Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win32/Rootkit.Agent.ODG trojan unable to clean


  • Please log in to reply

#1
high5techmom

high5techmom

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I recently acquired a new virus and I have no idea how to get rid of it. This trojan disabled my Norton antivirus software and so I uninstalled it and installed Nord32, which found 2 infections but was only able to clean one. I followed all of the directions in the Malware and Spyware Cleaning Guide and have posted all of the necessary logs. I would really appreciate some help.

Malwarebytes' Anti-Malware 1.40
Database version: 2680
Windows 6.0.6001 Service Pack 1

8/22/2009 4:52:29 PM
mbam-log-2009-08-22 (16-52-29).txt

Scan type: Quick Scan
Objects scanned: 81110
Time elapsed: 9 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

========================================================================================================================
====


OTL logfile created on: 8/22/2009 5:15:34 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Staci\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.64 Mb Total Physical Memory | 313.81 Mb Available Physical Memory | 30.93% Memory free
2.24 Gb Paging File | 1.37 Gb Available in Paging File | 61.15% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.55 Gb Total Space | 139.82 Gb Free Space | 62.55% Space Free | Partition Type: NTFS
Drive D: | 9.33 Gb Total Space | 1.27 Gb Free Space | 13.58% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MCDONALD
Current User Name: Staci
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/07/27 13:40:49 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2007/09/25 17:16:08 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007/10/18 07:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2009/07/15 11:08:32 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/19 00:38:38 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/04/18 08:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 04:59:00 | 00,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2007/10/25 06:52:08 | 04,702,208 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2007/03/11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2008/03/25 17:07:22 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2008/03/25 17:07:34 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2009/07/13 14:03:10 | 00,292,128 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/05/26 15:31:29 | 00,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/08/15 11:05:11 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/05/14 15:47:08 | 02,029,640 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2008/01/19 00:33:09 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe
PRC - [2008/03/25 20:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/05/07 11:35:56 | 01,273,856 | ---- | M] () -- C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
PRC - [2008/01/19 00:33:27 | 00,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe
PRC - [2008/03/25 17:07:36 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/01/19 00:33:09 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/01/19 00:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/03/25 20:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/03/25 20:49:00 | 00,569,344 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/09/19 18:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
PRC - [2009/08/22 16:26:24 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\Staci\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/09 12:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/07/15 10:12:24 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 00:33:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/05/14 15:54:22 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009/05/14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Running])
SRV - [2008/01/19 00:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/07/18 18:11:48 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2009/07/15 10:32:05 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/16 16:16:44 | 00,250,616 | ---- | M] (WildTangent, Inc.) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2009/07/27 13:40:49 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate [Auto | Stopped])
SRV - [2007/09/19 18:30:52 | 00,065,536 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service [Auto | Running])
SRV - [2008/03/25 20:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2008/03/25 21:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2009/07/15 10:32:22 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/13 14:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2007/09/25 17:16:08 | 00,079,136 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2009/07/15 10:32:28 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/06/26 20:12:15 | 02,985,294 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Windows\System32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/01/04 14:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2008/01/19 00:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 00:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2007/10/18 07:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3290
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/17 07:46:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/20 15:27:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/20 15:27:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/07/15 09:17:09 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\mozilla\Extensions
[2009/07/15 09:17:09 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/22 12:22:00 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\mozilla\Firefox\Profiles\wfmuhsot.default\extensions
[2009/07/17 10:02:50 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\mozilla\Firefox\Profiles\wfmuhsot.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/15 13:07:38 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\mozilla\Firefox\Profiles\wfmuhsot.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/08/13 08:06:04 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\mozilla\Firefox\Profiles\wfmuhsot.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/07/16 08:23:49 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\mozilla\Firefox\Profiles\wfmuhsot.default\extensions\[email protected]
[2009/08/22 16:22:22 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/20 15:27:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/15 13:58:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/08/15 11:05:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/20 15:26:57 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/20 15:26:57 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/15 11:05:13 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/20 15:26:59 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/07/22 18:02:03 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/07/15 13:50:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/07/15 13:50:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/07/15 13:50:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/07/15 13:50:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/07/15 13:50:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/07/15 13:50:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/07/15 13:50:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/06/24 04:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 04:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 04:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 04:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 04:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 04:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 04:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ALUAlert] c:\Program Files\Symantec\LiveUpdate\ALuNotify.exe File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [abc7ALERTS] C:\Program Files\abc7ALERTS\abc7ALERTS.exe File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Staci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/26 20:38:42 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/08/22 16:39:58 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/22 16:39:33 | 00,000,919 | ---- | C] () -- C:\Users\Staci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/22 16:39:25 | 00,000,739 | ---- | C] () -- C:\Users\Staci\Desktop\NTREGOPT.lnk
[2009/08/22 16:39:25 | 00,000,720 | ---- | C] () -- C:\Users\Staci\Desktop\ERUNT.lnk
[2009/08/22 16:39:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/22 15:10:57 | 02,924,149 | -H-- | C] () -- C:\Users\Staci\AppData\Local\IconCache.db
[2009/08/22 14:41:23 | 00,000,000 | ---D | C] -- C:\Users\Staci\AppData\Local\ESET
[2009/08/22 13:33:05 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2009/08/22 13:33:05 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/08/22 13:18:32 | 10,626,00704 | -HS- | C] () -- C:\hiberfil.sys
[2009/08/21 19:27:08 | 00,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/08/21 19:26:23 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games
[2009/08/21 16:39:11 | 00,000,000 | ---D | C] -- C:\Users\Staci\AppData\Roaming\Malwarebytes
[2009/08/21 16:39:03 | 00,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/21 16:39:00 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/21 16:38:59 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/21 16:38:59 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/08/21 16:38:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/21 15:17:03 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/08/21 15:16:50 | 15,153,6160 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/08/20 23:28:12 | 00,000,000 | ---D | C] -- C:\Users\Staci\Documents\LDW
[2009/08/20 19:33:43 | 00,000,552 | ---- | C] () -- C:\Users\Staci\AppData\Local\d3d8caps.dat
[2009/08/20 16:45:03 | 00,000,000 | ---D | C] -- C:\Users\Staci\AppData\Local\Oberon Games
[2009/08/20 16:43:39 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/08/20 15:54:40 | 00,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2009/08/20 15:52:56 | 00,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/08/15 21:04:37 | 00,000,026 | ---- | C] () -- C:\Windows\gale.ini
[2009/08/15 21:04:37 | 00,000,000 | ---D | C] -- C:\Users\Staci\AppData\Roaming\Humanbalance
[2009/08/15 21:04:30 | 00,000,000 | ---D | C] -- C:\Program Files\GraphicsGale
[2009/08/15 15:41:18 | 00,000,000 | ---D | C] -- C:\Users\Staci\Documents\CP BLOG
[2009/08/14 14:16:28 | 00,589,824 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\DVDRProX.dll
[2009/08/14 14:16:23 | 00,002,035 | ---- | C] () -- C:\Users\Public\Desktop\My Wal-Mart Digital Photo Center.lnk
[2009/08/14 14:16:23 | 00,000,000 | ---D | C] -- C:\Program Files\Fujifilm e-Systems
[2009/08/13 15:31:37 | 00,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

========== Files - Modified Within 14 Days ==========

[2009/08/22 17:00:06 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/22 16:58:24 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/22 16:58:24 | 00,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/22 16:58:23 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/22 16:58:14 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/22 16:57:50 | 10,626,00704 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/22 16:56:19 | 02,924,149 | -H-- | M] () -- C:\Users\Staci\AppData\Local\IconCache.db
[2009/08/22 16:46:41 | 00,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/22 16:39:33 | 00,000,919 | ---- | M] () -- C:\Users\Staci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/08/22 16:39:25 | 00,000,739 | ---- | M] () -- C:\Users\Staci\Desktop\NTREGOPT.lnk
[2009/08/22 16:39:25 | 00,000,720 | ---- | M] () -- C:\Users\Staci\Desktop\ERUNT.lnk
[2009/08/22 10:31:53 | 15,153,6160 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/08/21 19:27:08 | 00,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2009/08/21 16:39:03 | 00,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/20 19:33:43 | 00,000,552 | ---- | M] () -- C:\Users\Staci\AppData\Local\d3d8caps.dat
[2009/08/20 15:52:56 | 00,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/08/19 15:58:32 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/19 15:58:32 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/19 15:58:32 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/18 00:06:03 | 00,000,546 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Staci.job
[2009/08/15 21:04:37 | 00,000,026 | ---- | M] () -- C:\Windows\gale.ini
[2009/08/14 14:16:23 | 00,002,035 | ---- | M] () -- C:\Users\Public\Desktop\My Wal-Mart Digital Photo Center.lnk
[2009/08/10 21:51:28 | 00,006,144 | ---- | M] () -- C:\Users\Staci\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/10 10:39:28 | 00,141,612 | ---- | M] () -- C:\Windows\System32\drivers\dump_wmimmc.sys

========== LOP Check ==========

[2009/08/21 16:39:11 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming
[2009/07/15 15:14:42 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\acccore
[2009/07/16 13:52:07 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\Armagetron
[2009/07/28 14:33:51 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\DAZ 3D
[2009/07/17 10:33:38 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\ESTsoft
[2009/08/15 21:04:37 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\Humanbalance
[2009/08/03 22:28:05 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\ImgBurn
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\Media Center Programs
[2009/07/17 10:39:49 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\PlayFirst
[2009/07/15 08:44:37 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\Snapfish
[2009/07/17 09:33:13 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\SystemRequirementsLab
[2009/07/18 12:02:51 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\Template
[2009/08/21 15:10:47 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\uTorrent
[2009/07/17 10:37:53 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\WildTangent
[2009/07/23 11:28:43 | 00,000,000 | ---D | M] -- C:\Users\Staci\AppData\Roaming\WinBatch
[2009/08/22 17:00:06 | 00,000,880 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/22 16:46:41 | 00,000,884 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/08/18 00:06:03 | 00,000,546 | ---- | M] () -- C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Staci.job
[2009/08/22 16:58:23 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/22 16:57:03 | 00,025,498 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2008/01/19 00:36:19 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >
========================================================================================================================
====


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/22 17:04
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\svchost.exe
PID: 416 Status: -

Path: C:\Program Files\Windows Media Player\wmpnetwk.exe
PID: 436 Status: -

Path: C:\WINDOWS\System32\smss.exe
PID: 492 Status: -

Path: C:\Program Files\Viewpoint\Common\ViewpointService.exe
PID: 516 Status: -

Path: C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PID: 528 Status: -

Path: C:\WINDOWS\System32\csrss.exe
PID: 560 Status: -

Path: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 600 Status: -

Path: C:\WINDOWS\System32\wininit.exe
PID: 604 Status: -

Path: C:\WINDOWS\System32\csrss.exe
PID: 616 Status: -

Path: C:\WINDOWS\System32\services.exe
PID: 648 Status: -

Path: C:\WINDOWS\System32\winlogon.exe
PID: 676 Status: -

Path: C:\WINDOWS\System32\lsass.exe
PID: 696 Status: -

Path: C:\WINDOWS\System32\lsm.exe
PID: 712 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 848 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 852 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 928 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 968 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 1056 Status: -

Path: C:\WINDOWS\System32\schtasks.exe
PID: 1080 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 1112 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 1136 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 1176 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 1188 Status: -

Path: C:\WINDOWS\System32\audiodg.exe
PID: 1236 Status: Locked to the Windows API!

Path: C:\WINDOWS\System32\SLsvc.exe
PID: 1300 Status: -

Path: C:\WINDOWS\servicing\TrustedInstaller.exe
PID: 1400 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 1432 Status: -

Path: C:\WINDOWS\System32\igfxsrvc.exe
PID: 1444 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 1532 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 1640 Status: -

Path: C:\WINDOWS\System32\spoolsv.exe
PID: 1700 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 1728 Status: -

Path: C:\WINDOWS\ehome\ehmsas.exe
PID: 1756 Status: -

Path: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PID: 1884 Status: -

Path: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 1924 Status: -

Path: C:\Users\Staci\Downloads\RootRepeal.exe
PID: 1948 Status: -

Path: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 1956 Status: -

Path: C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PID: 1992 Status: -

Path: C:\WINDOWS\System32\svchost.exe
PID: 2072 Status: -

Path: C:\WINDOWS\System32\SearchIndexer.exe
PID: 2108 Status: -

Path: C:\WINDOWS\System32\drivers\XAudio.exe
PID: 2148 Status: -

Path: C:\Program Files\Windows Media Player\wmpnscfg.exe
PID: 2548 Status: -

Path: C:\WINDOWS\System32\SearchFilterHost.exe
PID: 2688 Status: -

Path: C:\WINDOWS\System32\taskeng.exe
PID: 2744 Status: -

Path: C:\Program Files\iPod\bin\iPodService.exe
PID: 2820 Status: -

Path: C:\WINDOWS\System32\SearchProtocolHost.exe
PID: 2916 Status: -

Path: C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PID: 3484 Status: -

Path: C:\WINDOWS\System32\taskeng.exe
PID: 3504 Status: -

Path: C:\WINDOWS\System32\dwm.exe
PID: 3584 Status: -

Path: C:\WINDOWS\explorer.exe
PID: 3612 Status: -

Path: C:\Program Files\Windows Defender\MSASCui.exe
PID: 3840 Status: -

Path: C:\hp\support\hpsysdrv.exe
PID: 3852 Status: -

Path: C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PID: 3884 Status: -

Path: C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PID: 3924 Status: -

Path: C:\WINDOWS\RtHDVCpl.exe
PID: 3932 Status: -

Path: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PID: 3948 Status: -

Path: C:\WINDOWS\System32\wbem\WmiPrvSE.exe
PID: 3988 Status: -

Path: C:\WINDOWS\System32\hkcmd.exe
PID: 3996 Status: -

Path: C:\WINDOWS\System32\igfxpers.exe
PID: 4012 Status: -

Path: C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
PID: 4020 Status: -

Path: C:\Program Files\iTunes\iTunesHelper.exe
PID: 4036 Status: -

Path: C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PID: 4044 Status: -

Path: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 4052 Status: -

Path: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PID: 4064 Status: -

Path: C:\WINDOWS\ehome\ehtray.exe
PID: 4072 Status: -

Path: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PID: 4084 Status: -

Path: C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
PID: 4092 Status: -
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP