Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 2000 server malware symptoms


  • Please log in to reply

#1
wigwammer

wigwammer

    New Member

  • Member
  • Pip
  • 1 posts
Hi,

I have a windows 2000 advanced server. It is running an erp system and we want to move this to a newer better protected server. When the system was installed we were advised not to put virus checking software on it as it would interfere with the erp system. The symptoms this machine is exhibiting are: while logged in as local administrator if I try to run task manager or registry editing I am told these have been disabled by our administrator. I can access the command line. The machine is on a domain but I do not want to log in as domain administrator in case this will cause a spread of infection. The machine has been running slow. Also another machine on the network running Mcafee is detecting issues with this machine in shared folders showing the activity as being W32/Sality.gen.e. I have also tried to install McAfee Virus Scan but got a message that McTaskManager (or something like that) could not be run because I did not have sufficient privileges to start or stop services. I have run rkill and it did stop a number of processes.

I would like to get this machine cleaned so that I can transfer the data over to the newer machine I have tested this but the copy was prevented by the virus scanner on the destination machine. All help would be greatly appreciated.

I have run OTL and the output is shown below:

OTL logfile created on: 4/28/2011 10:37:15 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Advanced Server Edition Service Pack 4 (Version = 5.0.2195) - Type = NTServer
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 8.01 Gb Total Space | 1.91 Gb Free Space | 23.92% Space Free | Partition Type: NTFS
Drive D: | 8.82 Gb Total Space | 6.60 Gb Free Space | 74.81% Space Free | Partition Type: NTFS
Drive E: | 272.95 Gb Total Space | 143.14 Gb Free Space | 52.44% Space Free | Partition Type: NTFS
Drive G: | 499.99 Gb Total Space | 70.66 Gb Free Space | 14.13% Space Free | Partition Type: NTFS

Computer Name: GMIL_ERP | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/28 10:04:39 | 000,012,970 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\winsrin.exe
PRC - [2011/04/19 09:58:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/08/25 16:00:00 | 000,218,432 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/03/13 11:33:53 | 000,252,928 | ---- | M] (Datagram Consulting) -- C:\Program Files\Datagram\SyslogAgent\SyslogAgent.exe
PRC - [2006/09/28 11:48:54 | 000,710,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
PRC - [2005/11/23 11:04:10 | 000,245,810 | ---- | M] (IBM Corporation) -- e:\usr\ud61\bin\sbcs.exe
PRC - [2005/11/23 11:04:10 | 000,221,233 | ---- | M] (IBM Corporation) -- e:\usr\ud61\bin\smm.exe
PRC - [2005/11/23 11:04:10 | 000,139,320 | ---- | M] (IBM Corporation) -- e:\usr\ud61\bin\startudsrv.exe
PRC - [2005/11/23 11:04:10 | 000,036,912 | ---- | M] (IBM Corporation) -- e:\usr\ud61\bin\udt.exe
PRC - [2005/11/23 11:04:08 | 000,266,294 | ---- | M] (IBM Corporation) -- e:\usr\ud61\bin\cleanupd.exe
PRC - [2005/11/23 11:04:08 | 000,045,109 | ---- | M] (IBM Corporation) -- e:\usr\ud61\unishared\unirpc\unirpcd.exe
PRC - [2005/11/23 11:04:06 | 000,311,347 | ---- | M] (IBM Corporation) -- e:\usr\ud61\bin\udnfa.exe
PRC - [2005/11/23 11:04:06 | 000,114,688 | ---- | M] (IBM Corporation) -- e:\usr\ud61\bin\udinetd.exe
PRC - [2005/11/23 11:04:06 | 000,069,686 | ---- | M] (IBM Corporation) -- e:\usr\ud61\bin\udserial.exe
PRC - [2005/11/23 11:04:06 | 000,041,015 | ---- | M] (IBM Corporation) -- e:\usr\ud61\bin\udtelnetd.exe
PRC - [2005/09/08 10:50:06 | 000,385,024 | ---- | M] () -- C:\Program Files\Dell\OpenManage\oldiags\vendor\pcdoctor\bin\diagorb.exe
PRC - [2005/09/08 10:45:48 | 000,036,864 | ---- | M] (Dell Computer Corporation) -- C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe
PRC - [2004/11/10 01:55:16 | 000,223,320 | ---- | M] (VERITAS Software Corporation) -- C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
PRC - [2004/06/20 20:45:28 | 000,630,854 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe
PRC - [2003/12/08 11:31:48 | 000,073,728 | ---- | M] () -- E:\ROI\C.OBJ.7.2\ROIRedBackUtilitySvc.exe
PRC - [2003/06/19 13:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/06/19 13:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe
PRC - [2003/06/19 13:05:04 | 000,142,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\termsrv.exe
PRC - [2003/06/19 13:05:04 | 000,119,568 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
PRC - [2003/06/19 13:05:04 | 000,090,896 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\dfssvc.exe
PRC - [2003/06/19 13:05:04 | 000,083,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\LLSSRV.EXE
PRC - [2003/06/19 13:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
PRC - [2003/06/19 13:05:04 | 000,014,608 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\inetsrv\inetinfo.exe
PRC - [2002/10/11 09:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2002/08/08 17:06:12 | 000,049,936 | ---- | M] (VERITAS Software Corp.) -- C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
PRC - [2002/07/30 00:55:28 | 000,086,016 | ---- | M] (Dell Computer Corporation.) -- C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe
PRC - [2002/07/30 00:13:02 | 000,065,536 | ---- | M] (Dell Computer Corporation.) -- C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe
PRC - [2002/07/09 17:16:10 | 001,417,271 | ---- | M] () -- E:\VSIFAX\lbin\vxmld.exe
PRC - [2002/07/09 17:15:56 | 000,577,591 | ---- | M] () -- E:\VSIFAX\lbin\vpopd.exe
PRC - [2002/07/09 17:15:16 | 001,470,523 | ---- | M] () -- E:\VSIFAX\lbin\vadmind.exe
PRC - [2002/07/09 17:15:12 | 001,265,725 | ---- | M] () -- E:\VSIFAX\lbin\vnetfax.exe
PRC - [2002/07/09 17:15:04 | 000,823,358 | ---- | M] () -- E:\VSIFAX\lbin\vgsched.exe
PRC - [2002/07/09 17:15:02 | 000,675,902 | ---- | M] () -- E:\VSIFAX\bin\vrsched.exe
PRC - [2002/07/09 17:12:34 | 000,757,816 | ---- | M] () -- E:\VSIFAX\lbin\sm-fim.exe
PRC - [2002/07/09 17:12:30 | 000,651,320 | ---- | M] () -- E:\VSIFAX\lbin\lb-fim.exe
PRC - [2002/06/19 12:34:08 | 000,163,840 | ---- | M] (IBM Corp.) -- e:\usr\Redback\UDServer\redback\rgw\bin\rgwsched.exe
PRC - [2002/06/14 11:03:34 | 000,057,344 | ---- | M] () -- C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
PRC - [2002/04/25 18:11:54 | 000,290,816 | ---- | M] (DataFocus, Inc.) -- E:\Program Files\MKS Toolkit\bin\secshd.exe
PRC - [2002/04/17 16:44:22 | 000,301,820 | ---- | M] (DataFocus, Inc.) -- C:\WINNT\system32\nutsrv4.exe
PRC - [2002/04/16 17:48:14 | 000,114,688 | ---- | M] (Mortice Kern Systems Inc.) -- C:\WINNT\system32\mksauth.exe
PRC - [2002/04/16 17:28:30 | 000,131,072 | ---- | M] (Mortice Kern Systems Inc.) -- E:\Program Files\MKS Toolkit\mksnt\rshd.exe
PRC - [2002/04/16 17:28:30 | 000,118,784 | ---- | M] (Mortice Kern Systems Inc.) -- E:\Program Files\MKS Toolkit\mksnt\rexecd.exe
PRC - [2002/04/16 11:11:16 | 000,106,496 | ---- | M] (Broadcom Corporation) -- C:\WINNT\system32\BacsTray.exe
PRC - [2000/09/05 16:57:10 | 000,249,856 | ---- | M] (ATI Technologies, Inc.) -- C:\WINNT\system32\atiptaxx.exe
PRC - [2000/05/31 14:27:30 | 000,031,744 | ---- | M] () -- C:\Program Files\Dell\OpenManage\ihv\CIO\iomrpcev.exe
PRC - [2000/05/31 14:27:10 | 000,041,472 | ---- | M] () -- C:\Program Files\Dell\OpenManage\ihv\CIO\iomrpccm.exe
PRC - [2000/05/31 14:26:44 | 000,078,848 | ---- | M] () -- C:\Program Files\Dell\OpenManage\ihv\CIO\cionotifier.exe
PRC - [2000/05/31 14:26:32 | 000,488,448 | ---- | M] (Adaptec, Inc.) -- C:\Program Files\Dell\OpenManage\ihv\CIO\iomgr.exe
PRC - [2000/01/19 17:10:36 | 000,053,248 | ---- | M] () -- C:\WINNT\system32\ati2plxx.exe
PRC - [1998/09/24 16:01:22 | 000,053,248 | ---- | M] () -- E:\ROI\C.OBJ.7.2\ROIAuthSvc.exe
PRC - [1996/08/02 07:41:36 | 000,017,920 | ---- | M] () -- C:\Program Files\Dell\OpenManage\ihv\CIO\portserv.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 09:58:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2004/06/20 20:27:34 | 000,086,088 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\vnchooks.dll
MOD - [2003/06/19 13:05:04 | 000,021,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
MOD - [2003/06/19 13:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
MOD - [2001/05/08 13:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (ROIUdtSvc)
SRV - File not found [Disabled | Stopped] -- -- (ROIPipeSvc)
SRV - File not found [Disabled | Stopped] -- -- (ROIMQT9735)
SRV - File not found [Disabled | Stopped] -- -- (ROIMQT9734)
SRV - [2009/08/25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/03/13 11:33:53 | 000,252,928 | ---- | M] (Datagram Consulting) [Auto | Running] -- C:\Program Files\Datagram\SyslogAgent\SyslogAgent.exe -- (Syslog Agent)
SRV - [2006/09/28 11:48:54 | 000,710,784 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe -- (BackupExecAgentAccelerator)
SRV - [2005/11/23 11:04:10 | 000,139,320 | ---- | M] (IBM Corporation) [Auto | Running] -- e:\usr\ud61\bin\startudsrv.exe -- (UDDBMS6.1)
SRV - [2005/11/23 11:04:08 | 000,045,109 | ---- | M] (IBM Corporation) [Auto | Running] -- e:\usr\ud61\unishared\unirpc\unirpcd.exe -- (unirpc)
SRV - [2005/11/23 11:04:06 | 000,311,347 | ---- | M] (IBM Corporation) [Auto | Running] -- e:\usr\ud61\bin\udnfa.exe -- (UDNFA6.1)
SRV - [2005/11/23 11:04:06 | 000,114,688 | ---- | M] (IBM Corporation) [Auto | Running] -- e:\usr\ud61\bin\udinetd.exe -- (UDInetD6.1)
SRV - [2005/11/23 11:04:06 | 000,069,686 | ---- | M] (IBM Corporation) [Auto | Running] -- e:\usr\ud61\bin\udserial.exe -- (UDSerial6.1)
SRV - [2005/11/23 11:04:06 | 000,041,015 | ---- | M] (IBM Corporation) [Auto | Running] -- e:\usr\ud61\bin\udtelnetd.exe -- (UDTelnetD6.1)
SRV - [2005/09/08 10:45:48 | 000,036,864 | ---- | M] (Dell Computer Corporation) [Auto | Running] -- C:\Program Files\Dell\OpenManage\iws\bin\win32\omaws32.exe -- (Server Administrator)
SRV - [2004/06/20 20:45:28 | 000,630,854 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\WinVNC.exe -- (winvnc)
SRV - [2003/12/08 11:31:48 | 000,073,728 | ---- | M] () [Auto | Running] -- E:\ROI\C.OBJ.7.2\ROIRedBackUtilitySvc.exe -- (ROIRedBackUtilitySvc)
SRV - [2003/06/19 13:05:04 | 000,745,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\ntfrs.exe -- (NtFrs)
SRV - [2003/06/19 13:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
SRV - [2003/06/19 13:05:04 | 000,142,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\termsrv.exe -- (TermService)
SRV - [2003/06/19 13:05:04 | 000,119,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/06/19 13:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
SRV - [2003/06/19 13:05:04 | 000,090,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\dfssvc.exe -- (Dfs)
SRV - [2003/06/19 13:05:04 | 000,083,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\LLSSRV.EXE -- (LicenseService)
SRV - [2003/06/19 13:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/19 13:05:04 | 000,025,872 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\ismserv.exe -- (IsmServ)
SRV - [2003/06/19 13:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/06/19 13:05:04 | 000,014,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2003/06/19 13:05:04 | 000,014,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transport Protocol (SMTP)
SRV - [2003/06/19 13:05:04 | 000,014,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (MSFTPSVC)
SRV - [2003/06/19 13:05:04 | 000,014,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2003/03/19 07:51:03 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Packages\Debugger\dbgproxy.exe -- (DbgProxy)
SRV - [2002/08/08 17:06:12 | 000,049,936 | ---- | M] (VERITAS Software Corp.) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe -- (VxSvc)
SRV - [2002/07/30 00:55:28 | 000,086,016 | ---- | M] (Dell Computer Corporation.) [Auto | Running] -- C:\Program Files\Dell\OpenManage\OMSA\bin\dcevt32.exe -- (dcevt32)
SRV - [2002/07/30 00:13:02 | 000,065,536 | ---- | M] (Dell Computer Corporation.) [Auto | Running] -- C:\Program Files\Dell\OpenManage\OMSA\bin\dcstor32.exe -- (dcstor32)
SRV - [2002/07/09 17:15:16 | 001,470,523 | ---- | M] () [Auto | Running] -- E:\VSIFAX\lbin\vadmind.exe -- (VsifaxAdmin)
SRV - [2002/07/09 17:15:02 | 000,675,902 | ---- | M] () [Auto | Running] -- E:\VSIFAX\bin\vrsched.exe -- (VsifaxServer)
SRV - [2002/06/19 12:34:08 | 000,163,840 | ---- | M] (IBM Corp.) [Auto | Running] -- e:\usr\Redback\UDServer\redback\rgw\bin\rgwsched.exe -- (RedBackUDSched413)
SRV - [2002/06/14 11:03:34 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe -- (mr2kserv)
SRV - [2002/04/25 18:11:54 | 000,290,816 | ---- | M] (DataFocus, Inc.) [Auto | Running] -- E:\Program Files\MKS Toolkit\bin\secshd.exe -- (MKSSecureSH)
SRV - [2002/04/17 17:38:30 | 000,073,728 | ---- | M] (DataFocus, Inc.) [On_Demand | Stopped] -- C:\WINNT\system32\telnetd.exe -- (MKSTelnetd)
SRV - [2002/04/17 16:44:22 | 000,301,820 | ---- | M] (DataFocus, Inc.) [Auto | Running] -- C:\WINNT\system32\nutsrv4.exe -- (NuTCRACKERService)
SRV - [2002/04/16 17:48:14 | 000,114,688 | ---- | M] (Mortice Kern Systems Inc.) [Auto | Running] -- C:\WINNT\system32\mksauth.exe -- (MKSAUTH)
SRV - [2002/04/16 17:28:30 | 000,131,072 | ---- | M] (Mortice Kern Systems Inc.) [Auto | Running] -- E:\Program Files\MKS Toolkit\mksnt\rshd.exe -- (RSHD)
SRV - [2002/04/16 17:28:30 | 000,118,784 | ---- | M] (Mortice Kern Systems Inc.) [Auto | Running] -- E:\Program Files\MKS Toolkit\mksnt\rexecd.exe -- (REXECD)
SRV - [2000/05/31 14:27:30 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\OpenManage\ihv\CIO\iomrpcev.exe -- (CIOArrayManager RPC Event)
SRV - [2000/05/31 14:27:10 | 000,041,472 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\OpenManage\ihv\CIO\iomrpccm.exe -- (CIOArrayManager RPC Command)
SRV - [2000/05/31 14:26:44 | 000,078,848 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\OpenManage\ihv\CIO\cionotifier.exe -- (CIOEventNotifier)
SRV - [2000/05/31 14:26:32 | 000,488,448 | ---- | M] (Adaptec, Inc.) [Auto | Running] -- C:\Program Files\Dell\OpenManage\ihv\CIO\iomgr.exe -- (CIOArrayManagement)
SRV - [2000/01/19 17:10:36 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINNT\system32\ati2plxx.exe -- (Ati HotKey Poller)
SRV - [1998/09/24 16:01:22 | 000,053,248 | ---- | M] () [Auto | Running] -- E:\ROI\C.OBJ.7.2\ROIAuthSvc.exe -- (ROIAuthSvc)
SRV - [1996/08/02 07:41:36 | 000,017,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\OpenManage\ihv\CIO\portserv.exe -- (NobleNet Portmapper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (amsint32)
DRV - [2006/05/04 17:16:00 | 000,051,896 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\vsp.sys -- (VSP)
DRV - [2005/09/08 10:50:28 | 000,044,192 | ---- | M] (PC-Doctor Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\System32\drivers\PcdrNt.sys -- (PcdrNt)
DRV - [2003/06/19 13:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/06/19 13:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/19 13:05:04 | 000,074,448 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINNT\system32\drivers\Dfs.sys -- (DfsDriver)
DRV - [2003/06/19 13:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINNT\System32\drivers\parallel.sys -- (Parallel)
DRV - [2003/06/19 13:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)
DRV - [2003/06/19 13:05:04 | 000,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)
DRV - [2003/06/19 13:05:04 | 000,020,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\tdipx.sys -- (TDIPX)
DRV - [2003/06/19 13:05:04 | 000,018,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\tdnetb.sys -- (TDNETB)
DRV - [2003/06/19 13:05:04 | 000,018,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\tdspx.sys -- (TDSPX)
DRV - [2003/06/19 13:05:04 | 000,012,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\tdasync.sys -- (TDASYNC)
DRV - [2003/06/19 13:05:04 | 000,010,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\4mmdat.sys -- (4mmdat)
DRV - [2003/06/19 13:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/19 13:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmload.sys -- (dmload)
DRV - [2003/05/30 11:17:18 | 000,022,528 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\mraid2k.sys -- (mraid2k)
DRV - [2003/04/17 18:36:38 | 000,105,059 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\b57w2k.sys -- (b57w2k)
DRV - [2002/08/08 17:07:14 | 000,382,704 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Stopped] -- C:\WINNT\System32\drivers\vxboot.sys -- (vxboot)
DRV - [2002/08/08 17:07:10 | 000,164,016 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\vxio.sys -- (vxio)
DRV - [2002/07/30 00:04:04 | 000,066,500 | R--- | M] (Dell Computer Corporation.) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\dcesm.sys -- (dcesm)
DRV - [2002/07/15 12:00:12 | 000,064,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\afamgt.sys -- (afamgt)
DRV - [2001/10/16 08:17:14 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2001/05/08 13:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [2001/05/08 13:00:00 | 000,012,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\System32\drivers\spud.sys -- (spud)
DRV - [2001/05/08 13:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2000/09/26 17:11:00 | 000,264,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mpad.sys -- (ati2mpad)
DRV - [1998/11/12 12:06:00 | 000,025,920 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2001/05/08 13:00:00 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O4 - HKLM..\Run: [ATIPTA] C:\WINNT\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [bacstray] C:\WINNT\System32\BacsTray.exe (Broadcom Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NuTCSetupEnviron] E:\Program Files\MKS Toolkit\bin\ncoeenv.exe ()
O4 - HKLM..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe (VERITAS Software Corporation)
O4 - HKLM..\Run: [WinVNC] C:\Program Files\UltraVNC\WinVNC.exe (UltraVNC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\nutafun4.dll (DataFocus, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\nutafun4.dll (DataFocus, Inc.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gmil.ie
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/09 12:43:49 | 000,000,378 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/02/09 12:43:49 | 000,000,252 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/02/09 12:43:49 | 000,000,329 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/22 13:17:49 | 000,000,000 | ---D | M] - G:\AUTOCHIM -- [ NTFS ]
O32 - AutoRun File - [2011/02/09 12:43:49 | 000,000,000 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (DfsInit) - C:\WINNT\System32\DfsInit.exe (Microsoft Corporation)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 09:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2011/04/28 09:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/04/28 09:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/04/28 09:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\MVS87Clients
[2011/04/19 09:58:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/07 21:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MVS87Clients
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/28 10:00:11 | 000,000,420 | ---- | M] () -- C:\WINNT\tasks\copy.job
[2011/04/28 09:54:17 | 000,743,330 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2011/04/28 09:05:20 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rk-proxy.reg
[2011/04/28 09:02:00 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2011/04/27 23:01:04 | 000,000,162 | ---- | M] () -- C:\WINNT\hpbafd.ini
[2011/04/27 22:02:30 | 000,000,758 | ---- | M] () -- C:\WINNT\tasks\Wednesday.job
[2011/04/26 22:02:25 | 000,000,746 | ---- | M] () -- C:\WINNT\tasks\Tuesday.job
[2011/04/25 22:02:24 | 000,000,740 | ---- | M] () -- C:\WINNT\tasks\Monday.job
[2011/04/21 22:02:25 | 000,000,752 | ---- | M] () -- C:\WINNT\tasks\Thursday.job
[2011/04/19 09:58:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/28 09:05:20 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rk-proxy.reg
[2011/04/28 09:02:00 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2011/03/15 13:40:13 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_630.dat
[2011/03/02 13:35:33 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_634.dat
[2011/02/22 11:21:58 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_628.dat
[2010/12/02 04:43:28 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_6a4.dat
[2010/11/08 17:42:15 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2010/08/27 14:56:56 | 000,116,224 | ---- | C] () -- C:\WINNT\System32\pdfcmnnt.dll
[2010/07/08 15:34:29 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_6a8.dat
[2009/05/18 08:18:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_698.dat
[2009/05/15 18:06:00 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_674.dat
[2009/04/20 21:55:46 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_668.dat
[2009/04/08 21:11:49 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_660.dat
[2009/02/26 18:29:20 | 000,000,000 | ---- | C] () -- C:\WINNT\HPMProp.INI
[2009/02/03 15:23:01 | 000,000,685 | R--- | C] () -- C:\WINNT\System32\hppapr08.dat
[2008/09/02 14:02:21 | 000,208,896 | ---- | C] () -- C:\WINNT\System32\hppapr01.dll
[2008/09/02 14:02:21 | 000,000,508 | ---- | C] () -- C:\WINNT\System32\hppapr01.dat
[2008/08/07 08:57:16 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_690.dat
[2008/05/28 19:12:44 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_69c.dat
[2008/05/28 18:43:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_6b0.dat
[2008/05/27 23:15:22 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_6ac.dat
[2008/05/01 22:11:56 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_6a0.dat
[2008/04/21 18:06:13 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_68c.dat
[2008/04/19 10:18:17 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_644.dat
[2008/04/19 03:05:58 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_694.dat
[2008/04/18 19:28:17 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_6c0.dat
[2008/02/07 18:40:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_1f38.dat
[2007/05/31 09:41:50 | 000,241,664 | ---- | C] () -- C:\WINNT\System32\hppapr04.DLL
[2007/05/31 09:41:50 | 000,000,526 | ---- | C] () -- C:\WINNT\System32\hppapr04.DAT
[2006/09/21 00:23:28 | 000,000,142 | ---- | C] () -- C:\WINNT\wMailTo.ini
[2006/06/28 12:15:01 | 000,000,379 | ---- | C] () -- C:\WINNT\wsendmail.ini
[2006/06/28 11:36:45 | 000,000,754 | ---- | C] () -- C:\WINNT\WORDPAD.INI
[2005/09/08 10:50:28 | 000,081,920 | ---- | C] () -- C:\WINNT\System32\qntmdelldiag.dll
[2005/09/08 10:50:28 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\lto_diag.dll
[2005/09/08 10:50:28 | 000,024,576 | ---- | C] () -- C:\WINNT\System32\seagatetapediag.dll
[2005/09/08 10:45:48 | 000,001,994 | ---- | C] () -- C:\WINNT\OMAWebserver.ini
[2005/09/08 10:45:23 | 000,005,025 | ---- | C] () -- C:\WINNT\System32\patterns.dat
[2005/05/03 16:27:06 | 000,051,304 | ---- | C] () -- C:\WINNT\System32\drivers\atnt40k.sys
[2005/01/27 14:44:34 | 000,000,000 | ---- | C] () -- C:\WINNT\confprod.INI
[2004/03/19 17:44:12 | 000,017,168 | ---- | C] () -- C:\WINNT\System32\ismsink.dll
[2003/06/06 10:31:03 | 000,000,067 | ---- | C] () -- C:\WINNT\wininit.ini
[2003/05/01 10:25:57 | 000,024,576 | ---- | C] () -- C:\WINNT\System32\javaw.exe
[2003/05/01 10:25:57 | 000,024,064 | ---- | C] () -- C:\WINNT\System32\java.exe
[2003/05/01 10:25:56 | 000,056,832 | ---- | C] () -- C:\WINNT\System32\ActPanel.dll
[2003/05/01 10:25:36 | 000,000,245 | ---- | C] () -- C:\WINNT\ODBC.INI
[2003/04/19 20:29:35 | 000,000,162 | ---- | C] () -- C:\WINNT\hpbafd.ini
[2003/04/01 07:53:06 | 000,061,440 | ---- | C] () -- C:\WINNT\System32\wSendmail.exe
[2002/10/15 21:22:33 | 000,365,568 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2002/10/15 21:22:33 | 000,152,576 | ---- | C] () -- C:\WINNT\System32\qasf.dll
[2002/08/01 11:19:24 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2002/08/01 11:18:31 | 000,000,000 | ---- | C] () -- C:\WINNT\frontpg.ini
[2002/08/01 11:17:03 | 000,014,996 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2002/08/01 06:12:54 | 000,038,523 | ---- | C] () -- C:\WINNT\System32\w3ctrs.ini
[2002/08/01 06:12:54 | 000,009,584 | ---- | C] () -- C:\WINNT\System32\axperf.ini
[2002/08/01 06:12:54 | 000,007,854 | ---- | C] () -- C:\WINNT\System32\ftpctrs.ini
[2002/08/01 06:12:53 | 000,011,355 | ---- | C] () -- C:\WINNT\System32\infoctrs.ini
[2002/08/01 06:12:41 | 000,021,789 | ---- | C] () -- C:\WINNT\System32\smtpctrs.ini
[2002/08/01 06:12:41 | 000,001,037 | ---- | C] () -- C:\WINNT\System32\ntfsdrct.ini
[2002/08/01 06:05:39 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2002/08/01 06:04:59 | 000,076,760 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2002/07/30 00:54:56 | 000,102,400 | ---- | C] () -- C:\WINNT\dcuncim.exe
[2002/05/03 16:40:32 | 000,094,274 | ---- | C] () -- C:\WINNT\System32\HPBHEALR.DLL
[2002/04/25 18:22:28 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\TKUninstall.exe
[2002/04/17 16:49:54 | 000,106,610 | ---- | C] () -- C:\WINNT\System32\nutsh4.DLL
[2001/04/23 13:37:36 | 000,303,104 | R--- | C] () -- C:\WINNT\System32\I3TIF32.DLL
[2001/04/23 13:37:36 | 000,229,376 | ---- | C] () -- C:\WINNT\System32\ISP2000.dll
[1999/09/25 11:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 11:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1998/03/10 01:00:00 | 000,042,496 | ---- | C] () -- C:\WINNT\ttuninst.exe
[1980/01/01 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[1980/01/01 01:00:00 | 000,363,392 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[1980/01/01 01:00:00 | 000,272,492 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[1980/01/01 01:00:00 | 000,217,359 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[1980/01/01 01:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[1980/01/01 01:00:00 | 000,133,752 | ---- | C] () -- C:\WINNT\System32\schema.ini
[1980/01/01 01:00:00 | 000,059,840 | ---- | C] () -- C:\WINNT\System32\drivers\atinrvxx.sys
[1980/01/01 01:00:00 | 000,059,036 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[1980/01/01 01:00:00 | 000,058,416 | ---- | C] () -- C:\WINNT\System32\drivers\atinbtxx.sys
[1980/01/01 01:00:00 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\ati2plxx.exe
[1980/01/01 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[1980/01/01 01:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[1980/01/01 01:00:00 | 000,032,736 | ---- | C] () -- C:\WINNT\System32\drivers\atinraxx.sys
[1980/01/01 01:00:00 | 000,028,270 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[1980/01/01 01:00:00 | 000,027,232 | ---- | C] () -- C:\WINNT\System32\drivers\atinxbxx.sys
[1980/01/01 01:00:00 | 000,024,720 | ---- | C] () -- C:\WINNT\System32\drivers\atintuxx.sys
[1980/01/01 01:00:00 | 000,023,712 | ---- | C] () -- C:\WINNT\System32\drivers\atinsnxx.sys
[1980/01/01 01:00:00 | 000,022,582 | ---- | C] () -- C:\WINNT\System32\ntdsctrs.ini
[1980/01/01 01:00:00 | 000,020,386 | ---- | C] () -- C:\WINNT\System32\ntfrsrep.ini
[1980/01/01 01:00:00 | 000,010,384 | ---- | C] () -- C:\WINNT\System32\drivers\atinmdxx.sys
[1980/01/01 01:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[1980/01/01 01:00:00 | 000,005,597 | ---- | C] () -- C:\WINNT\System32\ntfrscon.ini
[1980/01/01 01:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[1980/01/01 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
[1980/01/01 01:00:00 | 000,000,475 | ---- | C] () -- C:\WINNT\System32\OEMINFO.INI

========== LOP Check ==========

[2008/04/19 02:28:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Epicor
[2011/04/28 10:00:11 | 000,000,420 | ---- | M] () -- C:\WINNT\Tasks\copy.job
[2011/04/25 22:02:24 | 000,000,740 | ---- | M] () -- C:\WINNT\Tasks\Monday.job
[2011/04/21 22:02:25 | 000,000,752 | ---- | M] () -- C:\WINNT\Tasks\Thursday.job
[2011/04/26 22:02:25 | 000,000,746 | ---- | M] () -- C:\WINNT\Tasks\Tuesday.job
[2011/04/27 22:02:30 | 000,000,758 | ---- | M] () -- C:\WINNT\Tasks\Wednesday.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP