Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

missing systemced message


  • This topic is locked This topic is locked
17 replies to this topic

#1 MaryBet82

MaryBet82

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:03 PM

Posted 14 June 2010 - 05:36 PM

win2k sp4 on Sony VAIO600GXR

My Sony lost power in the middle of updating norton antivirus. When I rebooted I got a black screen w/ a missing systemced message.

I found the MS support article for this message: http://support.microsoft.com/kb/269075 and this is a system hive problem.

The Sony only came w/ recovery disks that reformat/reinstall. If they have any repair function or recovery tool function I never found it. The MS support instructions, of course, involve using the win2k cd. I have one from another computer and tried it and it let me use the c option for the recovery console tool.

I can get to c:\winnt\system32\config per the article's instructions, but I can't rename system or systemalt per the instructions or enumerate that directory. I can enumerate C\winnt & C\winnt\system32 and the D partition and its folder on my hdd in which I have a registry backup.

Per the article's instructions I'm supposed to copy a system hive backup file from c:\winnt\repair to c:\winnt\system32\config. There is a system.bak file in c:\winnt\repair.

Per an article I read awhile back and this article I should have been asked for my password and wasn't, but if that was the problem I would think I wouldn't have gotten to c:\winnt & system32 and been able to enumerate them. I haven't tried to copy anything yet because I thought I'd ask for help before I trialed and errored, so maybe I can enumerate winnt, system32 and repair but can't copy into them.

Any suggestions on how I can copy the system.bak file to the config directory or use my registry backup to get me into windows again?




mac 10.6 on macbook pro
WinXP sp2 on Dell 380 w/ 512 MB RAM- currently dead in the water
WinXP tab ed sp 3 on Thinkpad X41 w/ 1.5 GB RAM - lemony flavored
Win2K Sp4 on Sony VAIO GXR600 w/ 512 MB RAM - currently blue screening

BC AdBot (Login to Remove)

 


#2 pcsupport

pcsupport

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 14 June 2010 - 06:19 PM

use:

copy x y

where x is the source directory + file name and y is the destination directory

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:03 AM

Posted 15 June 2010 - 05:34 AM

Hello, please see if you can follow the steps below. In the mean time I will move this topic to a more appropriate forum.

On a working computer, please download OTLPE (filesize 120,9 MB)
  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 MaryBet82

MaryBet82
  • Topic Starter

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:03 PM

Posted 15 June 2010 - 08:06 AM

Thanks pc support,

The problem w/ doing a copy is that I can't rename the current system hives so that when I copy and overwrite the system hive I can't undo. That might be necessary in my situation and it might work. Since I can't list files for the config folder or rename either system or systemalt, tho, I suspect I won't be allowed to copy into the folder. I'm wondering if the config folder itself is corrupted.

Thanks elise025,
Since the topic has been moved, I'm guessing you suspect malware. The problem happened immediately after I lost power [power cord unplugged and battery on VAIO is shot] while norton antivirus was updating. I don't know what all norton does when it updates definitions, but I figured it was updating the system registry and didn't get to clean up and that part of the registry got corrupted. Figured wrong?

I booted from the reatogo-x-pe cd and it loaded OK [s l o w]. When I doubleclicked on OTLPE I got a message that the config folder was corrupt and unreadable and to run chkdsk and OLTPE wouldn't scan. [ I should have run chkdsk from the recovery console tool, esp when I could list dir system32 but not config. I always run chkdsk when windows closes improperly, but I was brain dead last night]
So I ran chckdsk w/ fix errors and scan for bad sectors checked and it completed OK. OTLPE then ran w/ LOAD ALL REMAINING USERS and generated a text file. I may be able to do the ren system and copy system.bak to config now or Windows may even boot.

I only ran OLTPE on the C partition which has the OS & program files - not the D partition which only has my documents. I also have documents in the administrator my documents folder on the C partition - Can I delete that part of the OLTP log listing my docs folder before posting?

Do I attach the txt file or just copy and paste it in a reply?




Edited by MaryBet82, 15 June 2010 - 11:01 AM.

mac 10.6 on macbook pro
WinXP sp2 on Dell 380 w/ 512 MB RAM- currently dead in the water
WinXP tab ed sp 3 on Thinkpad X41 w/ 1.5 GB RAM - lemony flavored
Win2K Sp4 on Sony VAIO GXR600 w/ 512 MB RAM - currently blue screening

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:03 AM

Posted 15 June 2010 - 08:18 AM

I do not suspect malware, but to replace the hives in an easy way we need to use OTLPE which is only allowed in this forum, that is why I moved it smile.gif

When using a PE CD (like the one we make), we can move files without restrictions. However, caution with that, we can also do unrepairable damage; its important to know what you are doing.

I will wait for your log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 MaryBet82

MaryBet82
  • Topic Starter

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:03 PM

Posted 15 June 2010 - 11:17 AM

Ellise025
Do I attach the OLTPR file or just copy and paste it in a reply? Don't know which way it's more readable.

I did want to delete the listing of files in the My Documents folder but I see it also lists my documents in files modified in 30 days and new files, so I won't try to weed those out.
mac 10.6 on macbook pro
WinXP sp2 on Dell 380 w/ 512 MB RAM- currently dead in the water
WinXP tab ed sp 3 on Thinkpad X41 w/ 1.5 GB RAM - lemony flavored
Win2K Sp4 on Sony VAIO GXR600 w/ 512 MB RAM - currently blue screening

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:03 AM

Posted 15 June 2010 - 01:18 PM

Please just copy/paste the log into the reply box.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 MaryBet82

MaryBet82
  • Topic Starter

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:03 PM

Posted 15 June 2010 - 02:34 PM

Here's the report.

OTL logfile created on: 6/15/2010 12:09:44 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195) - Type =

SYSTEM
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format:

M/d/yyyy

511.00 Mb Total Physical Memory | 308.00 Mb Available Physical Memory |

60.00% Memory free
463.00 Mb Paging File | 332.00 Mb Available in Paging File | 72.00%

Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% =

C:\Program Files
Drive C: | 14.94 Gb Total Space | 4.88 Gb Free Space | 32.66% Space Free

| Partition Type: NTFS
Drive D: | 13.00 Gb Total Space | 3.42 Gb Free Space | 26.27% Space Free

| Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free

| Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - [2006/10/04 23:34:07 | 000,000,000 | ---D | M] [Unavailable] --

C:\WINNT\system32\ias -- (IAS)
SRV - [2005/06/23 22:27:30 | 000,124,608 | ---- | M] (symantec)

[Disabled] -- C:\Program Files\Symantec Client Security\Symantec

AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 22:27:28 | 001,715,904 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Symantec Client Security\Symantec

AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 22:27:18 | 000,019,648 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Symantec Client Security\Symantec

AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/23 12:51:50 | 000,198,272 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Symantec Client Security\Symantec

Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2005/06/23 12:51:14 | 000,079,488 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Symantec Client Security\Symantec

Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2005/06/02 12:21:46 | 000,161,392 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 12:21:46 | 000,083,568 | ---- | M] (Symantec

Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 12:21:44 | 000,239,216 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/06/02 12:21:40 | 000,185,968 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/22 15:03:28 | 000,206,552 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/31 00:48:22 | 000,992,864 | ---- | M] (Symantec

Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/09/07 11:59:06 | 000,122,128 | ---- | M] (Microsoft

Corporation) [Auto] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/11/13 16:29:40 | 000,455,680 | ---- | M] () [Auto] --

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe --

(NICSer_WPC54G)
SRV - [2003/06/19 15:05:04 | 000,196,706 | ---- | M] (Microsoft

Corporation) [Auto] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
SRV - [2003/06/19 15:05:04 | 000,147,728 | ---- | M] (VERITAS Software

Corp.) [On_Demand] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/19 15:05:04 | 000,094,992 | ---- | M] (Microsoft

Corporation) [On_Demand] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
SRV - [2003/06/19 15:05:04 | 000,068,368 | ---- | M] (Microsoft

Corporation) [Disabled] -- C:\WINNT\system32\regsvc.exe --

(RemoteRegistry)
SRV - [2003/06/19 15:05:04 | 000,061,712 | ---- | M] (Microsoft

Corporation) [Auto] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)
SRV - [2003/06/19 15:05:04 | 000,022,800 | ---- | M] (Microsoft

Corporation) [On_Demand] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/06/19 15:05:04 | 000,019,728 | ---- | M] (Microsoft

Corporation) [Auto] -- C:\WINNT\system32\hidserv.exe -- (HidServ)
SRV - [2001/08/06 05:41:48 | 000,028,672 | ---- | M] () [Auto] --

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System] -- -- (tga)
DRV - File not found [Kernel | System] -- -- (sglfb)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/05/27 04:00:00 | 000,371,248 | ---- | M] (Symantec

Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec

Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 04:00:00 | 000,102,448 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\Program Files\Common

Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --

(EraserUtilDrv11010)
DRV - [2010/05/12 04:00:00 | 001,347,504 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\Program Files\Common

Files\Symantec Shared\VirusDefs\20100614.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/12 04:00:00 | 000,085,552 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\Program Files\Common

Files\Symantec Shared\VirusDefs\20100614.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/01 18:14:16 | 000,058,000 | ---- | M] (Roxio) [Kernel |

System] -- C:\WINNT\system32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2010/03/01 18:14:16 | 000,023,420 | ---- | M] (Roxio) [Kernel |

System] -- C:\WINNT\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/11/20 03:03:00 | 000,268,664 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\Program Files\Common

Files\Symantec Shared\SymcData\scfidsdefs\20100604.001\SymIDSCo.sys --

(SYMIDSCO)
DRV - [2005/05/13 22:50:10 | 000,123,488 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\Program

Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/22 15:03:02 | 000,267,192 | ---- | M] (Symantec

Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\symtdi.sys --

(SYMTDI)
DRV - [2005/04/22 15:03:00 | 000,017,976 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] --

C:\WINNT\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/04/22 15:02:58 | 000,036,984 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\symids.sys

-- (SYMIDS)
DRV - [2005/04/22 15:02:56 | 000,047,192 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] --

C:\WINNT\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2005/04/22 15:02:54 | 000,173,208 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\symfw.sys

-- (SYMFW)
DRV - [2005/04/22 15:02:52 | 000,011,512 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\symdns.sys

-- (SYMDNS)
DRV - [2005/03/31 00:48:20 | 000,372,832 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\Program Files\Common

Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/12 00:46:22 | 000,371,712 | ---- | M] (Broadcom

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\BCMWL5.SYS

-- (BCM43XX)
DRV - [2005/02/04 23:14:32 | 000,053,896 | ---- | M] (Symantec

Corporation) [Kernel | System] -- C:\Program Files\Symantec Client

Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 23:14:30 | 000,324,232 | ---- | M] (Symantec

Corporation) [Kernel | System] -- C:\Program Files\Symantec Client

Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/09/25 02:36:44 | 000,173,056 | ---- | M] (Funk Software,

Inc.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\odysseyIM4.sys --

(odysseyIM4)
DRV - [2004/03/04 17:29:50 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel

| On_Demand] -- C:\WINNT\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/09/02 17:03:44 | 000,020,064 | ---- | M] (KONICA MINOLTA

BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto] --

C:\WINNT\system32\MLPTDR_B.SYS -- (MLPTDR_B)
DRV - [2003/07/17 01:28:02 | 000,017,142 | ---- | M] (Printing

Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] --

C:\WINNT\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/06/19 15:05:04 | 000,369,104 | ---- | M] (VERITAS Software

Corp.) [Kernel | Disabled] -- C:\WINNT\system32\drivers\dmboot.sys --

(dmboot)
DRV - [2003/06/19 15:05:04 | 000,137,936 | ---- | M] (VERITAS Software

Corp.) [Kernel | Boot] -- C:\WINNT\system32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/19 15:05:04 | 000,060,208 | ---- | M] (Microsoft

Corporation) [Kernel | On_Demand] --

C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/06/19 15:05:04 | 000,032,848 | ---- | M] (Microsoft

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\uhcd.sys

-- (uhcd)
DRV - [2003/06/19 15:05:04 | 000,027,440 | ---- | M] (Microsoft

Corporation) [File_System | Disabled] --

C:\WINNT\system32\drivers\efs.sys -- (EFS)
DRV - [2003/06/19 15:05:04 | 000,007,728 | ---- | M] (Microsoft

Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\diskperf.sys --

(Diskperf)
DRV - [2003/06/19 15:05:04 | 000,007,312 | ---- | M] (VERITAS Software

Corp.) [Kernel | Boot] -- C:\WINNT\system32\drivers\dmload.sys --

(dmload)
DRV - [2002/07/25 16:16:36 | 000,478,971 | ---- | M] (ATI Technologies

Inc.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ati2mtag.sys --

(ati2mtag)
DRV - [2002/07/24 15:00:00 | 000,021,712 | ---- | M] (Microsoft

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\rca.sys --

(RCA)
DRV - [2002/07/24 15:00:00 | 000,009,680 | ---- | M] (Microsoft

Corporation) [Kernel | On_Demand] --

C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2002/07/19 16:25:58 | 000,202,880 | ---- | M] (YAMAHA CORPORATION)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\yacxgc.sys --

(WDM_YAMAHAAC97)
DRV - [2002/07/09 20:36:42 | 000,159,236 | ---- | M] (Conexant Systems)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\HSFHWICH.sys --

(HSFHWICH)
DRV - [2002/07/09 20:35:24 | 001,174,192 | ---- | M] (Conexant Systems)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/07/09 20:30:56 | 000,601,488 | ---- | M] (Conexant Systems)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\HSF_CNXT.sys --

(winachsf)
DRV - [2002/07/05 21:14:00 | 000,261,904 | ---- | M] (Synaptics, Inc.)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2002/02/25 12:52:30 | 000,139,536 | ---- | M] (Intel Corporation)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\e100bnt5.sys -- (E100B)

Intel®
DRV - [2002/01/09 07:33:42 | 000,003,200 | ---- | M] (Lucent

Technologies) [Kernel | On_Demand] --

C:\WINNT\system32\drivers\wfluc48.sys -- (wfluc48)
DRV - [2002/01/09 07:33:32 | 000,155,136 | ---- | M] (Lucent

Technologies) [Kernel | On_Demand] --

C:\WINNT\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2001/12/20 08:02:12 | 000,006,656 | ---- | M] (Netropa

Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\Msikbd2k.sys

-- (msikbd2k)
DRV - [2001/10/29 20:00:46 | 000,028,320 | ---- | M] (Sony Corporation)

[Kernel | Boot] -- C:\WINNT\system32\drivers\SonySDSK.sys -- (SonySDSK)
DRV - [2001/10/29 20:00:46 | 000,005,421 | ---- | M] (Sony Corporation)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\SonyUSBL.sys --

(SonyUSBL)
DRV - [2001/10/16 12:17:12 | 000,013,952 | ---- | M] (Microsoft

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\mpe.sys --

(MPE)
DRV - [2001/02/08 20:39:00 | 000,028,464 | ---- | M] (Sony Corporation)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\SonyiNet.sys --

(iLINKnet) Sony i.LINK(1394)
DRV - [2001/02/01 17:01:00 | 000,015,130 | ---- | M] (Intel Corp.)

[Kernel | Auto] -- C:\WINNT\system32\drivers\prpc.sys -- (PRPC)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation)

[Kernel | System] -- C:\WINNT\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/07/14 20:52:00 | 000,076,860 | ---- | M] (Sony Corporation)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2000/05/30 23:25:00 | 000,048,788 | ---- | M] (Sony Corporation)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\SonyNC.sys -- (SNC)
DRV - [2000/02/25 04:10:00 | 000,025,593 | ---- | M] (Sony Corporation)

[Kernel | Boot] -- C:\WINNT\system32\drivers\va32w2.sys -- (va32w2)
DRV - [1999/12/15 03:00:00 | 000,018,633 | ---- | M] (Sony Corporation)

[Kernel | Boot] -- C:\WINNT\system32\drivers\va16w2.sys -- (va16w2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

%SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =

http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet

Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet

Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet

Explorer\Main,Search Page = http://www.google.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.google.com/
IE -

HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet

Settings: "ProxyEnable" = 0

IE - HKU\Bender_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page

= C:\WINNT\system32\blank.htm
IE - HKU\Bender_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page

= http://www.sony.com/vaiopeople
IE - HKU\Bender_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet

Settings: "ProxyEnable" = 0

IE - HKU\User3_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page

= C:\WINNT\system32\blank.htm
IE - HKU\User3_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page

= http://www.sony.com/vaiopeople
IE - HKU\User3_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet

Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems:

{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.87
FF - prefs.js..extensions.enabledItems:

{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems:

linkalert.conlan@addons.mozilla.com:1.0.1
FF - prefs.js..extensions.enabledItems:

{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components:

C:\Program Files\Mozilla Firefox\components [2010/04/16 17:28:56 |

000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins:

C:\Program Files\Mozilla Firefox\plugins [2010/04/14 20:43:24 |

000,000,000 | ---D | M]

[2010/02/20 21:43:11 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\Mozilla\Extensions
[2010/06/13 12:06:12 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions
[2010/06/13 11:12:01 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents

and Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions\{73a6fe31-595d-

460b-a920-fcc0f8843232}
[2010/05/13 12:28:27 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and

Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions\{a0d7ccb3-214d-

498b-b4aa-0e8fda9a7bf7}
[2010/04/09 11:20:47 | 000,000,000 | ---D | M] (No name found) --

C:\Documents and Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions\{d40f5e7b-d2cf-

4856-b441-cc613eeffbe3}
[2010/06/03 19:32:13 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions\ietab@ip.cn
[2010/02/20 21:47:41 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions\linkalert.conla

n@addons.mozilla.com
[2010/04/14 09:59:39 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions\personas@christ

opher.beard
[2010/06/13 12:06:12 | 000,000,000 | ---D | M] -- C:\Program

Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2002/07/24 15:00:00 | 000,000,734 | ---- | M]) -

C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\system32\msdxm.ocx ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec

Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [MSConfigReminder] F:\Geek Tools\Startup\MSCONFIG.EXE

File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client

Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP

Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\.DEFAULT..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet

Explorer\Connection Wizard\icwconn1.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start

Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk = C:\Program

Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control

Panel present
O7 -

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:

NoDriveTypeAutoRun = 149
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O7 -

HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies

\Explorer: NoDriveTypeAutoRun = 149
O7 -

HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies

\Explorer: CDRAutoRun = 0
O7 - HKU\User2_ON_C\Software\Policies\Microsoft\Internet Explorer\Control

Panel present
O7 -

HKU\User2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explore

r: NoDriveTypeAutoRun = 149
O7 - HKU\User3_ON_C\Software\Policies\Microsoft\Internet Explorer\Control

Panel present
O7 -

HKU\User3_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explore

r: NoDriveTypeAutoRun = 149
O9 - Extra Button: @shdoclc.dll,-866 -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] -

C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet

Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {238EC5B8-0BF5-11D5-826E-00010239321B}

http://imgweb.charlestoncounty.org/appnet/...x/OBXViewer.cab

(OBXViewer Control)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71}

http://download.microsoft.com/download/0/A...-4D74-A130-E4CA

B36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}

http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update

Installation Engine)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}

http://cdn.scan.onecare.live.com/resource/.../wlscbase6087.c

ab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

http://update.microsoft.com/microsoftupdat...en/x86/client/w

uweb_site.cab?1266774831423 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

http://update.microsoft.com/microsoftupdat...en/x86/client/m

uweb_site.cab?1266774807459 (MUWebControl Class)
O16 - DPF: {8285080A-3FAF-41B1-B7BD-933EE724B650}

http://imgweb.charlestoncounty.org/appnet/...x/OBXSelect.cab

(OBXDocumentSelect Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java

Plug-in 1.6.0_18)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}

http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update

Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java

Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java

Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

http://download.macromedia.com/pub/shockwa...ash/swflash.cab

(Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes

file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java

file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =

192.168.1.254
O18 - Protocol\Handler\vnd.ms.radio

{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.Exe) - C:\WINNT\explorer.exe

(Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll

- C:\WINNT\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll -

C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop WallPaper: D:\MEB Documents\My

Pictures\Wallpapers\abstract_0010.jpg
O24 - Desktop BackupWallPaper: C:\WINNT\Santa Fe Stucco.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/02 20:26:01 | 000,000,000 | -H-- | M] () -

C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () -

X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days

==========


[2010/05/26 13:05:57 | 000,151,552 | ---- | C] (DataViz, Inc.) --

C:\WINNT\System32\DVZAddin.dll
[2010/05/26 12:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common

Files\DataViz
[2010/05/26 12:57:43 | 000,000,000 | ---D | C] -- C:\Program

Files\Documents To Go
[2010/05/26 12:52:37 | 000,000,000 | ---D | C] -- C:\Documents and

Settings\Administrator\Application Data\Leadertech
[2010/05/26 12:49:52 | 000,000,000 | ---D | C] -- C:\Documents and

Settings\Administrator\My Documents\my videos
[2010/05/26 12:44:02 | 000,000,000 | ---D | C] -- C:\Program

Files\palmOne
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days

==========


[2010/06/14 15:03:52 | 009,715,712 | -H-- | M] () -- C:\Documents and

Settings\Administrator\NTUSER.DAT
[2010/06/14 14:46:47 | 000,000,006 | -H-- | M] () --

C:\WINNT\tasks\SA.DAT
[2010/06/14 14:45:42 | 535,801,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/14 11:18:29 | 000,000,278 | -HS- | M] () -- C:\Documents and

Settings\Administrator\ntuser.ini
[2010/06/13 17:06:42 | 000,000,610 | ---- | M] () -- C:\WINNT\win.ini
[2010/06/10 22:58:32 | 000,000,010 | ---- | M] () -- C:\WINNT\RHUD.bkm
[2010/06/07 12:52:12 | 000,000,466 | ---- | M] () -- C:\WINNT\BRWMARK.INI
[2010/06/07 06:11:27 | 000,000,639 | ---- | M] () -- C:\WINNT\QUICKEN.INI
[2010/05/27 11:58:15 | 000,000,040 | ---- | M] () --

C:\WINNT\System32\profile.dat
[2010/05/26 13:37:07 | 000,023,040 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Programming by Kernighan&Pike.DOC
[2010/05/26 13:28:40 | 000,024,064 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\MEB Info.DOC
[2010/05/26 13:23:05 | 000,019,968 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Electronic Inventory.doc
[2010/05/26 13:04:55 | 000,014,848 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Zire Software Info.DOC
[2010/05/26 13:04:50 | 000,016,896 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Thrift Shop.DOC
[2010/05/26 13:04:44 | 000,014,848 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Surge Protectors 1.DOC
[2010/05/26 13:04:35 | 000,098,816 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Stamper Supplies Inv.DOC
[2010/05/26 13:04:28 | 000,013,824 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Sony Toshiba HDs.DOC
[2010/05/26 13:04:21 | 000,016,384 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Sony Software Table.doc
[2010/05/26 13:04:11 | 000,014,848 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Printers & Scanners Ink & Toner

Info.DOC
[2010/05/26 13:04:04 | 000,014,336 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Palm Basics.DOC
[2010/05/26 13:03:56 | 000,015,360 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Nero6Download.DOC
[2010/05/26 13:03:49 | 000,031,744 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Med Address Table.DOC
[2010/05/26 13:03:42 | 000,017,408 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\MEB Info_1.DOC
[2010/05/26 13:03:29 | 000,023,552 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Legal Numbers.DOC
[2010/05/26 13:03:22 | 000,014,848 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Laptop Shop.DOC
[2010/05/26 13:03:15 | 000,047,616 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Furniture Measurements.DOC
[2010/05/26 13:03:09 | 000,023,040 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\FAM_EMAIL.DOC
[2010/05/26 13:03:04 | 000,018,944 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Expenses_1.DOC
[2010/05/26 13:02:55 | 000,035,328 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Electricity Notes.DOC
[2010/05/26 13:02:49 | 000,023,552 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Electric Terms.DOC
[2010/05/26 13:02:44 | 000,018,944 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\EMERGENCY NUMBERS.DOC
[2010/05/26 13:02:33 | 000,566,784 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\D-Link Airplus G Di-524 Router Manual

Notes.DOC
[2010/05/26 13:02:22 | 000,169,472 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Crushed.DOC
[2010/05/26 13:02:09 | 000,613,888 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Craft Inventory.DOC
[2010/05/26 13:01:51 | 000,016,896 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Charleston Phone Numbers.DOC
[2010/05/26 13:01:44 | 000,013,824 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\CD Burn Software Requirements.DOC
[2010/05/26 13:01:38 | 000,022,016 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Bootable CD Option_1.DOC
[2010/05/26 13:01:31 | 000,022,016 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Bootable CD Option.DOC
[2010/05/26 13:01:25 | 000,023,552 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Beaufort Phone Address Table.DOC
[2010/05/26 13:01:19 | 000,013,824 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Basics.DOC
[2010/05/26 13:01:12 | 000,014,336 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\BB.DOC
[2010/05/26 13:01:06 | 000,073,216 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ADDLT_1.DOC
[2010/05/26 13:00:59 | 000,031,744 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ACCOUNT PW&URLS_1.DOC
[2010/05/26 13:00:52 | 000,025,088 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ACCOUNT PW&URLS.DOC
[2010/05/26 13:00:45 | 000,035,840 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2_2.DOC
[2010/05/26 13:00:38 | 000,039,936 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2_1_1.DOC
[2010/05/26 13:00:31 | 000,037,376 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2_1.DOC
[2010/05/26 13:00:24 | 000,037,376 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2.DOC
[2010/05/26 12:44:25 | 000,001,689 | ---- | M] () -- C:\Documents and

Settings\Administrator\Desktop\Palm Desktop.lnk
[2010/05/18 19:16:06 | 000,028,672 | ---- | M] () -- C:\Netstat results

Sony_2010.doc
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name

==========


[2010/05/26 13:14:59 | 000,134,144 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\- Getting Started Tips -.doc
[2010/05/26 13:04:52 | 000,014,848 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Zire Software Info.DOC
[2010/05/26 13:04:47 | 000,016,896 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Thrift Shop.DOC
[2010/05/26 13:04:40 | 000,014,848 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Surge Protectors 1.DOC
[2010/05/26 13:04:31 | 000,098,816 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Stamper Supplies Inv.DOC
[2010/05/26 13:04:24 | 000,013,824 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Sony Toshiba HDs.DOC
[2010/05/26 13:04:21 | 000,016,384 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Sony Software Table.doc
[2010/05/26 13:04:14 | 000,023,040 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Programming by Kernighan&Pike.DOC
[2010/05/26 13:04:07 | 000,014,848 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Printers & Scanners Ink & Toner

Info.DOC
[2010/05/26 13:04:00 | 000,014,336 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Palm Basics.DOC
[2010/05/26 13:03:52 | 000,015,360 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Nero6Download.DOC
[2010/05/26 13:03:45 | 000,031,744 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Med Address Table.DOC
[2010/05/26 13:03:39 | 000,017,408 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\MEB Info_1.DOC
[2010/05/26 13:03:32 | 000,024,064 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\MEB Info.DOC
[2010/05/26 13:03:26 | 000,023,552 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Legal Numbers.DOC
[2010/05/26 13:03:19 | 000,014,848 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Laptop Shop.DOC
[2010/05/26 13:03:12 | 000,047,616 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Furniture Measurements.DOC
[2010/05/26 13:03:06 | 000,023,040 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\FAM_EMAIL.DOC
[2010/05/26 13:03:01 | 000,018,944 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Expenses_1.DOC
[2010/05/26 13:02:58 | 000,019,968 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Electronic Inventory.doc
[2010/05/26 13:02:52 | 000,035,328 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Electricity Notes.DOC
[2010/05/26 13:02:47 | 000,023,552 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Electric Terms.DOC
[2010/05/26 13:02:40 | 000,018,944 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\EMERGENCY NUMBERS.DOC
[2010/05/26 13:02:27 | 000,566,784 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\D-Link Airplus G Di-524 Router Manual

Notes.DOC
[2010/05/26 13:02:18 | 000,169,472 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Crushed.DOC
[2010/05/26 13:01:58 | 000,613,888 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Craft Inventory.DOC
[2010/05/26 13:01:48 | 000,016,896 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Charleston Phone Numbers.DOC
[2010/05/26 13:01:41 | 000,013,824 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\CD Burn Software Requirements.DOC
[2010/05/26 13:01:35 | 000,022,016 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Bootable CD Option_1.DOC
[2010/05/26 13:01:28 | 000,022,016 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Bootable CD Option.DOC
[2010/05/26 13:01:22 | 000,023,552 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Beaufort Phone Address Table.DOC
[2010/05/26 13:01:15 | 000,013,824 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Basics.DOC
[2010/05/26 13:01:09 | 000,014,336 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\BB.DOC
[2010/05/26 13:01:02 | 000,073,216 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ADDLT_1.DOC
[2010/05/26 13:00:56 | 000,031,744 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ACCOUNT PW&URLS_1.DOC
[2010/05/26 13:00:49 | 000,025,088 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ACCOUNT PW&URLS.DOC
[2010/05/26 13:00:42 | 000,035,840 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2_2.DOC
[2010/05/26 13:00:35 | 000,039,936 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2_1_1.DOC
[2010/05/26 13:00:28 | 000,037,376 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2_1.DOC
[2010/05/26 13:00:20 | 000,037,376 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2.DOC
[2010/05/26 12:44:25 | 000,001,689 | ---- | C] () -- C:\Documents and

Settings\Administrator\Desktop\Palm Desktop.lnk
[2010/05/18 17:54:30 | 000,028,672 | ---- | C] () -- C:\Netstat results

Sony_2010.doc
[2010/04/21 12:15:35 | 000,374,784 | ---- | C] () -- C:\WINNT\3dg32.dll
[2010/04/21 12:15:22 | 000,000,250 | ---- | C] () -- C:\WINNT\3dr.ini
[2010/04/19 16:38:09 | 000,000,000 | ---- | C] () -- C:\WINNT\WININIT.INI
[2010/04/19 16:38:05 | 000,028,672 | ---- | C] () --

C:\WINNT\System32\msiosd32.dll
[2010/04/19 16:38:05 | 000,000,245 | ---- | C] () -- C:\WINNT\Msiosd.ini
[2010/03/03 17:51:45 | 000,000,178 | -HS- | C] () -- C:\Documents and

Settings\User2\ntuser.ini
[2010/03/03 17:51:43 | 000,311,296 | -H-- | C] () -- C:\Documents and

Settings\User2\NTUSER.DAT
[2010/03/03 17:51:43 | 000,024,576 | -H-- | C] () -- C:\Documents and

Settings\User2\NTUSER.DAT.LOG
[2010/03/01 17:02:14 | 000,168,960 | ---- | C] () --

C:\WINNT\System32\crnxmon.dll
[2010/03/01 17:02:14 | 000,131,584 | ---- | C] () --

C:\WINNT\System32\crnxutil.dll
[2010/03/01 17:02:14 | 000,101,376 | ---- | C] () --

C:\WINNT\System32\mqisnmp.dll
[2010/03/01 17:01:13 | 000,022,812 | R--- | C] () --

C:\WINNT\MSTMON_B.INI
[2010/03/01 16:32:34 | 000,000,466 | ---- | C] () -- C:\WINNT\BRWMARK.INI
[2010/03/01 16:32:34 | 000,000,026 | ---- | C] () -- C:\WINNT\BRPP2KA.INI
[2007/03/11 00:11:05 | 000,000,155 | ---- | C] () --

C:\WINNT\NsNetScanEntry.INI
[2007/03/09 17:42:08 | 000,000,000 | ---- | C] () --

C:\WINNT\prestopm.INI
[2007/03/09 16:00:35 | 000,000,105 | ---- | C] () --

C:\WINNT\UMXADDIN.INI
[2007/03/09 16:00:34 | 000,040,960 | ---- | C] () --

C:\WINNT\System32\IPPCPUID.DLL
[2007/03/09 16:00:24 | 000,011,776 | ---- | C] () --

C:\WINNT\System32\pmsbfn32.dll
[2007/03/09 15:58:13 | 000,000,074 | ---- | C] () -- C:\WINNT\PMINI.ini
[2007/02/22 14:14:42 | 000,000,171 | ---- | C] () --

C:\WINNT\Readiris.ini
[2007/02/22 14:14:31 | 000,023,040 | ---- | C] () --

C:\WINNT\System32\irisco32.dll
[2007/02/22 14:12:35 | 000,001,810 | ---- | C] () -- C:\WINNT\If42le.ini
[2007/02/22 14:12:35 | 000,000,299 | ---- | C] () --

C:\WINNT\Pexplore.ini
[2007/02/22 14:10:52 | 000,000,135 | ---- | C] () -- C:\WINNT\SCNDRVU.INI
[2006/12/13 23:55:53 | 000,000,040 | ---- | C] () -- C:\WINNT\nero.INI
[2006/11/12 03:17:59 | 000,116,900 | ---- | C] () -- C:\Documents and

Settings\Administrator\WinPatrolLog.html
[2006/10/27 00:35:32 | 000,000,178 | -HS- | C] () -- C:\Documents and

Settings\User3\ntuser.ini
[2006/10/27 00:35:30 | 000,487,424 | -H-- | C] () -- C:\Documents and

Settings\User3\NTUSER.DAT
[2006/10/27 00:35:30 | 000,024,576 | -H-- | C] () -- C:\Documents and

Settings\User3\NTUSER.DAT.LOG
[2006/10/22 00:14:47 | 000,000,000 | ---- | C] () -- C:\WINNT\vpc32.INI
[2006/10/05 23:52:08 | 000,026,337 | ---- | C] () -- C:\WINNT\maxlink.ini
[2006/10/05 21:43:06 | 000,000,000 | ---- | C] () --

C:\WINNT\OpPrintServer.INI
[2006/10/04 22:09:47 | 000,000,064 | ---- | C] () -- C:\WINNT\init.ini
[2006/09/06 23:09:26 | 000,001,024 | -H-- | C] () -- C:\Documents and

Settings\Default User\NTUSER.DAT.LOG
[2006/04/02 18:45:02 | 000,147,456 | ---- | C] () --

C:\WINNT\System32\obtrace.dll
[2005/01/17 03:10:16 | 000,045,056 | ---- | C] () --

C:\WINNT\System32\BRTCPCON.DLL
[2004/08/09 03:00:42 | 000,000,114 | ---- | C] () --

C:\WINNT\System32\BRLMW03A.INI
[2003/09/02 17:04:08 | 000,018,932 | ---- | C] () --

C:\WINNT\MSUMLT_B.INI
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () --

C:\WINNT\System32\OUTLPERF.INI
[2002/10/04 14:05:38 | 000,049,152 | R--- | C] () --

C:\WINNT\System32\winchip.dll
[2002/10/03 15:33:18 | 000,019,968 | ---- | C] () --

C:\WINNT\System32\Cpuinf32.dll
[2002/10/03 15:23:01 | 000,343,040 | ---- | C] () --

C:\WINNT\System32\lffpx7.dll
[2002/10/03 15:23:01 | 000,116,736 | ---- | C] () --

C:\WINNT\System32\lfkodak.dll
[2002/10/03 15:19:56 | 000,000,052 | ---- | C] () --

C:\WINNT\intuprof.ini
[2002/10/03 15:19:54 | 000,000,639 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2002/10/03 15:09:34 | 000,524,288 | ---- | C] () --

C:\WINNT\System32\TDI-SonyOMG.dll
[2002/10/03 15:09:32 | 000,262,416 | ---- | C] () --

C:\WINNT\System32\Asfv2.dll
[2002/10/03 14:27:58 | 000,000,000 | ---- | C] () -- C:\WINNT\PcfEdit.INI
[2002/10/02 20:59:36 | 000,000,732 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/10/02 20:53:51 | 000,365,568 | ---- | C] () --

C:\WINNT\System32\psisdecd.dll
[2002/10/02 20:30:46 | 000,000,278 | -HS- | C] () -- C:\Documents and

Settings\Administrator\ntuser.ini
[2002/10/02 20:30:45 | 000,167,936 | -H-- | C] () -- C:\Documents and

Settings\Administrator\ntuser.dat.LOG
[2002/10/02 20:30:44 | 009,715,712 | -H-- | C] () -- C:\Documents and

Settings\Administrator\NTUSER.DAT
[2002/10/02 20:26:15 | 000,126,976 | -H-- | C] () -- C:\Documents and

Settings\Default User\NTUSER.DAT
[2002/10/02 20:25:00 | 000,021,952 | -H-- | C] () -- C:\Program

Files\folder.htt
[2002/10/02 20:01:50 | 000,077,824 | ---- | C] () --

C:\WINNT\System32\SynTPCoI.dll
[2002/10/02 20:01:15 | 000,000,272 | ---- | C] () --

C:\WINNT\System32\oeminfo.ini
[2002/10/02 20:00:45 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[2002/10/02 20:00:03 | 000,176,400 | ---- | C] () --

C:\WINNT\System32\qcut.dll
[2002/10/02 19:58:54 | 000,007,265 | ---- | C] () --

C:\WINNT\System32\iasperf.ini
[2002/10/02 19:58:44 | 000,001,505 | ---- | C] () --

C:\WINNT\System32\faxperf.ini
[2002/10/02 19:58:41 | 000,033,552 | ---- | C] () --

C:\WINNT\System32\efsadu.dll
[2002/03/04 13:16:34 | 000,110,592 | R--- | C] () --

C:\WINNT\System32\Jpeg32.dll
[2000/01/05 15:51:22 | 000,101,376 | ---- | C] () --

C:\WINNT\System32\Welsof32.dll
[1999/09/25 06:36:24 | 000,088,816 | ---- | C] () --

C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 06:36:22 | 000,017,424 | ---- | C] () --

C:\WINNT\System32\drivers\lvsound.sys

========== LOP Check ==========

[2007/03/07 19:00:37 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\Genie-soft
[2002/10/03 15:02:54 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\InterTrust
[2006/12/22 20:32:21 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\InterVideo
[2010/05/27 21:33:02 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\Leadertech
[2007/03/09 15:59:20 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\NewSoft
[2010/03/01 19:47:10 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\NSBackup
[2006/11/02 19:29:01 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\OfficeUpdate12
[2006/10/06 01:56:12 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\PPIMAGES
[2006/10/06 01:56:07 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\ScanSoft
[2010/03/05 21:19:11 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\WinPatrol
[2010/03/03 17:52:11 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\User2\Application Data\WinPatrol
[2010/03/02 14:16:10 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\User3\Application Data\WinPatrol

========== Purity Check ==========


< End of report >
SRV - [2006/10/04 23:34:07 | 000,000,000 | ---D | M] [Unavailable] --

C:\WINNT\system32\ias -- (IAS)
SRV - [2005/06/23 22:27:30 | 000,124,608 | ---- | M] (symantec)

[Disabled] -- C:\Program Files\Symantec Client Security\Symantec

AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2005/06/23 22:27:28 | 001,715,904 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Symantec Client Security\Symantec

AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2005/06/23 22:27:18 | 000,019,648 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Symantec Client Security\Symantec

AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2005/06/23 12:51:50 | 000,198,272 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Symantec Client Security\Symantec

Client Firewall\SymSPort.exe -- (SymSecurePort)
SRV - [2005/06/23 12:51:14 | 000,079,488 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Symantec Client Security\Symantec

Client Firewall\ISSVC.exe -- (ISSVC)
SRV - [2005/06/02 12:21:46 | 000,161,392 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 12:21:46 | 000,083,568 | ---- | M] (Symantec

Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 12:21:44 | 000,239,216 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe -- (ccProxy)
SRV - [2005/06/02 12:21:40 | 000,185,968 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/22 15:03:28 | 000,206,552 | ---- | M] (Symantec

Corporation) [Auto] -- C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/31 00:48:22 | 000,992,864 | ---- | M] (Symantec

Corporation) [On_Demand] -- C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2004/09/07 11:59:06 | 000,122,128 | ---- | M] (Microsoft

Corporation) [Auto] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/11/13 16:29:40 | 000,455,680 | ---- | M] () [Auto] --

C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe --

(NICSer_WPC54G)
SRV - [2003/06/19 15:05:04 | 000,196,706 | ---- | M] (Microsoft

Corporation) [Auto] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
SRV - [2003/06/19 15:05:04 | 000,147,728 | ---- | M] (VERITAS Software

Corp.) [On_Demand] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/19 15:05:04 | 000,094,992 | ---- | M] (Microsoft

Corporation) [On_Demand] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
SRV - [2003/06/19 15:05:04 | 000,068,368 | ---- | M] (Microsoft

Corporation) [Disabled] -- C:\WINNT\system32\regsvc.exe --

(RemoteRegistry)
SRV - [2003/06/19 15:05:04 | 000,061,712 | ---- | M] (Microsoft

Corporation) [Auto] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)
SRV - [2003/06/19 15:05:04 | 000,022,800 | ---- | M] (Microsoft

Corporation) [On_Demand] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/06/19 15:05:04 | 000,019,728 | ---- | M] (Microsoft

Corporation) [Auto] -- C:\WINNT\system32\hidserv.exe -- (HidServ)
SRV - [2001/08/06 05:41:48 | 000,028,672 | ---- | M] () [Auto] --

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe -- (nhksrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System] -- -- (tga)
DRV - File not found [Kernel | System] -- -- (sglfb)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/05/27 04:00:00 | 000,371,248 | ---- | M] (Symantec

Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec

Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/27 04:00:00 | 000,102,448 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\Program Files\Common

Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --

(EraserUtilDrv11010)
DRV - [2010/05/12 04:00:00 | 001,347,504 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\Program Files\Common

Files\Symantec Shared\VirusDefs\20100614.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/12 04:00:00 | 000,085,552 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\Program Files\Common

Files\Symantec Shared\VirusDefs\20100614.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/03/01 18:14:16 | 000,058,000 | ---- | M] (Roxio) [Kernel |

System] -- C:\WINNT\system32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2010/03/01 18:14:16 | 000,023,420 | ---- | M] (Roxio) [Kernel |

System] -- C:\WINNT\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2009/11/20 03:03:00 | 000,268,664 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\Program Files\Common

Files\Symantec Shared\SymcData\scfidsdefs\20100604.001\SymIDSCo.sys --

(SYMIDSCO)
DRV - [2005/05/13 22:50:10 | 000,123,488 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\Program

Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/04/22 15:03:02 | 000,267,192 | ---- | M] (Symantec

Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\symtdi.sys --

(SYMTDI)
DRV - [2005/04/22 15:03:00 | 000,017,976 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] --

C:\WINNT\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2005/04/22 15:02:58 | 000,036,984 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\symids.sys

-- (SYMIDS)
DRV - [2005/04/22 15:02:56 | 000,047,192 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] --

C:\WINNT\system32\drivers\symndis.sys -- (SYMNDIS)
DRV - [2005/04/22 15:02:54 | 000,173,208 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\symfw.sys

-- (SYMFW)
DRV - [2005/04/22 15:02:52 | 000,011,512 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\symdns.sys

-- (SYMDNS)
DRV - [2005/03/31 00:48:20 | 000,372,832 | ---- | M] (Symantec

Corporation) [Kernel | On_Demand] -- C:\Program Files\Common

Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/02/12 00:46:22 | 000,371,712 | ---- | M] (Broadcom

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\BCMWL5.SYS

-- (BCM43XX)
DRV - [2005/02/04 23:14:32 | 000,053,896 | ---- | M] (Symantec

Corporation) [Kernel | System] -- C:\Program Files\Symantec Client

Security\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/02/04 23:14:30 | 000,324,232 | ---- | M] (Symantec

Corporation) [Kernel | System] -- C:\Program Files\Symantec Client

Security\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2004/09/25 02:36:44 | 000,173,056 | ---- | M] (Funk Software,

Inc.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\odysseyIM4.sys --

(odysseyIM4)
DRV - [2004/03/04 17:29:50 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel

| On_Demand] -- C:\WINNT\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/09/02 17:03:44 | 000,020,064 | ---- | M] (KONICA MINOLTA

BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto] --

C:\WINNT\system32\MLPTDR_B.SYS -- (MLPTDR_B)
DRV - [2003/07/17 01:28:02 | 000,017,142 | ---- | M] (Printing

Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] --

C:\WINNT\system32\CBTNDIS5.sys -- (CBTNDIS5)
DRV - [2003/06/19 15:05:04 | 000,369,104 | ---- | M] (VERITAS Software

Corp.) [Kernel | Disabled] -- C:\WINNT\system32\drivers\dmboot.sys --

(dmboot)
DRV - [2003/06/19 15:05:04 | 000,137,936 | ---- | M] (VERITAS Software

Corp.) [Kernel | Boot] -- C:\WINNT\system32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/19 15:05:04 | 000,060,208 | ---- | M] (Microsoft

Corporation) [Kernel | On_Demand] --

C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/06/19 15:05:04 | 000,032,848 | ---- | M] (Microsoft

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\uhcd.sys

-- (uhcd)
DRV - [2003/06/19 15:05:04 | 000,027,440 | ---- | M] (Microsoft

Corporation) [File_System | Disabled] --

C:\WINNT\system32\drivers\efs.sys -- (EFS)
DRV - [2003/06/19 15:05:04 | 000,007,728 | ---- | M] (Microsoft

Corporation) [Kernel | Boot] -- C:\WINNT\system32\drivers\diskperf.sys --

(Diskperf)
DRV - [2003/06/19 15:05:04 | 000,007,312 | ---- | M] (VERITAS Software

Corp.) [Kernel | Boot] -- C:\WINNT\system32\drivers\dmload.sys --

(dmload)
DRV - [2002/07/25 16:16:36 | 000,478,971 | ---- | M] (ATI Technologies

Inc.) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\ati2mtag.sys --

(ati2mtag)
DRV - [2002/07/24 15:00:00 | 000,021,712 | ---- | M] (Microsoft

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\rca.sys --

(RCA)
DRV - [2002/07/24 15:00:00 | 000,009,680 | ---- | M] (Microsoft

Corporation) [Kernel | On_Demand] --

C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2002/07/19 16:25:58 | 000,202,880 | ---- | M] (YAMAHA CORPORATION)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\yacxgc.sys --

(WDM_YAMAHAAC97)
DRV - [2002/07/09 20:36:42 | 000,159,236 | ---- | M] (Conexant Systems)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\HSFHWICH.sys --

(HSFHWICH)
DRV - [2002/07/09 20:35:24 | 001,174,192 | ---- | M] (Conexant Systems)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/07/09 20:30:56 | 000,601,488 | ---- | M] (Conexant Systems)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\HSF_CNXT.sys --

(winachsf)
DRV - [2002/07/05 21:14:00 | 000,261,904 | ---- | M] (Synaptics, Inc.)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2002/02/25 12:52:30 | 000,139,536 | ---- | M] (Intel Corporation)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\e100bnt5.sys -- (E100B)

Intel®
DRV - [2002/01/09 07:33:42 | 000,003,200 | ---- | M] (Lucent

Technologies) [Kernel | On_Demand] --

C:\WINNT\system32\drivers\wfluc48.sys -- (wfluc48)
DRV - [2002/01/09 07:33:32 | 000,155,136 | ---- | M] (Lucent

Technologies) [Kernel | On_Demand] --

C:\WINNT\system32\drivers\wlluc48.sys -- (wlluc48)
DRV - [2001/12/20 08:02:12 | 000,006,656 | ---- | M] (Netropa

Corporation) [Kernel | System] -- C:\WINNT\system32\drivers\Msikbd2k.sys

-- (msikbd2k)
DRV - [2001/10/29 20:00:46 | 000,028,320 | ---- | M] (Sony Corporation)

[Kernel | Boot] -- C:\WINNT\system32\drivers\SonySDSK.sys -- (SonySDSK)
DRV - [2001/10/29 20:00:46 | 000,005,421 | ---- | M] (Sony Corporation)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\SonyUSBL.sys --

(SonyUSBL)
DRV - [2001/10/16 12:17:12 | 000,013,952 | ---- | M] (Microsoft

Corporation) [Kernel | On_Demand] -- C:\WINNT\system32\drivers\mpe.sys --

(MPE)
DRV - [2001/02/08 20:39:00 | 000,028,464 | ---- | M] (Sony Corporation)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\SonyiNet.sys --

(iLINKnet) Sony i.LINK(1394)
DRV - [2001/02/01 17:01:00 | 000,015,130 | ---- | M] (Intel Corp.)

[Kernel | Auto] -- C:\WINNT\system32\drivers\prpc.sys -- (PRPC)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation)

[Kernel | System] -- C:\WINNT\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/07/14 20:52:00 | 000,076,860 | ---- | M] (Sony Corporation)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2000/05/30 23:25:00 | 000,048,788 | ---- | M] (Sony Corporation)

[Kernel | On_Demand] -- C:\WINNT\system32\drivers\SonyNC.sys -- (SNC)
DRV - [2000/02/25 04:10:00 | 000,025,593 | ---- | M] (Sony Corporation)

[Kernel | Boot] -- C:\WINNT\system32\drivers\va32w2.sys -- (va32w2)
DRV - [1999/12/15 03:00:00 | 000,018,633 | ---- | M] (Sony Corporation)

[Kernel | Boot] -- C:\WINNT\system32\drivers\va16w2.sys -- (va16w2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

%SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =

http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet

Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet

Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet

Explorer\Main,Search Page = http://www.google.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.google.com/
IE -

HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet

Settings: "ProxyEnable" = 0

IE - HKU\User2_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page

= C:\WINNT\system32\blank.htm
IE - HKU\User2_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page

= http://www.sony.com/vaiopeople
IE - HKU\User2_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet

Settings: "ProxyEnable" = 0

IE - HKU\User3_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page

= C:\WINNT\system32\blank.htm
IE - HKU\User3_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page

= http://www.sony.com/vaiopeople
IE - HKU\User3_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet

Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems:

{73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.87
FF - prefs.js..extensions.enabledItems:

{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems:

linkalert.conlan@addons.mozilla.com:1.0.1
FF - prefs.js..extensions.enabledItems:

{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components:

C:\Program Files\Mozilla Firefox\components [2010/04/16 17:28:56 |

000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins:

C:\Program Files\Mozilla Firefox\plugins [2010/04/14 20:43:24 |

000,000,000 | ---D | M]

[2010/02/20 21:43:11 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\Mozilla\Extensions
[2010/06/13 12:06:12 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions
[2010/06/13 11:12:01 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents

and Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions\{73a6fe31-595d-

460b-a920-fcc0f8843232}
[2010/05/13 12:28:27 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and

Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions\{a0d7ccb3-214d-

498b-b4aa-0e8fda9a7bf7}
[2010/04/09 11:20:47 | 000,000,000 | ---D | M] (No name found) --

C:\Documents and Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions\{d40f5e7b-d2cf-

4856-b441-cc613eeffbe3}
[2010/06/03 19:32:13 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions\ietab@ip.cn
[2010/02/20 21:47:41 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions\linkalert.conla

n@addons.mozilla.com
[2010/04/14 09:59:39 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application

Data\Mozilla\Firefox\Profiles\3sfvr5an.default\extensions\personas@christ

opher.beard
[2010/06/13 12:06:12 | 000,000,000 | ---D | M] -- C:\Program

Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2002/07/24 15:00:00 | 000,000,734 | ---- | M]) -

C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\system32\msdxm.ocx ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec

Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [MSConfigReminder] F:\Geek Tools\Startup\MSCONFIG.EXE

File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client

Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP

Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\.DEFAULT..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet

Explorer\Connection Wizard\icwconn1.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start

Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk = C:\Program

Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control

Panel present
O7 -

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:

NoDriveTypeAutoRun = 149
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet

Explorer\Control Panel present
O7 -

HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies

\Explorer: NoDriveTypeAutoRun = 149
O7 -

HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies

\Explorer: CDRAutoRun = 0
O7 - HKU\User2_ON_C\Software\Policies\Microsoft\Internet Explorer\Control

Panel present
O7 -

HKU\User2_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explore

r: NoDriveTypeAutoRun = 149
O7 - HKU\User3_ON_C\Software\Policies\Microsoft\Internet Explorer\Control

Panel present
O7 -

HKU\User3_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explore

r: NoDriveTypeAutoRun = 149
O9 - Extra Button: @shdoclc.dll,-866 -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] -

C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -

C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet

Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {238EC5B8-0BF5-11D5-826E-00010239321B}

http://imgweb.charlestoncounty.org/appnet/...x/OBXViewer.cab

(OBXViewer Control)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71}

http://download.microsoft.com/download/0/A...-4D74-A130-E4CA

B36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}

http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update

Installation Engine)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}

http://cdn.scan.onecare.live.com/resource/.../wlscbase6087.c

ab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

http://update.microsoft.com/microsoftupdat...en/x86/client/w

uweb_site.cab?1266774831423 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

http://update.microsoft.com/microsoftupdat...en/x86/client/m

uweb_site.cab?1266774807459 (MUWebControl Class)
O16 - DPF: {8285080A-3FAF-41B1-B7BD-933EE724B650}

http://imgweb.charlestoncounty.org/appnet/...x/OBXSelect.cab

(OBXDocumentSelect Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}

http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java

Plug-in 1.6.0_18)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}

http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update

Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java

Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java

Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}

http://download.macromedia.com/pub/shockwa...ash/swflash.cab

(Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes

file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java

file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =

192.168.1.254
O18 - Protocol\Handler\vnd.ms.radio

{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.Exe) - C:\WINNT\explorer.exe

(Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll

- C:\WINNT\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll -

C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop WallPaper: D:\MEB Documents\My

Pictures\Wallpapers\abstract_0010.jpg
O24 - Desktop BackupWallPaper: C:\WINNT\Santa Fe Stucco.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/02 20:26:01 | 000,000,000 | -H-- | M] () -

C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () -

X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days

==========


[2010/05/26 13:05:57 | 000,151,552 | ---- | C] (DataViz, Inc.) --

C:\WINNT\System32\DVZAddin.dll
[2010/05/26 12:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common

Files\DataViz
[2010/05/26 12:57:43 | 000,000,000 | ---D | C] -- C:\Program

Files\Documents To Go
[2010/05/26 12:52:37 | 000,000,000 | ---D | C] -- C:\Documents and

Settings\Administrator\Application Data\Leadertech
[2010/05/26 12:49:52 | 000,000,000 | ---D | C] -- C:\Documents and

Settings\Administrator\My Documents\my videos
[2010/05/26 12:44:02 | 000,000,000 | ---D | C] -- C:\Program

Files\palmOne
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days

==========


[2010/06/14 15:03:52 | 009,715,712 | -H-- | M] () -- C:\Documents and

Settings\Administrator\NTUSER.DAT
[2010/06/14 14:46:47 | 000,000,006 | -H-- | M] () --

C:\WINNT\tasks\SA.DAT
[2010/06/14 14:45:42 | 535,801,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/14 11:18:29 | 000,000,278 | -HS- | M] () -- C:\Documents and

Settings\Administrator\ntuser.ini
[2010/06/13 17:06:42 | 000,000,610 | ---- | M] () -- C:\WINNT\win.ini
[2010/06/10 22:58:32 | 000,000,010 | ---- | M] () -- C:\WINNT\RHUD.bkm
[2010/06/07 12:52:12 | 000,000,466 | ---- | M] () -- C:\WINNT\BRWMARK.INI
[2010/06/07 06:11:27 | 000,000,639 | ---- | M] () -- C:\WINNT\QUICKEN.INI
[2010/05/27 11:58:15 | 000,000,040 | ---- | M] () --

C:\WINNT\System32\profile.dat
[2010/05/26 13:37:07 | 000,023,040 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Programming by Kernighan&Pike.DOC
[2010/05/26 13:28:40 | 000,024,064 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\MEB Info.DOC
[2010/05/26 13:23:05 | 000,019,968 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Electronic Inventory.doc
[2010/05/26 13:04:55 | 000,014,848 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Zire Software Info.DOC
[2010/05/26 13:04:50 | 000,016,896 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Thrift Shop.DOC
[2010/05/26 13:04:44 | 000,014,848 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Surge Protectors 1.DOC
[2010/05/26 13:04:35 | 000,098,816 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Stamper Supplies Inv.DOC
[2010/05/26 13:04:28 | 000,013,824 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Sony Toshiba HDs.DOC
[2010/05/26 13:04:21 | 000,016,384 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Sony Software Table.doc
[2010/05/26 13:04:11 | 000,014,848 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Printers & Scanners Ink & Toner

Info.DOC
[2010/05/26 13:04:04 | 000,014,336 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Palm Basics.DOC
[2010/05/26 13:03:56 | 000,015,360 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Nero6Download.DOC
[2010/05/26 13:03:49 | 000,031,744 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Med Address Table.DOC
[2010/05/26 13:03:42 | 000,017,408 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\MEB Info_1.DOC
[2010/05/26 13:03:29 | 000,023,552 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Legal Numbers.DOC
[2010/05/26 13:03:22 | 000,014,848 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Laptop Shop.DOC
[2010/05/26 13:03:15 | 000,047,616 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Furniture Measurements.DOC
[2010/05/26 13:03:09 | 000,023,040 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\FAM_EMAIL.DOC
[2010/05/26 13:03:04 | 000,018,944 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Expenses_1.DOC
[2010/05/26 13:02:55 | 000,035,328 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Electricity Notes.DOC
[2010/05/26 13:02:49 | 000,023,552 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Electric Terms.DOC
[2010/05/26 13:02:44 | 000,018,944 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\EMERGENCY NUMBERS.DOC
[2010/05/26 13:02:33 | 000,566,784 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\D-Link Airplus G Di-524 Router Manual

Notes.DOC
[2010/05/26 13:02:22 | 000,169,472 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Crushed.DOC
[2010/05/26 13:02:09 | 000,613,888 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Craft Inventory.DOC
[2010/05/26 13:01:51 | 000,016,896 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Charleston Phone Numbers.DOC
[2010/05/26 13:01:44 | 000,013,824 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\CD Burn Software Requirements.DOC
[2010/05/26 13:01:38 | 000,022,016 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Bootable CD Option_1.DOC
[2010/05/26 13:01:31 | 000,022,016 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Bootable CD Option.DOC
[2010/05/26 13:01:25 | 000,023,552 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Beaufort Phone Address Table.DOC
[2010/05/26 13:01:19 | 000,013,824 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\Basics.DOC
[2010/05/26 13:01:12 | 000,014,336 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\BB.DOC
[2010/05/26 13:01:06 | 000,073,216 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ADDLT_1.DOC
[2010/05/26 13:00:59 | 000,031,744 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ACCOUNT PW&URLS_1.DOC
[2010/05/26 13:00:52 | 000,025,088 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ACCOUNT PW&URLS.DOC
[2010/05/26 13:00:45 | 000,035,840 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2_2.DOC
[2010/05/26 13:00:38 | 000,039,936 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2_1_1.DOC
[2010/05/26 13:00:31 | 000,037,376 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2_1.DOC
[2010/05/26 13:00:24 | 000,037,376 | ---- | M] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2.DOC
[2010/05/26 12:44:25 | 000,001,689 | ---- | M] () -- C:\Documents and

Settings\Administrator\Desktop\Palm Desktop.lnk
[2010/05/18 19:16:06 | 000,028,672 | ---- | M] () -- C:\Netstat results

Sony_2010.doc
[4 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name

==========


[2010/05/26 13:14:59 | 000,134,144 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\- Getting Started Tips -.doc
[2010/05/26 13:04:52 | 000,014,848 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Zire Software Info.DOC
[2010/05/26 13:04:47 | 000,016,896 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Thrift Shop.DOC
[2010/05/26 13:04:40 | 000,014,848 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Surge Protectors 1.DOC
[2010/05/26 13:04:31 | 000,098,816 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Stamper Supplies Inv.DOC
[2010/05/26 13:04:24 | 000,013,824 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Sony Toshiba HDs.DOC
[2010/05/26 13:04:21 | 000,016,384 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Sony Software Table.doc
[2010/05/26 13:04:14 | 000,023,040 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Programming by Kernighan&Pike.DOC
[2010/05/26 13:04:07 | 000,014,848 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Printers & Scanners Ink & Toner

Info.DOC
[2010/05/26 13:04:00 | 000,014,336 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Palm Basics.DOC
[2010/05/26 13:03:52 | 000,015,360 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Nero6Download.DOC
[2010/05/26 13:03:45 | 000,031,744 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Med Address Table.DOC
[2010/05/26 13:03:39 | 000,017,408 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\MEB Info_1.DOC
[2010/05/26 13:03:32 | 000,024,064 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\MEB Info.DOC
[2010/05/26 13:03:26 | 000,023,552 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Legal Numbers.DOC
[2010/05/26 13:03:19 | 000,014,848 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Laptop Shop.DOC
[2010/05/26 13:03:12 | 000,047,616 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Furniture Measurements.DOC
[2010/05/26 13:03:06 | 000,023,040 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\FAM_EMAIL.DOC
[2010/05/26 13:03:01 | 000,018,944 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Expenses_1.DOC
[2010/05/26 13:02:58 | 000,019,968 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Electronic Inventory.doc
[2010/05/26 13:02:52 | 000,035,328 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Electricity Notes.DOC
[2010/05/26 13:02:47 | 000,023,552 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Electric Terms.DOC
[2010/05/26 13:02:40 | 000,018,944 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\EMERGENCY NUMBERS.DOC
[2010/05/26 13:02:27 | 000,566,784 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\D-Link Airplus G Di-524 Router Manual

Notes.DOC
[2010/05/26 13:02:18 | 000,169,472 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Crushed.DOC
[2010/05/26 13:01:58 | 000,613,888 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Craft Inventory.DOC
[2010/05/26 13:01:48 | 000,016,896 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Charleston Phone Numbers.DOC
[2010/05/26 13:01:41 | 000,013,824 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\CD Burn Software Requirements.DOC
[2010/05/26 13:01:35 | 000,022,016 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Bootable CD Option_1.DOC
[2010/05/26 13:01:28 | 000,022,016 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Bootable CD Option.DOC
[2010/05/26 13:01:22 | 000,023,552 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Beaufort Phone Address Table.DOC
[2010/05/26 13:01:15 | 000,013,824 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\Basics.DOC
[2010/05/26 13:01:09 | 000,014,336 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\BB.DOC
[2010/05/26 13:01:02 | 000,073,216 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ADDLT_1.DOC
[2010/05/26 13:00:56 | 000,031,744 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ACCOUNT PW&URLS_1.DOC
[2010/05/26 13:00:49 | 000,025,088 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ACCOUNT PW&URLS.DOC
[2010/05/26 13:00:42 | 000,035,840 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2_2.DOC
[2010/05/26 13:00:35 | 000,039,936 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2_1_1.DOC
[2010/05/26 13:00:28 | 000,037,376 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2_1.DOC
[2010/05/26 13:00:20 | 000,037,376 | ---- | C] () -- C:\Documents and

Settings\Administrator\My Documents\ACCNO#2.DOC
[2010/05/26 12:44:25 | 000,001,689 | ---- | C] () -- C:\Documents and

Settings\Administrator\Desktop\Palm Desktop.lnk
[2010/05/18 17:54:30 | 000,028,672 | ---- | C] () -- C:\Netstat results

Sony_2010.doc
[2010/04/21 12:15:35 | 000,374,784 | ---- | C] () -- C:\WINNT\3dg32.dll
[2010/04/21 12:15:22 | 000,000,250 | ---- | C] () -- C:\WINNT\3dr.ini
[2010/04/19 16:38:09 | 000,000,000 | ---- | C] () -- C:\WINNT\WININIT.INI
[2010/04/19 16:38:05 | 000,028,672 | ---- | C] () --

C:\WINNT\System32\msiosd32.dll
[2010/04/19 16:38:05 | 000,000,245 | ---- | C] () -- C:\WINNT\Msiosd.ini
[2010/03/03 17:51:45 | 000,000,178 | -HS- | C] () -- C:\Documents and

Settings\User2\ntuser.ini
[2010/03/03 17:51:43 | 000,311,296 | -H-- | C] () -- C:\Documents and

Settings\User2\NTUSER.DAT
[2010/03/03 17:51:43 | 000,024,576 | -H-- | C] () -- C:\Documents and

Settings\User2\NTUSER.DAT.LOG
[2010/03/01 17:02:14 | 000,168,960 | ---- | C] () --

C:\WINNT\System32\crnxmon.dll
[2010/03/01 17:02:14 | 000,131,584 | ---- | C] () --

C:\WINNT\System32\crnxutil.dll
[2010/03/01 17:02:14 | 000,101,376 | ---- | C] () --

C:\WINNT\System32\mqisnmp.dll
[2010/03/01 17:01:13 | 000,022,812 | R--- | C] () --

C:\WINNT\MSTMON_B.INI
[2010/03/01 16:32:34 | 000,000,466 | ---- | C] () -- C:\WINNT\BRWMARK.INI
[2010/03/01 16:32:34 | 000,000,026 | ---- | C] () -- C:\WINNT\BRPP2KA.INI
[2007/03/11 00:11:05 | 000,000,155 | ---- | C] () --

C:\WINNT\NsNetScanEntry.INI
[2007/03/09 17:42:08 | 000,000,000 | ---- | C] () --

C:\WINNT\prestopm.INI
[2007/03/09 16:00:35 | 000,000,105 | ---- | C] () --

C:\WINNT\UMXADDIN.INI
[2007/03/09 16:00:34 | 000,040,960 | ---- | C] () --

C:\WINNT\System32\IPPCPUID.DLL
[2007/03/09 16:00:24 | 000,011,776 | ---- | C] () --

C:\WINNT\System32\pmsbfn32.dll
[2007/03/09 15:58:13 | 000,000,074 | ---- | C] () -- C:\WINNT\PMINI.ini
[2007/02/22 14:14:42 | 000,000,171 | ---- | C] () --

C:\WINNT\Readiris.ini
[2007/02/22 14:14:31 | 000,023,040 | ---- | C] () --

C:\WINNT\System32\irisco32.dll
[2007/02/22 14:12:35 | 000,001,810 | ---- | C] () -- C:\WINNT\If42le.ini
[2007/02/22 14:12:35 | 000,000,299 | ---- | C] () --

C:\WINNT\Pexplore.ini
[2007/02/22 14:10:52 | 000,000,135 | ---- | C] () -- C:\WINNT\SCNDRVU.INI
[2006/12/13 23:55:53 | 000,000,040 | ---- | C] () -- C:\WINNT\nero.INI
[2006/11/12 03:17:59 | 000,116,900 | ---- | C] () -- C:\Documents and

Settings\Administrator\WinPatrolLog.html
[2006/10/27 00:35:32 | 000,000,178 | -HS- | C] () -- C:\Documents and

Settings\User3\ntuser.ini
[2006/10/27 00:35:30 | 000,487,424 | -H-- | C] () -- C:\Documents and

Settings\User3\NTUSER.DAT
[2006/10/27 00:35:30 | 000,024,576 | -H-- | C] () -- C:\Documents and

Settings\User3\NTUSER.DAT.LOG
[2006/10/22 00:14:47 | 000,000,000 | ---- | C] () -- C:\WINNT\vpc32.INI
[2006/10/05 23:52:08 | 000,026,337 | ---- | C] () -- C:\WINNT\maxlink.ini
[2006/10/05 21:43:06 | 000,000,000 | ---- | C] () --

C:\WINNT\OpPrintServer.INI
[2006/10/04 22:09:47 | 000,000,064 | ---- | C] () -- C:\WINNT\init.ini
[2006/09/06 23:09:26 | 000,001,024 | -H-- | C] () -- C:\Documents and

Settings\Default User\NTUSER.DAT.LOG
[2006/04/02 18:45:02 | 000,147,456 | ---- | C] () --

C:\WINNT\System32\obtrace.dll
[2005/01/17 03:10:16 | 000,045,056 | ---- | C] () --

C:\WINNT\System32\BRTCPCON.DLL
[2004/08/09 03:00:42 | 000,000,114 | ---- | C] () --

C:\WINNT\System32\BRLMW03A.INI
[2003/09/02 17:04:08 | 000,018,932 | ---- | C] () --

C:\WINNT\MSUMLT_B.INI
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () --

C:\WINNT\System32\OUTLPERF.INI
[2002/10/04 14:05:38 | 000,049,152 | R--- | C] () --

C:\WINNT\System32\winchip.dll
[2002/10/03 15:33:18 | 000,019,968 | ---- | C] () --

C:\WINNT\System32\Cpuinf32.dll
[2002/10/03 15:23:01 | 000,343,040 | ---- | C] () --

C:\WINNT\System32\lffpx7.dll
[2002/10/03 15:23:01 | 000,116,736 | ---- | C] () --

C:\WINNT\System32\lfkodak.dll
[2002/10/03 15:19:56 | 000,000,052 | ---- | C] () --

C:\WINNT\intuprof.ini
[2002/10/03 15:19:54 | 000,000,639 | ---- | C] () -- C:\WINNT\QUICKEN.INI
[2002/10/03 15:09:34 | 000,524,288 | ---- | C] () --

C:\WINNT\System32\TDI-SonyOMG.dll
[2002/10/03 15:09:32 | 000,262,416 | ---- | C] () --

C:\WINNT\System32\Asfv2.dll
[2002/10/03 14:27:58 | 000,000,000 | ---- | C] () -- C:\WINNT\PcfEdit.INI
[2002/10/02 20:59:36 | 000,000,732 | ---- | C] () -- C:\WINNT\ODBC.INI
[2002/10/02 20:53:51 | 000,365,568 | ---- | C] () --

C:\WINNT\System32\psisdecd.dll
[2002/10/02 20:30:46 | 000,000,278 | -HS- | C] () -- C:\Documents and

Settings\Administrator\ntuser.ini
[2002/10/02 20:30:45 | 000,176,128 | -H-- | C] () -- C:\Documents and

Settings\Administrator\ntuser.dat.LOG
[2002/10/02 20:30:44 | 009,715,712 | -H-- | C] () -- C:\Documents and

Settings\Administrator\NTUSER.DAT
[2002/10/02 20:26:15 | 000,126,976 | -H-- | C] () -- C:\Documents and

Settings\Default User\NTUSER.DAT
[2002/10/02 20:25:00 | 000,021,952 | -H-- | C] () -- C:\Program

Files\folder.htt
[2002/10/02 20:01:50 | 000,077,824 | ---- | C] () --

C:\WINNT\System32\SynTPCoI.dll
[2002/10/02 20:01:15 | 000,000,272 | ---- | C] () --

C:\WINNT\System32\oeminfo.ini
[2002/10/02 20:00:45 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[2002/10/02 20:00:03 | 000,176,400 | ---- | C] () --

C:\WINNT\System32\qcut.dll
[2002/10/02 19:58:54 | 000,007,265 | ---- | C] () --

C:\WINNT\System32\iasperf.ini
[2002/10/02 19:58:44 | 000,001,505 | ---- | C] () --

C:\WINNT\System32\faxperf.ini
[2002/10/02 19:58:41 | 000,033,552 | ---- | C] () --

C:\WINNT\System32\efsadu.dll
[2002/03/04 13:16:34 | 000,110,592 | R--- | C] () --

C:\WINNT\System32\Jpeg32.dll
[2000/01/05 15:51:22 | 000,101,376 | ---- | C] () --

C:\WINNT\System32\Welsof32.dll
[1999/09/25 06:36:24 | 000,088,816 | ---- | C] () --

C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 06:36:22 | 000,017,424 | ---- | C] () --

C:\WINNT\System32\drivers\lvsound.sys

========== LOP Check ==========

[2007/03/07 19:00:37 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\Genie-soft
[2002/10/03 15:02:54 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\InterTrust
[2006/12/22 20:32:21 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\InterVideo
[2010/05/27 21:33:02 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\Leadertech
[2007/03/09 15:59:20 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\NewSoft
[2010/03/01 19:47:10 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\NSBackup
[2006/11/02 19:29:01 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\OfficeUpdate12
[2006/10/06 01:56:12 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\PPIMAGES
[2006/10/06 01:56:07 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\ScanSoft
[2010/03/05 21:19:11 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Administrator\Application Data\WinPatrol
[2010/03/03 17:52:11 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\User2\Application Data\WinPatrol
[2010/03/02 14:16:10 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\User3\Application Data\WinPatrol

========== Purity Check ==========



< End of report >

mac 10.6 on macbook pro
WinXP sp2 on Dell 380 w/ 512 MB RAM- currently dead in the water
WinXP tab ed sp 3 on Thinkpad X41 w/ 1.5 GB RAM - lemony flavored
Win2K Sp4 on Sony VAIO GXR600 w/ 512 MB RAM - currently blue screening

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:03 AM

Posted 15 June 2010 - 02:55 PM

Next we are going to look for restore points so we can have OTLPE do all the work for us.

Please rerun OTLPE, copy/paste the following text into the "custom scan/fix" field, click the NONE button and click Run Scan.
CODE
restorepoints


Post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 MaryBet82

MaryBet82
  • Topic Starter

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:03 PM

Posted 16 June 2010 - 10:31 AM

Here's the scan report.
I didn't know win2k had any restore points.
I can list the system32/config directory from w/in reatogo-x-pe after doing the chkdsk repair, so it may be possible to boot into windows or to replace the system hive in config w/ the system.bak file now. I'm not doing anything other than as you direct, so I haven't tried anything.

OTL logfile created on: 6/16/2010 12:24:20 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195) - Type = SYSTEM
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 281.00 Mb Available Physical Memory | 55.00% Memory free
463.00 Mb Paging File | 315.00 Mb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 14.94 Gb Total Space | 4.88 Gb Free Space | 32.66% Space Free | Partition Type: NTFS
Drive D: | 13.00 Gb Total Space | 3.42 Gb Free Space | 26.27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Custom Scans ==========



========== Restore Points Found ==========
< End of report >

mac 10.6 on macbook pro
WinXP sp2 on Dell 380 w/ 512 MB RAM- currently dead in the water
WinXP tab ed sp 3 on Thinkpad X41 w/ 1.5 GB RAM - lemony flavored
Win2K Sp4 on Sony VAIO GXR600 w/ 512 MB RAM - currently blue screening

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:03 AM

Posted 16 June 2010 - 11:18 AM

Yes you are right about the restore points...

Please run the following as a custom scan:
CODE
c:\winnt\system32\config\*

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 MaryBet82

MaryBet82
  • Topic Starter

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:03 PM

Posted 16 June 2010 - 12:49 PM

I hit the None button again. I hope that was right.

I've plugged in an external HDD hoping to backup recent doc changes, but altho the "mass storage device" is recognized per safely remove hardware and the partitions are recognized in drive manager, they don't show up in My Computer. I tried clicking Add Hardware, but got a message it can only install one thing at a time, so I assume it's "installing" the LaCie. Anyway, all those partitions show up in the scan [G-I].

Here's the scan.
OTL logfile created on: 6/16/2010 2:46:26 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195) - Type = SYSTEM
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 278.00 Mb Available Physical Memory | 54.00% Memory free
463.00 Mb Paging File | 315.00 Mb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 14.94 Gb Total Space | 4.88 Gb Free Space | 32.66% Space Free | Partition Type: NTFS
Drive D: | 13.00 Gb Total Space | 3.42 Gb Free Space | 26.27% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 483.56 Mb Total Space | 64.97 Mb Free Space | 13.44% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet002

========== Custom Scans ==========


< c\winnt\system32\config\* >
< End of report >


mac 10.6 on macbook pro
WinXP sp2 on Dell 380 w/ 512 MB RAM- currently dead in the water
WinXP tab ed sp 3 on Thinkpad X41 w/ 1.5 GB RAM - lemony flavored
Win2K Sp4 on Sony VAIO GXR600 w/ 512 MB RAM - currently blue screening

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:03 AM

Posted 16 June 2010 - 02:20 PM

I'm just realizing you can use the following instructions smile.gif http://support.microsoft.com/kb/269075

Using My Computer you can access all folders on your drive and just manually copy and rename. No need for the command prompt (although you can use that as well, click Start > Command prompt).

However, make sure you back up all data in your userprofile first (just copy your whole user profile folder to a separate folder on the C drive, since you may loose all data in thee if you copy the system hives over).

Since I am not too familiar with windows 2000, I'm not entirely sure how the userprofiles are organized, but better safe than sorry.

Edited by elise025, 16 June 2010 - 02:21 PM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 MaryBet82

MaryBet82
  • Topic Starter

  • Members
  • 454 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:03 PM

Posted 16 June 2010 - 05:29 PM

Yes, I was going to use that MS Support article and "copy c:\winnt\repair\system.bak c:\winnt\system32\config\system". Now that I've run chkdsk and it appears to have completed w/ repairs successfully I'm going to try just booting into windows first, in case that was enough. If I have to do the copy I may have a problem - system.bak is a 2,984kb file modified 10/2/02 - I've reformatted and reinstalled since then so it must be a basic registry backup that is written to the Repair folder from the recovery disks rather than created on installation. The system file in Config is 6,024kb modified 6/14/10. I have a registry backup from March 2010, so if I have to do the copy and that gets me into windows I should then be able to import the registry backup. Or double click it, rather.

I'm not sure where the user profile is either. There's a 136kb userdiff file in config that was last modified on 10/2/02 -that's the only "user" labeled file in config. I think SAM has the SIDs - at least a corrupt SAM can lock you out in winxp. SAM in Config may be corrupt, but there's a SAM in Repair last modified in 2006 and I can probably find the passwords from then if necessary. My registry bu from March might fix that problem, but I'd have to be in windows to use it and a corrupt SAM could keep me from logging on. If that happens I guess I'd use the PE CD to copy the SAM from Repair to Config and try again.
I think ntuser.dat in documents&settings has desktop, mouse, etc settings, but I don't have a bu of that anywhere. If that got corrupted I'll just have to reconfigure those settings.

First, since I have a my computer w/ drag & copy I'm going to back up my docs, which will take awhile since the Sony is USB 1.1.

Thanks for all your help. I'll let you know if I get back into windows or not.





mac 10.6 on macbook pro
WinXP sp2 on Dell 380 w/ 512 MB RAM- currently dead in the water
WinXP tab ed sp 3 on Thinkpad X41 w/ 1.5 GB RAM - lemony flavored
Win2K Sp4 on Sony VAIO GXR600 w/ 512 MB RAM - currently blue screening

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,317 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:03 AM

Posted 17 June 2010 - 04:08 AM

I was referring to the userprofile folder, not the registry information regarding the profile.

For example, in XP they are stored in c:\documents and settings\<myuserprofile>

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users