Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System Check Virus - Can't boot in safe mode

Started by mbfranchi , Mar 20 2012 06:05 AM

  • Please log in to reply

#1
mbfranchi
Posted 20 March 2012 - 06:05 AM

mbfranchi

    New Member

  • Member
  • Pip
  • 2 posts
If I open up my desktop it runs a program called "System Check" which I believe to be a virus. There are no desktop icons or start menu options in normal boot mode. When I boot in safe mode (w/ or w/o networking) there are still no desktop icons or start menu options.

Reading the forums I found a user with a similar issue from:
http://www.geekstogo...o-to-safe-mode/

I followed the directions to download OTLPENet.exe and burn and boot from CD. The Log from running OTLPE is attached.

Thank you for your help.

Attached Files


Edited by mbfranchi, 20 March 2012 - 06:08 AM.

  • 0

Advertisements

#2
mbfranchi
Posted 20 March 2012 - 06:31 AM

mbfranchi

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
OTL logfile created on: 3/19/2012 4:37:20 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 90.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 50.26 Gb Free Space | 67.45% Space Free | Partition Type: NTFS
Drive D: | 127.99 Gb Total Space | 108.70 Gb Free Space | 84.93% Space Free | Partition Type: NTFS
Drive E: | 337.77 Gb Total Space | 319.43 Gb Free Space | 94.57% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 0.90 Gb Free Space | 48.37% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2011/12/06 17:00:14 | 000,214,896 | -H-- | M] () [Auto] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/06/13 12:06:13 | 000,651,720 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/08/28 01:58:10 | 000,126,976 | -H-- | M] (Visioneer Inc.) [Auto] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (NTACCESS)
DRV - File not found [Kernel | On_Demand] -- -- (MSICPL)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (GMSIPCI)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/04/04 15:55:38 | 000,020,480 | -H-- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/05/20 11:36:36 | 000,054,016 | -H-- | M] (HTL) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TSUSB2.sys -- (TSUSB2)
DRV - [2010/03/30 23:50:26 | 000,911,400 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/01/14 17:53:18 | 000,037,160 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2010/01/14 17:53:16 | 000,037,032 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2009/11/18 18:13:04 | 000,556,200 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/11/18 18:12:56 | 000,118,440 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009/11/18 18:12:54 | 000,059,688 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/11/18 18:12:46 | 000,047,656 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/07/10 14:01:06 | 000,025,856 | -H-- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/01/29 18:18:00 | 000,008,320 | -H-- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2007/11/02 16:51:30 | 000,006,400 | -H-- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2006/11/02 19:51:58 | 000,013,560 | -H-- | M] (Cyberlink Corp.) [Kernel | Auto] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006/08/28 19:10:06 | 000,158,208 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/07/17 17:07:28 | 000,017,290 | RH-- | M] (Broadcom Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btpmw32.sys -- (BCMTPM)
DRV - [2005/10/09 22:35:32 | 000,017,792 | -H-- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibm.com

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibm.com
IE - HKU\Administrator_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibm.com

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ibm.com

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en&source=mpes"
FF - prefs.js..keyword.URL: "http://websearch.ask...YYYYYYSEUS&&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/27 11:02:57 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/08 10:11:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/03/05 07:50:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m3kf9q9r.default\extensions
[2012/03/05 07:50:38 | 000,000,000 | -H-D | M] (WOT) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m3kf9q9r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/05 07:50:37 | 000,000,000 | -H-D | M] (Roomy Bookmarks Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m3kf9q9r.default\extensions\[email protected]
[2012/02/01 10:01:17 | 000,000,000 | -H-D | M] (Ask Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m3kf9q9r.default\extensions\[email protected]
[2010/09/28 23:39:14 | 000,002,333 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m3kf9q9r.default\searchplugins\askcom.xml
[2012/01/06 12:59:34 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M3KF9Q9R.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M3KF9Q9R.DEFAULT\EXTENSIONS\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\M3KF9Q9R.DEFAULT\EXTENSIONS\[email protected]
[2011/12/05 09:50:51 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/14 18:32:46 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/02/17 12:23:17 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/05 08:41:35 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 07:15:01 | 000,002,040 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/03 22:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [ldmtqETJLYi.exe] C:\Documents and Settings\All Users\Application Data\ldmtqETJLYi.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OP14 Reminder] C:\Program Files\ScanSoft\OmniPagePro14.0\EregEng\Ereg.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [OpScheduler] C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Opware14] C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Passport Web Edition Client] C:\Program Files\NCR\Passport Web Edition\pwecsrvc.exe (NCR Corporation)
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKLM..\Run: [WorkFlowTray] C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe (ScanSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/13 11:47:49 | 000,000,000 | -H-D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/05/05 17:49:36 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/20 15:06:15 | 000,000,000 | -H-D | M] - D:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/09/30 15:38:55 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{31f30b5c-b849-11e0-9196-001a6b4e4812}\Shell - "" = AutoRun
O33 - MountPoints2\{31f30b5c-b849-11e0-9196-001a6b4e4812}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31f30b5c-b849-11e0-9196-001a6b4e4812}\Shell\AutoRun\command - "" = G:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/19 14:45:25 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/03/19 14:35:18 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\CyberLink PowerDVD
[2012/03/19 07:34:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\System Check
[2012/03/15 08:21:29 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Banking
[2012/03/12 12:09:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Purchase Orders and templates
[2012/03/02 10:39:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\First Citizens Bank
[2012/03/02 10:33:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Silver Bullet Technology
[2012/03/02 10:32:16 | 000,000,000 | -H-D | C] -- C:\Program Files\DIFX
[2012/03/02 10:32:14 | 000,054,016 | -H-- | C] (HTL) -- C:\WINDOWS\System32\drivers\TSUSB2.sys
[2012/03/02 10:32:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Passport Web Edition Client
[2012/03/02 10:32:10 | 000,000,000 | -H-D | C] -- C:\Program Files\NCR
[2012/02/28 12:24:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\PNC Banking
[2012/02/28 11:41:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/02/28 11:41:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/28 11:41:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/28 11:41:49 | 000,020,464 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/28 11:41:49 | 000,000,000 | -H-D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/27 11:02:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/02/27 11:02:35 | 000,000,000 | -H-D | C] -- C:\Program Files\QuickTime
[2012/02/21 09:48:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Sales Brochures
[2012/02/20 08:36:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Mellow Mushroom Pictures Greenville
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/19 15:20:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/19 15:18:13 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/19 15:02:18 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/19 14:46:00 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/03/19 14:26:13 | 000,001,010 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1336601894-725345543-500UA.job
[2012/03/19 14:04:25 | 000,000,456 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\MLs25E1fQV00QG
[2012/03/19 14:02:44 | 000,000,264 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~MLs25E1fQV00QG
[2012/03/19 13:52:08 | 000,000,176 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~MLs25E1fQV00QGr
[2012/03/19 13:51:57 | 000,000,853 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/19 07:34:39 | 000,000,835 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\System Check.lnk
[2012/03/19 07:34:31 | 000,352,256 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\MLs25E1fQV00QG.exe
[2012/03/19 07:26:57 | 000,026,590 | -H-- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2012/03/19 07:24:15 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/03/19 07:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Software995
[2012/03/19 07:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft PaperPort 11.0
[2012/03/19 07:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\ScanSoft OmniPage Pro 14.0
[2012/03/19 07:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/03/19 07:24:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Passport Web Edition Client
[2012/03/19 07:24:14 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/03/19 07:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2012/03/19 07:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/03/19 07:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/19 07:24:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/03/19 07:24:13 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/03/19 07:24:13 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/03/19 07:19:06 | 000,450,560 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\ldmtqETJLYi.exe
[2012/03/19 06:26:00 | 000,000,958 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1336601894-725345543-500Core.job
[2012/03/19 06:21:45 | 000,013,312 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/16 09:09:01 | 000,000,354 | -H-- | M] () -- C:\WINDOWS\tasks\MotoHelper Routing.job
[2012/03/16 08:01:28 | 001,880,481 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\HMS-BradyParts Account Statement.pdf
[2012/03/15 14:21:18 | 001,448,272 | -H-- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/03/15 11:55:00 | 000,000,037 | -H-- | M] () -- C:\WINDOWS\PVX.INI
[2012/03/15 08:14:39 | 001,471,603 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\M-1 rowan bldg 11-3-10.dwg
[2012/03/15 07:37:43 | 001,721,266 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Best_Ketchup_Ad_Ever.wmv
[2012/03/15 06:57:31 | 000,000,855 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\PM WORK ORDERS.lnk
[2012/03/15 06:42:29 | 000,000,142 | -H-- | M] () -- C:\WINDOWS\ccolwiz.ini
[2012/03/15 06:40:17 | 005,835,364 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\smithfield+nc+permit+set+mep+3of3+08-16-11_Version_1.pdf
[2012/03/15 06:11:46 | 000,370,488 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/15 06:06:24 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/12 09:20:01 | 000,000,059 | -H-- | M] () -- C:\WINDOWS\wpd99.drv
[2012/03/12 06:06:23 | 000,435,688 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/12 06:06:23 | 000,068,584 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/08 10:01:20 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\BRWMARK.INI
[2012/03/07 06:48:17 | 000,001,052 | -H-- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/01 13:11:45 | 000,041,522 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Price list East Coast 03.01.12.pdf
[2012/03/01 07:57:01 | 000,104,718 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Stamps.pdf
[2012/02/29 09:03:07 | 000,288,079 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Katadyn Vario Multi Flow Water Microfilter Amazon.pdf
[2012/02/28 08:39:58 | 000,134,958 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\PIPE LABOR CALCULATOR.pdf
[2012/02/24 16:16:29 | 003,098,135 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\PNC New Account Information Back Pages.pdf
[2012/02/24 16:14:59 | 007,623,706 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\PNC New Account Information Front Pages.pdf
[2012/02/24 08:10:18 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012/02/24 08:10:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012/02/24 08:10:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012/02/23 10:10:20 | 000,000,567 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to CAD.lnk
[2012/02/23 07:54:34 | 000,000,567 | -H-- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Drawing.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/19 15:18:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/03/19 13:51:57 | 000,000,853 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2012/03/19 07:34:40 | 000,000,264 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~MLs25E1fQV00QG
[2012/03/19 07:34:40 | 000,000,176 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~MLs25E1fQV00QGr
[2012/03/19 07:34:39 | 000,000,835 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\System Check.lnk
[2012/03/19 07:34:36 | 000,000,456 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\MLs25E1fQV00QG
[2012/03/19 07:34:31 | 000,352,256 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\MLs25E1fQV00QG.exe
[2012/03/19 07:22:06 | 000,450,560 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ldmtqETJLYi.exe
[2012/03/19 06:35:57 | 000,052,569 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\EQUIPMENT SCHEDULES ETC.zip
[2012/03/16 08:01:27 | 001,880,481 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\HMS-BradyParts Account Statement.pdf
[2012/03/15 08:14:39 | 001,471,603 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\M-1 rowan bldg 11-3-10.dwg
[2012/03/15 07:37:40 | 001,721,266 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Best_Ketchup_Ad_Ever.wmv
[2012/03/15 06:39:53 | 005,835,364 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\smithfield+nc+permit+set+mep+3of3+08-16-11_Version_1.pdf
[2012/03/01 13:11:45 | 000,041,522 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Price list East Coast 03.01.12.pdf
[2012/03/01 07:57:00 | 000,104,718 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Stamps.pdf
[2012/02/29 09:03:05 | 000,288,079 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\Katadyn Vario Multi Flow Water Microfilter Amazon.pdf
[2012/02/24 16:16:29 | 003,098,135 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\PNC New Account Information Back Pages.pdf
[2012/02/24 16:14:58 | 007,623,706 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\PNC New Account Information Front Pages.pdf
[2012/02/24 08:10:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2012/02/24 08:10:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2012/02/23 15:15:41 | 000,027,136 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\01017512.xlt
[2012/02/23 10:00:33 | 000,000,567 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to CAD.lnk
[2012/02/23 07:54:34 | 000,000,567 | -H-- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to Drawing.lnk
[2012/02/16 06:47:25 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/16 08:59:53 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/25 09:10:33 | 000,077,448 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/10/11 14:01:49 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\pdf995.ini
[2011/10/06 09:39:16 | 000,051,716 | -H-- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011/10/06 09:39:16 | 000,000,059 | -H-- | C] () -- C:\WINDOWS\wpd99.drv
[2011/09/29 09:02:38 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011/09/01 10:23:28 | 000,000,033 | -H-- | C] () -- C:\WINDOWS\BiMonitor.ini
[2011/09/01 10:23:27 | 000,031,249 | -H-- | C] () -- C:\WINDOWS\maxlink.ini
[2011/06/14 18:38:13 | 001,448,272 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/06/08 16:16:38 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\PVX.INI
[2011/06/08 16:08:31 | 000,000,142 | -H-- | C] () -- C:\WINDOWS\ccolwiz.ini
[2011/06/08 10:11:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2011/06/08 09:53:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\msicpl.ini
[2011/06/08 06:37:55 | 000,000,426 | -H-- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/06/08 06:37:55 | 000,000,034 | -H-- | C] () -- C:\WINDOWS\System32\BD5250DN.DAT
[2011/06/07 14:38:28 | 000,013,312 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 13:11:57 | 000,131,072 | RH-- | C] () -- C:\WINDOWS\System32\smdll.dll
[2011/06/06 13:11:55 | 000,258,048 | RH-- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2011/06/06 13:11:55 | 000,032,768 | RH-- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2011/06/06 13:11:54 | 000,262,144 | RH-- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2011/06/06 13:11:54 | 000,208,896 | RH-- | C] () -- C:\WINDOWS\System32\WinSys2.exe
[2011/05/05 18:49:23 | 002,215,364 | -H-- | C] () -- C:\WINDOWS\System32\igklg400.bin
[2011/05/05 18:49:23 | 001,971,732 | -H-- | C] () -- C:\WINDOWS\System32\igklg450.bin
[2011/05/05 18:49:23 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4924.dll
[2011/05/05 18:49:23 | 000,029,932 | -H-- | C] () -- C:\WINDOWS\System32\igmedcompkrn.bin
[2011/05/05 17:51:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 17:47:23 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/05 10:43:39 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/05 10:41:01 | 000,370,488 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/30 23:33:10 | 002,860,384 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2009/01/20 13:32:04 | 000,024,056 | -H-- | C] () -- C:\WINDOWS\System32\providers.bin
[2008/05/02 23:16:00 | 001,703,936 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/02 23:16:00 | 001,630,208 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/05/02 23:16:00 | 001,486,848 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/02 23:16:00 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/05/02 23:16:00 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/02 23:16:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/02 23:16:00 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/05/02 23:16:00 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/05/02 23:16:00 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/09/07 12:00:44 | 000,257,536 | -H-- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2005/09/07 12:00:44 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\JPEG32.DLL
[2004/08/03 22:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/03 22:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 22:00:00 | 000,435,688 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/03 22:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 22:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 22:00:00 | 000,068,584 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/03 22:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 22:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 22:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 22:00:00 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/03 22:00:00 | 000,002,505 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/03 22:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 22:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/11/14 13:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/06/15 15:13:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2011/10/28 12:40:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Avery
[2012/03/19 07:27:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox
[2011/09/01 10:26:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\LinkManager 4.0
[2011/12/28 10:09:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Motorola
[2011/09/01 10:40:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\OneTouch 4.0
[2011/10/11 14:01:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\pdf995
[2011/09/01 10:32:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft
[2012/03/02 10:33:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data\Silver Bullet Technology
[2011/06/13 12:04:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/03/12 09:20:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2011/09/01 10:41:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2011/09/01 10:26:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Visioneer
[2011/10/25 06:35:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/27 10:09:02 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\Tasks\MotoHelper MUM.job
[2012/03/16 09:09:01 | 000,000,354 | -H-- | M] () -- C:\WINDOWS\Tasks\MotoHelper Routing.job
[2012/01/27 10:09:01 | 000,000,370 | -H-- | M] () -- C:\WINDOWS\Tasks\MotoHelper Update.job
[2012/03/19 14:46:00 | 000,000,250 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: CDROM.SYS >
[2004/08/03 22:00:00 | 018,738,937 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008/04/14 08:51:44 | 020,056,462 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008/04/14 08:51:44 | 020,056,462 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008/04/14 03:10:48 | 000,062,976 | -H-- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008/04/14 03:10:48 | 000,062,976 | -H-- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/03 22:00:00 | 000,049,536 | -H-- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008/04/14 08:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/03 22:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 08:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 08:42:38 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | -H-- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/03 22:00:00 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/03 22:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 08:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 08:42:40 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/03 22:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | -H-- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 08:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 08:42:40 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems /s >
"Debug" =
"Kmode" = %SystemRoot%\system32\win32k.sys -- [2012/02/03 05:22:18 | 001,860,096 | -H-- | M] (Microsoft Corporation)
"Optional" = Posix [binary data]
"Posix" = %SystemRoot%\system32\psxss.exe
"Required" = DebugWindows [binary data]
"Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"Tag" = 5
"ImagePath" = system32\DRIVERS\netbt.sys -- [2008/04/14 03:51:02 | 000,162,816 | -H-- | M] (Microsoft Corporation)
"DisplayName" = NetBios over Tcpip
"Group" = PNP_TDI
"DependOnService" = Tcpip [binary data]
"DependOnGroup" = [binary data]
"Description" = NetBios over Tcpip
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"NbProvider" = _tcp
"NameServerPort" = 137
"CacheTimeout" = 600000
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"Size/Small/Medium/Large" = 1
"SessionKeepAlive" = 3600000
"TransportBindName" = \Device\
"EnableLMHOSTS" = 1
"DhcpNodeType" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{08F99A76-9012-4D33-9423-8992940AB0AD}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1B50A142-61F3-4807-8E35-F64D49B36B3E}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{1EDFE4EC-B9C1-4130-A3BB-85F91A5EF3FB}]
"NameServerList" = [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{690C0049-CD53-41C5-9E27-CA19172055B1}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
"DhcpNameServerList" = 192.168.1.10 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 1
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/04/14 03:26:04 | 000,034,688 | -H-- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 03 01 00 00 01 00 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 3
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2004/08/03 22:00:00 | 000,007,168 | -H-- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Security]
"Security" = [Binary data over 100 bytes]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/17 12:23:14 | 000,834,840 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/17 12:23:14 | 000,834,840 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/17 12:23:14 | 000,834,840 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/17 12:23:17 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/17 12:23:17 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/17 12:23:17 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/17 12:23:14 | 000,834,840 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/17 12:23:14 | 000,834,840 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/17 12:23:14 | 000,834,840 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/17 12:23:17 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/17 12:23:17 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/17 12:23:17 | 000,924,632 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/12/16 08:23:08 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/12/16 08:23:08 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/12/16 08:23:08 | 000,174,080 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

Invalid Environment Variable: %Temp%\smtmp\1\*.*

Invalid Environment Variable: %Temp%\smtmp\2\*.*

Invalid Environment Variable: %Temp%\smtmp\3\*.*

Invalid Environment Variable: %Temp%\smtmp\4\*.*

< CREATERESTOREPOINT >
< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP