Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virtumonde Virus


  • Please log in to reply

#1
jnscritch

jnscritch

    New Member

  • Member
  • Pip
  • 1 posts
Hello - I contracted the Virtumonde virus/trojan several weeks ago. I went through all of the steps as outlined in the removal guide. After I ran through the steps, my computer seemed to be running fine, but is now becoming slow and the modifications to McAfee and Windows Defender started again.

Here are the OTL results:

OTL logfile created on: 10/21/2009 5:46:54 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Stephanie\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 93.82% Memory free
3.82 Gb Paging File | 3.22 Gb Available in Paging File | 84.24% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.80 Gb Total Space | 10.50 Gb Free Space | 31.06% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CRITCHLOW
Current User Name: Stephanie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/21 17:46:04 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie\Desktop\OTL.exe
PRC - [2009/10/02 13:02:56 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe
PRC - [2009/09/17 14:29:04 | 00,645,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/09/15 10:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe
PRC - [2009/09/15 05:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/15 05:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/09/15 05:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/27 00:18:44 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/08/26 17:21:22 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/03 13:05:02 | 00,233,304 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
PRC - [2008/07/17 17:12:24 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/06/22 14:15:48 | 00,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2005/10/14 14:50:30 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2005/10/14 14:46:34 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2003/09/03 21:12:44 | 00,221,184 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/02 13:02:56 | 00,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2009/09/16 11:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2009/09/16 10:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2009/09/16 09:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2009/09/15 10:23:54 | 00,894,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2009/09/15 05:56:43 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/09/15 05:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/09/15 05:54:13 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2009/09/15 05:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/08/26 17:21:22 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2009/08/18 06:21:34 | 00,316,312 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\Temp\0045791256162876mcinst.exe -- (0045791256162876mcinstcleanup [Auto | Stopped])
SRV - [2009/07/10 00:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2009/07/08 20:22:22 | 00,068,112 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe -- (MBackMonitor [On_Demand | Stopped])
SRV - [2009/07/08 11:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2009/07/07 19:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/17 17:12:24 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service [Auto | Running])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2007/08/15 20:15:16 | 00,501,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/17 00:44:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/10/15 21:24:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (306455 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10550 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - No CLSID value found.
O2 - BHO: (X1IEHook Class) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll (United Online, Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {43A1018A-63D3-4FFE-B39D-9A5CA1A1CDA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Program Files\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Stephanie\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Documents and Settings\Stephanie\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (United Online, Inc.)
O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (United Online, Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.217.0.5 24.217.201.67
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\) - C:\WINDOWS\System32 [2009/10/17 18:31:46 | 00,000,000 | ---D | M]
O20 - AppInit_DLLs: (lavusita.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6766874a-12b7-11de-9b3c-0013200bd394}\Shell\AutoRun\command - "" = F:\InstallSeagateManager.exe -- File not found
O34 - HKLM BootExecute: (sprecovr) - File not found
O34 - HKLM BootExecute: (\SystemRoot\sprecovr.tx) - C:\WINDOWS\sprecovr.tx File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2009/10/09 14:12:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/09 11:24:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2009/10/09 14:12:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Application Data\Malwarebytes
[2009/10/11 13:58:48 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/10/09 14:12:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/21 17:45:49 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stephanie\Desktop\OTL.exe
[2009/10/11 13:59:16 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/10/11 13:59:16 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/10/11 13:59:15 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/10/11 13:59:14 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/10/11 13:59:13 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/10/11 13:59:13 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/10/11 13:59:13 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/10/11 13:59:13 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/10/11 13:58:51 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/10/11 13:56:46 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\Stephanie\Desktop\avast_home_setup.exe
[2009/10/11 13:48:07 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Stephanie\Desktop\RootRepeal.exe
[2009/10/09 14:12:24 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/09 14:12:22 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/09 13:57:51 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stephanie\Desktop\TFC.exe
[2009/10/09 13:27:38 | 00,000,000 | ---D | C] -- C:\VundoFix Backups

========== Files - Modified Within 14 Days ==========

[2009/10/21 17:46:04 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie\Desktop\OTL.exe
[2009/10/21 17:23:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/21 17:23:11 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/21 17:20:56 | 00,014,093 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/10/21 17:20:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/21 17:19:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/21 17:19:58 | 26,740,20352 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/20 18:00:00 | 00,000,414 | ---- | M] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2009/10/19 18:35:30 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Stephanie\My Documents\billpay.xls
[2009/10/18 20:19:24 | 00,012,822 | ---- | M] () -- C:\Documents and Settings\Stephanie\My Documents\econfig.docx
[2009/10/16 18:30:00 | 00,000,358 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (CRITCHLOW-Stephanie).job
[2009/10/16 18:30:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (CRITCHLOW-Jamie).job
[2009/10/16 17:58:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/15 01:12:11 | 00,000,348 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/10/14 03:12:07 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/13 21:28:16 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Stephanie\Desktop\iTunes.lnk
[2009/10/11 13:59:17 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/11 13:59:13 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/11 13:56:55 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\Stephanie\Desktop\avast_home_setup.exe
[2009/10/11 13:48:41 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Stephanie\Desktop\settings.dat
[2009/10/11 13:48:39 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Stephanie\Desktop\RootRepeal.exe
[2009/10/11 09:02:34 | 00,192,081 | ---- | M] () -- C:\Documents and Settings\Stephanie\Desktop\fbd.zip
[2009/10/10 18:56:30 | 00,013,119 | ---- | M] () -- C:\Documents and Settings\Stephanie\My Documents\Meeting with Dr.docx
[2009/10/09 14:32:13 | 00,023,040 | ---- | M] () -- C:\Documents and Settings\Stephanie\My Documents\Lesson Plan Form.xls
[2009/10/09 14:12:27 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/09 13:58:01 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie\Desktop\TFC.exe
[2009/10/09 12:38:44 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\sovurenu
[2009/10/09 10:42:59 | 00,000,509 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/08 21:10:44 | 00,012,347 | ---- | M] () -- C:\Documents and Settings\Stephanie\My Documents\Inside An Atom Review.docx
[2009/10/08 18:55:22 | 00,000,014 | ---- | M] () -- C:\Documents and Settings\Stephanie\Desktop\footlib
[2009/10/08 18:55:21 | 00,000,129 | ---- | M] () -- C:\Documents and Settings\Stephanie\Desktop\playpref

========== Files - No Company Name ==========
[2049/12/31 16:00:00 | 00,544,768 | ---- | C] () -- C:\Documents and Settings\Stephanie\Desktop\fbd.exe
[2009/10/18 20:19:24 | 00,012,822 | ---- | C] () -- C:\Documents and Settings\Stephanie\My Documents\econfig.docx
[2009/10/18 17:39:38 | 00,847,212 | ---- | C] () -- C:\Documents and Settings\Stephanie\My Documents\STEPH UTT.jpg
[2009/10/18 17:39:38 | 00,390,398 | ---- | C] () -- C:\Documents and Settings\Stephanie\My Documents\STEP OSU 1.pdf
[2009/10/11 13:59:17 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/10/11 13:58:51 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/10/11 13:48:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Stephanie\Desktop\settings.dat
[2009/10/11 08:59:53 | 00,841,464 | ---- | C] () -- C:\Documents and Settings\Stephanie\My Documents\STEPH OSU.one
[2009/10/10 18:56:29 | 00,013,119 | ---- | C] () -- C:\Documents and Settings\Stephanie\My Documents\Meeting with Dr.docx
[2009/10/09 14:12:27 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/09 11:25:04 | 00,000,414 | ---- | C] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2009/10/09 10:46:48 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/08 21:05:57 | 00,012,347 | ---- | C] () -- C:\Documents and Settings\Stephanie\My Documents\Inside An Atom Review.docx
[2009/07/08 18:10:21 | 00,061,440 | -HS- | C] () -- C:\WINDOWS\System32\werujoko.dll
[2009/07/08 18:10:20 | 00,083,968 | -HS- | C] () -- C:\WINDOWS\System32\jokejeka.dll
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/25 18:30:55 | 00,000,560 | ---- | C] () -- C:\Documents and Settings\Stephanie\Application Data\ViewerApp.dat
[2007/02/18 13:53:32 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/02/04 15:44:57 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007/02/04 12:49:00 | 00,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/01/25 15:34:28 | 00,000,300 | ---- | C] () -- C:\WINDOWS\RealFlight.INI
[2006/12/30 12:48:23 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/06 19:56:45 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/07/09 18:01:48 | 00,135,680 | ---- | C] () -- C:\Documents and Settings\Stephanie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/29 08:57:21 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2005/07/12 14:44:42 | 00,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005/06/10 08:11:43 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/22 20:56:47 | 00,000,823 | ---- | C] () -- C:\WINDOWS\disney.ini
[2005/05/02 08:33:52 | 00,002,655 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/04/27 20:37:09 | 00,091,200 | ---- | C] () -- C:\Documents and Settings\Stephanie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/04/27 20:37:05 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\Stephanie\Local Settings\Application Data\fusioncache.dat
[2005/04/26 12:59:00 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Stephanie\Application Data\PFP120JPR.{PB
[2005/04/26 12:59:00 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Stephanie\Application Data\PFP120JCM.{PB
[2005/04/11 17:47:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Stephanie\Application Data\DESKTOP.INI
[2005/04/11 17:47:08 | 05,337,520 | -H-- | C] () -- C:\Documents and Settings\Stephanie\Local Settings\Application Data\IconCache.db
[2005/03/30 07:53:29 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/30 07:50:43 | 00,000,509 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/03/30 07:12:34 | 00,000,370 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 09:08:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:04:08 | 00,000,688 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:57:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/10 13:57:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/03/23 16:38:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2001/07/07 04:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1980/01/01 01:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2009/10/09 14:12:23 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/08/20 19:51:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2007/12/21 02:15:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2007/12/05 12:46:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2005/03/30 07:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2006/12/21 11:44:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/10/09 11:24:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2008/03/29 21:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2005/03/30 07:10:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/03/17 14:36:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/08/19 21:41:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/09/28 20:29:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/10/09 14:30:44 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Stephanie\Application Data
[2005/04/26 12:58:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\Corel
[2006/10/11 17:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\CyberLink
[2007/05/09 19:19:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\Image Zone Express
[2005/04/24 09:35:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\Leadertech
[2009/03/15 15:31:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\OfficeUpdate12
[2007/02/25 22:15:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\Snapfish
[2009/04/17 13:46:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\Southwest Airlines
[2009/01/09 19:40:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\U3
[2009/01/20 17:17:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\Uniblue
[2006/11/07 22:31:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\VCOM
[2009/10/16 17:58:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2005/04/04 19:55:31 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2007/08/08 12:49:27 | 00,000,762 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee Cleanup.job
[2009/10/16 18:30:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CRITCHLOW-Jamie).job
[2009/10/16 18:30:00 | 00,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CRITCHLOW-Stephanie).job
[2009/10/15 01:12:11 | 00,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/10/01 01:00:03 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job
[2009/10/21 17:23:11 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/10/20 18:00:00 | 00,000,414 | ---- | M] () -- C:\WINDOWS\Tasks\Pareto UNS.job
[2009/10/21 17:20:11 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< %systemroot%\system32\eventlog.dll >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B203B914
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E00596C
< End of report >


Root Repeal is as follows:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/11 13:50
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA7873000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79CD000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA6188000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

I believe there is something else you may need, but I am not sure what or where that is.

Thanks for your help!

Stephanie
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP