Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer running very slow virus scan picks up addware but cant delete

Started by justincw23 , Aug 24 2009 05:06 PM

  • Please log in to reply

#1
justincw23
Posted 24 August 2009 - 05:06 PM

justincw23

    New Member

  • Member
  • Pip
  • 4 posts
Hi my computer has been running real slow and the cpu usages is constantly above 75% to 100%with only IE running with one tab open. I have just done all of the steps on the Spyware and Malware cleaning guide and I have all the logs saved. Also about two months ago someone hacked onto my computer and opened a brower and got into my paypal right in front of me until I turned off the machine and unpluged the router. I bought mcafee and thought the problem was solved until I went through some of the post on here and seems like things like that dont get fixed that easy. Well anyways here are my logs, any help would be greatly apprieciated. Justin

Malwarebytes' Anti-Malware 1.40
Database version: 2688
Windows 5.1.2600 Service Pack 3

8/24/2009 10:58:53 AM
mbam-log-2009-08-24 (10-58-53).txt

Scan type: Quick Scan
Objects scanned: 113519
Time elapsed: 17 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/24 11:21
Program Version: Version 1.3.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAE770000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A01000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xACF92000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==



OTL logfile created on: 8/24/2009 11:24:53 AM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrator.JUSTIN.001\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 70.80% Memory free
2.11 Gb Paging File | 1.77 Gb Available in Paging File | 84.06% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 147.25 Gb Total Space | 120.91 Gb Free Space | 82.12% Space Free | Partition Type: NTFS
Drive D: | 5.40 Gb Total Space | 0.67 Gb Free Space | 12.39% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JUSTIN
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2008/04/13 18:12:18 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2007/06/08 03:05:51 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdmcoms.exe
PRC - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2007/11/16 19:34:26 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2002/11/18 23:15:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2007/09/19 19:31:55 | 01,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/10 00:26:20 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\windows\system\hpsysdrv.exe
PRC - [2002/10/25 17:33:46 | 00,069,632 | ---- | M] (MyComp) -- C:\Program Files\USB Storage RW\shwicon.exe
PRC - [2003/01/22 04:04:00 | 00,040,960 | ---- | M] (VM.) -- C:\WINDOWS\VM_STI.EXE
PRC - [2007/07/06 10:53:08 | 00,455,344 | ---- | M] () -- C:\Program Files\Lexmark 5000 Series\lxdmmon.exe
PRC - [2007/06/01 14:06:09 | 00,020,480 | ---- | M] () -- C:\Program Files\Lexmark 5000 Series\lxdmamon.exe
PRC - File not found --
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/02/06 04:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/08/24 11:23:19 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JUSTIN.001\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (0037781250754110mcinstcleanup [Auto | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [Auto | Running])
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2008/04/13 18:12:18 | 00,084,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/10/30 08:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/06/08 03:05:43 | 00,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdmserv.exe -- (lxdmCATSCustConnectService [Auto | Stopped])
SRV - [2007/06/08 03:05:51 | 00,598,960 | ---- | M] ( ) -- C:\WINDOWS\System32\lxdmcoms.exe -- (lxdm_device [Auto | Running])
SRV - [2009/07/08 20:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
SRV - [2009/02/11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2007/11/16 19:34:26 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])
SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/07/08 15:15:04 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/07/08 13:43:40 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/07/08 13:11:52 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2009/07/10 03:26:42 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2009/07/08 14:48:48 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2002/11/18 23:15:00 | 00,065,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2002/08/29 06:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxsap.dll -- (NwSapAgent [Auto | Running])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/09/19 19:31:55 | 01,247,600 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running])
SRV - [2007/10/18 10:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])
SRV - [2008/11/09 14:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.peoplepc.com/search
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant_bak = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/07/23 14:16:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/07 15:57:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/24 11:06:43 | 00,000,000 | ---D | M]


O1 HOSTS File: (7109 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost #***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 awmdabest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 b.casalemedia.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 campaigns.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 code.jcash.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 content.dollarrevenue.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 content.exetraffic.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 cumhereteens.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 dedmazai.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 faccesborrate.com # ***Inserted By STOPzilla***
O1 - Hosts: 80 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn7\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AutoTBar] C:\hp\bin\autotbar.exe File not found
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (VM.)
O4 - HKLM..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KYE_Showicon] File not found
O4 - HKLM..\Run: [Lexmark 5000 Series Fax Server] C:\Program Files\Lexmark 5000 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdmamon] C:\Program Files\Lexmark 5000 Series\lxdmamon.exe ()
O4 - HKLM..\Run: [lxdmmon.exe] C:\Program Files\Lexmark 5000 Series\lxdmmon.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [systeminfors] C:\WINDOWS\System32\winer.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [Acme.PCHButton] C:\Program Files\HP Instant Support\plugin\bin\PCHButton.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator.JUSTIN.001\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/05/28 22:28:31 | 00,000,000 | ---D | M]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/05/28 22:28:31 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/05/28 22:28:31 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/05/28 22:28:31 | 00,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} http://h20278.www2.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://by135fd.bay13...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5468A766-6749-4EC5-8F7A-5D47EE8FE646} http://www.x2game.co...nectControl.Cab (ConnectControl Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} http://www.x2game.co...utoPatchOCX.cab (AutoPatchOCX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {A977FF0C-8757-4E76-8533-482F91946233} http://dl.sayclub.co...ayctl/sayax.cab (session Class)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (Reg Error: Key error.)
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} http://us.dl1.yimg.c...ropper1_3us.cab (Yahoo! Photos Easy Upload Tool Class)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306} https://care.windstr...aller_3-0-0.cab (SecurityManager Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DAAD8E43-FAC2-41DD-8F02-9D2BD626F4BB} http://chat.saram.ne...t_InstProj1.cab (AVChat_Inst Control)
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.co.../MathPlayer.cab (Pearson MathXL Player)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.c...bio5_3_16_0.cab (Yahoo! Toolbar)
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} https://care.windstr...TELControls.cab (ConnectivityTester Class)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://chat.msn.com/bin/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/30 21:58:14 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/11 04:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{263f49cb-e792-11dd-9e98-0010dcab6640}\Shell - "" = AutoRun
O33 - MountPoints2\{263f49cb-e792-11dd-9e98-0010dcab6640}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{263f49cb-e792-11dd-9e98-0010dcab6640}\Shell\AutoRun\command - "" = K:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - C:\WINDOWS\System32\ipxsap.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/08/24 11:23:13 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JUSTIN.001\Desktop\OTL.exe
[2009/08/22 19:22:41 | 00,042,253 | ---- | C] () -- C:\Documents and Settings\Administrator.JUSTIN.001\Desktop\me.jpg
[2009/08/16 13:17:04 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/16 03:08:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/16 03:07:54 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/16 03:07:40 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/16 03:06:43 | 00,000,000 | ---D | C] -- C:\45b5f4261848e6465708605e2bb3
[2009/08/16 03:06:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/08/14 08:38:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.JUSTIN.001\Desktop\Mobile pics
[2009/08/11 16:36:10 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Administrator.JUSTIN.001\My Documents\Colt Ballinger.doc

========== Files - Modified Within 14 Days ==========

[2009/08/24 11:23:19 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.JUSTIN.001\Desktop\OTL.exe
[2009/08/24 11:12:32 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/24 11:11:52 | 00,000,247 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/08/24 11:11:51 | 00,011,249 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/08/24 11:10:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/24 11:10:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/24 11:10:01 | 00,028,740 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000004-00541102}.rfx
[2009/08/24 11:10:01 | 00,028,740 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000004-00541102}.rfx
[2009/08/24 11:10:01 | 00,026,640 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000004-00541102}.rfx
[2009/08/24 11:10:01 | 00,026,640 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000004-00541102}.rfx
[2009/08/24 11:10:01 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/08/24 11:10:01 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/08/24 11:10:01 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-00541102}.dat
[2009/08/24 11:10:01 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000004-00541102}.dat
[2009/08/22 19:18:30 | 00,042,253 | ---- | M] () -- C:\Documents and Settings\Administrator.JUSTIN.001\Desktop\me.jpg
[2009/08/17 03:02:37 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/16 09:08:46 | 00,267,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/16 03:12:46 | 00,507,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/16 03:12:46 | 00,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/16 03:12:46 | 00,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/15 05:14:24 | 00,000,912 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/15 05:14:24 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/15 05:14:24 | 00,000,207 | -HS- | M] () -- C:\boot.ini
[2009/08/15 02:05:21 | 00,000,356 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/08/11 16:36:10 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Administrator.JUSTIN.001\My Documents\Colt Ballinger.doc

========== LOP Check ==========

[2009/07/29 12:58:08 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data
[2008/03/05 07:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\5000 Series
[2003/05/09 07:23:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\ArcSoft
[2003/05/20 18:31:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Corel
[2007/10/07 22:51:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Earthlink
[2006/07/31 17:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Firaxis Games
[2003/01/18 06:23:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\InterTrust
[2003/04/20 09:52:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\InterVideo
[2008/04/18 09:13:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Intuit
[2008/03/07 09:57:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Lexmark Productivity Studio
[2008/06/04 20:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\LimeWire
[2004/06/15 19:12:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Motive
[2009/05/27 17:15:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Move Networks
[2003/07/06 16:03:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\MSN6
[2006/07/31 17:25:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\My Games
[2006/08/29 17:44:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\PureEdge
[2003/01/18 06:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\SampleView
[2003/01/18 06:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Share-to-Web Upload Folder
[2006/08/14 08:02:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\STOPzilla!
[2004/02/04 03:31:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Ulead Systems
[2003/01/18 06:23:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\VERITAS
[2008/09/07 14:10:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.JUSTIN.001\Application Data\Viewpoint
[2009/08/07 22:17:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/03/03 15:30:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5000 Series
[2007/05/17 01:16:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/07/22 01:22:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2005/02/26 04:06:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2008/04/18 09:11:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/04/01 10:38:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2003/12/27 11:18:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.1.0207
[2003/05/02 01:51:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2007/04/14 18:38:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PureEdge
[2003/01/18 06:24:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2006/08/14 14:55:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/07/28 21:16:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2004/04/29 20:00:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2002/08/29 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/15 02:05:21 | 00,000,356 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/08/01 01:15:21 | 00,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/08/24 11:10:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 09:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

< >
< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP