186,368 | ---- | C] () -- C:\WINNT\System32\encdec.dll
[2002/11/26 11:15:50 | 00,270,848 | ---- | C] () -- C:\WINNT\System32\sbe.dll
[2001/08/17 19:36:28 | 00,157,696 | ---- | C] () -- C:\WINNT\System32\paqsp.dll
[1979/12/31 21:00:00 | 01,015,477 | ---- | C] () -- C:\WINNT\System32\esentprf.ini
[1979/12/31 21:00:00 | 00,498,742 | ---- | C] () -- C:\WINNT\System32\dxmasf.dll
[1979/12/31 21:00:00 | 00,252,928 | ---- | C] () -- C:\WINNT\System32\compatui.dll
[1979/12/31 21:00:00 | 00,199,168 | ---- | C] () -- C:\WINNT\System32\ir32_32.dll
[1979/12/31 21:00:00 | 00,126,976 | ---- | C] () -- C:\WINNT\System32\e1000msg.dll
[1979/12/31 21:00:00 | 00,094,282 | ---- | C] () -- C:\WINNT\System32\msencode.dll
[1979/12/31 21:00:00 | 00,053,478 | ---- | C] () -- C:\WINNT\System32\tcpmon.ini
[1979/12/31 21:00:00 | 00,042,809 | ---- | C] () -- C:\WINNT\System32\key01.sys
[1979/12/31 21:00:00 | 00,042,537 | ---- | C] () -- C:\WINNT\System32\keyboard.sys
[1979/12/31 21:00:00 | 00,035,648 | ---- | C] () -- C:\WINNT\System32\ntio411.sys
[1979/12/31 21:00:00 | 00,035,424 | ---- | C] () -- C:\WINNT\System32\ntio412.sys
[1979/12/31 21:00:00 | 00,034,560 | ---- | C] () -- C:\WINNT\System32\ntio804.sys
[1979/12/31 21:00:00 | 00,034,560 | ---- | C] () -- C:\WINNT\System32\ntio404.sys
[1979/12/31 21:00:00 | 00,033,840 | ---- | C] () -- C:\WINNT\System32\ntio.sys
[1979/12/31 21:00:00 | 00,029,370 | ---- | C] () -- C:\WINNT\System32\ntdos411.sys
[1979/12/31 21:00:00 | 00,029,274 | ---- | C] () -- C:\WINNT\System32\ntdos412.sys
[1979/12/31 21:00:00 | 00,029,146 | ---- | C] () -- C:\WINNT\System32\ntdos804.sys
[1979/12/31 21:00:00 | 00,029,146 | ---- | C] () -- C:\WINNT\System32\ntdos404.sys
[1979/12/31 21:00:00 | 00,027,866 | ---- | C] () -- C:\WINNT\System32\ntdos.sys
[1979/12/31 21:00:00 | 00,027,097 | ---- | C] () -- C:\WINNT\System32\country.sys
[1979/12/31 21:00:00 | 00,015,360 | ---- | C] () -- C:\WINNT\System32\tsd32.dll
[1979/12/31 21:00:00 | 00,013,312 | ---- | C] () -- C:\WINNT\System32\win87em.dll
[1979/12/31 21:00:00 | 00,012,082 | ---- | C] () -- C:\WINNT\System32\rsvp.ini
[1979/12/31 21:00:00 | 00,010,240 | ---- | C] () -- C:\WINNT\System32\scriptpw.dll
[1979/12/31 21:00:00 | 00,010,110 | ---- | C] () -- C:\WINNT\System32\mqperf.ini
[1979/12/31 21:00:00 | 00,009,029 | ---- | C] () -- C:\WINNT\System32\ansi.sys
[1979/12/31 21:00:00 | 00,006,877 | ---- | C] () -- C:\WINNT\System32\pschdprf.ini
[1979/12/31 21:00:00 | 00,004,768 | ---- | C] () -- C:\WINNT\System32\himem.sys
[1979/12/31 21:00:00 | 00,004,126 | ---- | C] () -- C:\WINNT\System32\msdxmlc.dll
[1979/12/31 21:00:00 | 00,003,458 | ---- | C] () -- C:\WINNT\System32\rasctrs.ini
[1979/12/31 21:00:00 | 00,002,891 | ---- | C] () -- C:\WINNT\System32\perfci.ini
[1979/12/31 21:00:00 | 00,002,732 | ---- | C] () -- C:\WINNT\System32\perfwci.ini
[1979/12/31 21:00:00 | 00,002,656 | ---- | C] () -- C:\WINNT\System32\netware.drv
[1979/12/31 21:00:00 | 00,001,405 | ---- | C] () -- C:\WINNT\msdfmap.ini
[1979/12/31 21:00:00 | 00,001,152 | ---- | C] () -- C:\WINNT\System32\perffilt.ini
[1979/12/31 21:00:00 | 00,000,634 | ---- | C] () -- C:\WINNT\win.ini
[1979/12/31 21:00:00 | 00,000,343 | ---- | C] () -- C:\WINNT\System32\prodspec.ini
[1979/12/31 21:00:00 | 00,000,227 | ---- | C] () -- C:\WINNT\system.ini
========== LOP Check ========== [2009/11/24 14:25:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2005/12/16 14:01:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2005/11/18 14:37:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2005/12/16 14:10:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2006/09/05 12:53:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/10/27 12:47:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrovision
[2005/09/27 13:32:37 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2003/07/08 12:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 5.0.0527
[2005/10/26 13:17:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2007/01/03 14:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2007/01/03 14:39:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2003/05/12 07:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/12/21 01:05:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2005/09/26 14:11:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2003/08/11 14:01:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2006/03/09 14:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
[2005/11/04 13:52:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2003/07/08 12:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\techaide\Application Data\Adobe
[2009/11/19 13:07:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\techaide\Application Data\Google
[2003/05/12 07:39:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\techaide\Application Data\Identities
[2003/07/08 12:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\techaide\Application Data\InterTrust
[2009/11/16 13:22:32 | 00,000,000 | --SD | M] -- C:\Documents and Settings\techaide\Application Data\Microsoft
[2009/11/16 13:20:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\techaide\Application Data\Mozilla
[2009/11/16 13:20:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\techaide\Application Data\Nvu
[2008/01/25 13:31:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\techaide\Application Data\Real
[2003/07/08 12:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\techaide\Application Data\Symantec
[2009/11/25 09:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\techaide\Application Data\U3
[2002/08/29 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2003/08/11 13:43:14 | 00,000,254 | ---- | M] () -- C:\WINNT\Tasks\ISP signup reminder 1.job
[2003/08/11 13:43:14 | 00,000,254 | ---- | M] () -- C:\WINNT\Tasks\ISP signup reminder 2.job
[2003/08/11 13:43:15 | 00,000,254 | ---- | M] () -- C:\WINNT\Tasks\ISP signup reminder 3.job
[2009/11/24 14:23:51 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < %SYSTEMDRIVE%\eventlog.dll /s /md5 >[2002/08/29 03:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\WINNT\$NtServicePackUninstall$\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/03 23:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINNT\system32\eventlog.dll
< %SYSTEMDRIVE%\scecli.dll /s /md5 >[2002/08/29 03:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\WINNT\$NtServicePackUninstall$\scecli.dll
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
[2004/08/03 23:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINNT\system32\scecli.dll
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINNT\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 10:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINNT\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2002/08/29 03:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\WINNT\$NtServicePackUninstall$\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2004/08/03 23:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINNT\system32\netlogon.dll
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 >[2003/03/20 21:00:00 | 00,201,088 | ---- | M] (Intel Corporation) MD5=18E3972D9632485D80D609D4674F9D83 -- C:\OEMDRVRS\iaStor.sys
[2003/03/20 21:00:00 | 00,201,088 | ---- | M] (Intel Corporation) MD5=18E3972D9632485D80D609D4674F9D83 -- C:\WINNT\system32\drivers\iaStor.sys
< %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 >[2002/10/24 12:59:48 | 00,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\WINNT\$NtServicePackUninstall$\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2004/08/03 21:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINNT\system32\drivers\atapi.sys
[2002/08/28 22:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINNT\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2002/08/28 22:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINNT\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 >[2001/08/17 10:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\WINNT\$NtServicePackUninstall$\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
[2004/08/03 22:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINNT\system32\drivers\agp440.sys
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < %SYSTEMDRIVE%\comres.dll /s /md5 >[2002/08/29 03:00:00 | 00,792,064 | ---- | M] (Microsoft Corporation) MD5=1F51839ECCF908FD86558198909262E4 -- C:\WINNT\$NtServicePackUninstall$\comres.dll
[2004/08/03 23:56:41 | 00,792,064 | ---- | M] (Microsoft Corporation) MD5=6728270CB7DBB776ED086F5AC4C82310 -- C:\WINNT\ServicePackFiles\i386\comres.dll
[2008/04/13 16:11:51 | 00,792,064 | ---- | M] (Microsoft Corporation) MD5=1280A158C722FA95A80FB7AEBE78FA7D -- C:\WINNT\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\comres.dll
[2004/08/03 23:56:41 | 00,792,064 | ---- | M] (Microsoft Corporation) MD5=6728270CB7DBB776ED086F5AC4C82310 -- C:\WINNT\system32\comres.dll
< End of report >