Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I don't know the name of infection


  • Please log in to reply

#1
nomogood

nomogood

    New Member

  • Member
  • Pip
  • 1 posts
I posted in the welcome thread section and was told to do the malware steps and post here. I'm unable to uninstall or install anything, and unable to windows update. here's what happened when I did Malware removal steps: ran TFC successfully, was prompted to reboot and I did. Tried running Sysrestore and got a ".net framework initialization error" that stated "C:\WINDOWS\Microsoft.NET\Framework\v2.0.5072\mscorwks.dll could not be loaded" so i clicked ok. ran Erunt successfully. ran malwarebytes successfully. i was unable to do the next step because i do not have a virus protection program and am unable to install any programs. Next I tried to update windows again and it did not work, I used to get errors while trying to install but now internet explorer will just freeze when I try to go to Microsoft websites. Ran Rootrepeal but I was not given a dialog box to check my drives I'm pretty sure I only have one though and I don't know if it just doesn't give you the option if you only have one drive or if there was a problem. Ran OTL and I was not given an extras.txt notepad window only the otl.txt window. so here's my logs. and just to clarify I am unsure what is wrong with this pc but I have about 30 windows .net programs and hotfixes in "add or remove programs" and I can not remove them or anything else I want to, also I'm unable to install anything or update. please help me if you can, and thank you very much in advance.

mbam log:
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 1

7/18/2009 1:55:58 AM
mbam-log-2009-07-18 (01-55-58).txt

Scan type: Quick Scan
Objects scanned: 86295
Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

root repeal log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/20 15:18
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF07A4000 Size: 90112 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF978F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\System32\drivers\rootrepeal.sys
Address: 0xEFBF7000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

OTL log:
OTL logfile created on: 7/20/2009 3:23:51 PM - Run 1
OTL by OldTimer - Version 3.0.8.0 Folder = C:\Documents and Settings\Lisa\Desktop
Windows XP Home Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

254.48 Mb Total Physical Memory | 97.11 Mb Available Physical Memory | 38.16% Memory free
626.02 Mb Paging File | 498.30 Mb Available in Paging File | 79.60% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.91 Gb Total Space | 22.65 Gb Free Space | 81.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TISH
Current User Name: Lisa
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2002/08/29 07:00:00 | 01,004,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2003/01/13 15:53:10 | 00,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2002/08/14 20:22:52 | 00,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\System32\DSentry.exe
PRC - [2002/05/16 20:36:42 | 00,065,536 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2002/02/15 12:31:42 | 00,045,056 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2004/12/31 17:14:34 | 00,748,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
PRC - [2005/10/12 19:12:28 | 00,716,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\126b5745ddca77b9d635ed46c361c072\update\update.exe
PRC - [2009/07/17 15:45:14 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2002/08/29 07:00:00 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/01/28 05:04:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer [On_Demand | Stopped])
SRV - [2002/08/29 07:00:00 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://forums.majorg...ad.php?t=35407"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5

FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/30 19:28:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/30 19:28:06 | 00,000,000 | ---D | M]

[2009/06/30 19:28:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\mozilla\Extensions
[2009/06/30 19:28:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/30 19:28:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\mozilla\Firefox\Profiles\ucohbxxp.default\extensions
[2009/06/30 19:28:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/30 19:28:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/24 09:26:10 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/24 09:26:11 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/24 09:26:12 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/24 07:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 07:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 07:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 07:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 07:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 07:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 07:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SafeGuard Protect PCShield) - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\System32\sfg_770f.dll (SafeGuard Corporation)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx ()
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [gcasServ] C:\Program Files\Microsoft AntiSpyware\gcasServ.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} http://protect.micro...b?1106799806526 (MSSecurityAdvisor Class)
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} http://www.gamehouse.com/ghdlctl.cab (dldisplay Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1246407551312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1246408218953 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://us.dl1.yimg.c...utocomplete.cab (Reg Error: Key error.)
O16 - DPF: {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} http://aolsvc.aol.co...itched/main.cab (BewitchedGameClass Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} http://download.game...outLauncher.cab (SproutLauncherCtrl Class)
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} http://us.dl1.yimg.c...ebio5_1_1_0.cab (Reg Error: Key error.)
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} http://www.trueswitc...allNetscape.exe (Reg Error: Key error.)
O16 - DPF: Aces Up! by pogo http://game3.pogo.co...s-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Fortune Bingo by pogo http://game1.pogo.co...bingo-en_US.cab (Reg Error: Key error.)
O16 - DPF: Harvest Mania by pogo http://game1.pogo.co...t-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: Jigsaw Detective by pogo http://game3.pogo.co...w-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: JT's Blocks http://download.game...ts/y/blt1_x.cab (Reg Error: Key error.)
O16 - DPF: Mah Jong Garden by pogo http://game1.pogo.co...g-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Penguin Blocks by pogo http://game1.pogo.co...s-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: Pirate's Gold by pogo http://swashbucks.po...d-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: Squelchies by pogo http://squelchies.po...s-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: Texas Hold'em Poker by pogo http://game4.pogo.co...m-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: Tumble Bees by pogo http://jumbee.pogo.c...e-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: WordJong by pogo http://wordjong.pogo...g-ob-assets.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Blackjack http://download.game...nts/y/jt0_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Bridge http://download.game...nts/y/bt1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Checkers http://download.game...nts/y/kt4_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Dominoes http://download.game...ts/y/dot8_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Freecell Solitaire http://yog55.games.s...og/y/fs10_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Gin http://download.game...nts/y/nt1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Hearts http://download.game...nts/y/ht1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Klondike Solitaire http://yog55.games.s...og/y/ks11_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Literati http://download.game...nts/y/tt2_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! MahJong http://download.game...nts/y/ot0_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! MahJong Solitaire http://download.game...s/y/mjst4_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pinochle http://download.game...nts/y/ut2_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Poker http://download.game...nts/y/pt1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Pyramids http://download.game...ts/y/pyt1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Spades http://download.game...nts/y/st2_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Spelldown http://download.game...ts/y/sdt1_x.cab (Reg Error: Key error.)
O16 - DPF: Yahoo! Towers 2.0 http://download.game...ts/y/ywt0_x.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {9EF34FF2-3396-4527-9D27-04C8C1C67806} - C:\Program Files\Microsoft AntiSpyware\shellextension.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 10:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/07/20 15:11:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/07/18 01:21:19 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\NTREGOPT.lnk
[2009/07/18 01:21:19 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\ERUNT.lnk
[2009/07/18 01:21:19 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/18 01:11:48 | 00,462,508 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\RootRepeal.zip
[2009/07/18 01:11:45 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
[2009/07/18 01:11:42 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Lisa\Desktop\SysRestorePoint.exe
[2009/07/18 01:11:29 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\TFC.exe
[2009/07/17 15:13:04 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/07/16 16:40:15 | 26,691,5840 | -HS- | C] () -- C:\hiberfil.sys
[2009/07/16 16:10:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/07/16 16:07:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/07/16 15:09:29 | 32,299,960 | ---- | C] () -- C:\Documents and Settings\Lisa\Desktop\avira_antivir_personal_en.exe
[2009/07/09 17:39:29 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/07/09 17:31:46 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/07/09 17:19:30 | 00,000,000 | ---D | C] -- C:\fd3673df4fdbdc7fdddfa2d2a3f3
[2009/07/09 17:19:18 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}

========== Files - Modified Within 14 Days ==========

[2009/07/20 14:53:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/20 14:53:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/07/20 14:53:03 | 26,691,5840 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/20 14:17:49 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/07/18 01:59:32 | 06,403,228 | -H-- | M] () -- C:\Documents and Settings\Lisa\Local Settings\Application Data\IconCache.db
[2009/07/18 01:21:19 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\NTREGOPT.lnk
[2009/07/18 01:21:19 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\ERUNT.lnk
[2009/07/18 00:53:12 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/17 15:45:14 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\OTL.exe
[2009/07/17 15:44:50 | 00,462,508 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\RootRepeal.zip
[2009/07/17 15:41:54 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Lisa\Desktop\SysRestorePoint.exe
[2009/07/17 15:40:06 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Lisa\Desktop\TFC.exe
[2009/07/16 14:50:50 | 32,299,960 | ---- | M] () -- C:\Documents and Settings\Lisa\Desktop\avira_antivir_personal_en.exe
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:06 | 00,018,456 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== LOP Check ==========

[2009/07/09 17:19:18 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/09 17:40:03 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2009/07/09 17:19:26 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2003/02/02 12:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2005/06/04 21:25:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2006/05/29 18:21:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2003/02/26 18:20:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN6
[2005/11/01 17:56:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
[2004/08/11 21:06:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2005/06/01 10:42:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2003/02/02 12:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/06/20 17:11:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2005/05/29 20:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/07/03 16:34:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/01 02:34:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Lisa\Application Data
[2009/07/01 01:05:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\IObit
[2009/06/20 16:11:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\iWin
[2009/06/20 15:54:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Lisa\Application Data\MSN6
[2002/08/29 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/07/20 14:53:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81C88EA7
< End of report >
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP