Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infection type unknown

Started by saraveza408 , Aug 05 2009 05:44 PM

  • Please log in to reply

#1
saraveza408
Posted 05 August 2009 - 05:44 PM

saraveza408

    Member

  • Member
  • PipPipPip
  • 376 posts
I was in the applications forum today discussing a problem & a Geeks to Go staff member refered me to this forum. I dont know the type of infection i have but Ive done everything the Malware and Spyware Cleaning Guide said to do.

Here is my rootrepeal log...
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/05 16:19
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA7F31000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf917c7be

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf917c7b4

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf917c7c3

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf917c7cd

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf917c7d2

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf917c7a0

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf917c7a5

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf917c7dc

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf917c7d7

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf917c7c8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf917c7af

==EOF==

and here is my OTL logs....
OTL logfile created on: 8/5/2009 4:23:03 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

639.37 Mb Total Physical Memory | 404.96 Mb Available Physical Memory | 63.34% Memory free
1.53 Gb Paging File | 1.37 Gb Available in Paging File | 90.05% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 26.76 Gb Free Space | 71.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PCUSER-SG0LNUS3
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/02/05 15:07:24 | 00,495,616 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2002/07/02 08:42:32 | 00,063,920 | ---- | M] () -- C:\Program Files\Softex\winroute\WinRServ.exe
PRC - [2008/09/09 05:23:37 | 00,028,672 | ---- | M] () -- C:\Program Files\Softex\winroute\WinRoute.exe
PRC - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2004/08/04 00:56:57 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/02/06 09:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/08/05 10:03:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/12/25 14:07:13 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/05/11 10:15:50 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Stopped])
SRV - [2007/10/23 23:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - File not found -- -- (Avg7Alrt [Auto | Stopped])
SRV - [2007/12/24 08:48:20 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Stopped])
SRV - File not found -- -- (AVGEMS [Auto | Stopped])
SRV - [2007/10/23 23:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/08/04 00:56:44 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [On_Demand | Stopped])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2002/07/02 08:42:32 | 00,063,920 | ---- | M] () -- C:\Program Files\Softex\winroute\WinRServ.exe -- (WinRServ [Auto | Running])
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/11/09 13:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 11:20:04 | 00,096,256 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\drivers\ac97intc.sys -- (ac97intc [On_Demand | Stopped])
DRV - [2004/08/03 22:29:26 | 00,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/12/24 08:48:25 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core [System | Stopped])
DRV - [2007/12/24 08:48:30 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW [System | Running])
DRV - [2007/12/24 08:48:30 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP [System | Stopped])
DRV - [2007/12/24 08:48:31 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean [System | Running])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2007/12/24 08:48:30 | 00,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdi.sys -- (AvgTdi [Auto | Running])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2002/08/08 12:10:46 | 00,089,088 | ---- | M] (Cirrus Logic, Inc.) -- C:\WINDOWS\System32\drivers\cwawdm.sys -- (cs429x [On_Demand | Running])
DRV - [2001/08/17 05:11:06 | 00,066,591 | ---- | M] (3Com Corporation) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys -- (EL90XBC [On_Demand | Running])
DRV - [2007/02/14 20:03:08 | 00,068,922 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\Drivers\jl2005c.sys -- (JL2005C [On_Demand | Stopped])
DRV - [2004/12/21 15:16:28 | 00,141,990 | ---- | M] (ALinx Corporation) -- C:\WINDOWS\System32\DRIVERS\m4301A.sys -- (m4301a [On_Demand | Running])
DRV - [2007/08/15 06:27:18 | 00,009,600 | ---- | M] () -- C:\WINDOWS\System32\Drivers\n558.sys -- (n558 [On_Demand | Stopped])
DRV - [2003/07/16 09:36:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006/12/21 10:52:24 | 00,029,522 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\System32\Drivers\Capt913D.sys -- (SQTECH913D [On_Demand | Stopped])
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2004/02/05 15:03:10 | 00,178,496 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Stopped])
DRV - [2002/07/02 08:42:34 | 00,017,232 | ---- | M] () -- C:\WINDOWS\system32\drivers\winroute.sys -- (WinRoute [Boot | Running])
DRV - [2002/08/28 15:59:26 | 00,154,624 | ---- | M] (Lucent Technologies) -- C:\WINDOWS\System32\DRIVERS\wlluc48.sys -- (wlluc48 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Free Ride Games Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Free Ride Games Customized Web Search"
FF - prefs.js..extensions.enabledItems: {f92a9fe4-2850-4198-b9d5-279880e49b16}:2.1.0.19
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.090608
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/06 21:28:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 18:03:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/20 14:35:10 | 00,000,000 | ---D | M]

[2009/07/03 15:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/07/02 23:25:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/03 15:34:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\[email protected]
[2009/08/05 03:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\vbzuwnhf.default\extensions
[2009/07/05 20:09:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\vbzuwnhf.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2009/07/11 07:41:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\vbzuwnhf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/04 21:54:00 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\vbzuwnhf.default\searchplugins\conduit.xml
[2009/08/05 12:22:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/20 14:34:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/08/29 09:16:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008/12/06 23:04:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/07/04 08:22:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/25 19:32:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}
[2009/07/20 14:34:31 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/20 14:34:31 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/07/23 09:47:22 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/07/20 14:34:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/01/18 10:50:00 | 00,319,488 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2009/07/20 14:34:58 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/20 14:34:58 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/20 14:34:58 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/20 14:34:58 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/20 14:34:58 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/20 14:34:58 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/20 14:34:58 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (319001 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10941 more lines...
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\CanDesk.exe (unit)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 72 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\RelevantKnowledge: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/23 23:56:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/08/05 10:03:04 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/08/05 09:57:50 | 00,462,996 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.zip
[2009/08/05 09:57:19 | 00,000,935 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2009/08/05 09:57:18 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/08/05 09:06:37 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/08/05 08:38:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/05 08:37:55 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/05 08:28:18 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/08/05 07:38:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/08/05 07:38:52 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/05 07:38:49 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/05 07:38:47 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/05 07:38:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/05 07:38:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/05 07:32:26 | 00,000,702 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpywareBlaster.lnk
[2009/08/05 07:32:24 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/08/05 04:02:27 | 28,253,232 | ---- | C] (Hewlett Packard) -- C:\Documents and Settings\Administrator\Desktop\5800_enu_win2k_xp.exe
[2009/08/05 04:01:00 | 02,414,728 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\980142e1a9d9cad603036c9c929081cc.PDF
[2009/08/04 17:38:39 | 11,501,267 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\handycam.pdf
[2009/08/04 13:48:10 | 00,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/07/25 19:32:22 | 00,037,033 | ---- | C] () -- C:\WINDOWS\FRGT.ico
[2009/07/25 19:32:22 | 00,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2009/07/25 19:32:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2009/07/25 19:32:02 | 00,000,000 | ---D | C] -- C:\Program Files\Conduit
[2009/07/25 19:30:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2009/07/24 19:40:30 | 00,000,000 | ---D | C] -- C:\Program Files\Desktop Calendar
[2009/07/24 08:25:23 | 00,000,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/07/23 21:37:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\pics from camera
[2009/07/23 19:32:42 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2009/07/23 19:32:42 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/07/23 19:27:44 | 00,135,168 | ---- | C] (JEILIN Tech.) -- C:\WINDOWS\System32\jl_jdct.drv
[2009/07/23 19:27:44 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\dec_jl6.dll
[2009/07/23 19:27:44 | 00,000,000 | ---D | C] -- C:\Program Files\MyDSC2
[2009/07/23 19:27:44 | 00,000,000 | ---D | C] -- C:\Program Files\JL2005C
[2009/07/23 19:27:42 | 00,015,360 | ---- | C] (JEILIN Technology Corp.) -- C:\WINDOWS\System32\jl2005c.ax
[2009/07/23 19:27:41 | 00,068,922 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\jl2005c.sys
[2009/07/23 19:27:41 | 00,000,000 | ---D | C] -- C:\Program Files\JL2005D
[2009/07/23 19:26:55 | 00,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PhoTags Express .lnk
[2009/07/23 19:25:03 | 00,000,000 | ---D | C] -- C:\Program Files\PhoTags Express
[2009/07/22 21:19:52 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/07/22 21:19:52 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/07/21 21:14:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/07/21 15:45:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\sims
[2009/07/19 02:06:52 | 00,000,595 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009/07/19 02:03:30 | 00,000,000 | ---D | C] -- C:\~MSSETUP.T
[2009/07/15 10:18:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Thunderbird
[2009/07/15 10:18:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2009/07/14 02:26:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FileMaker
[2009/07/11 03:12:05 | 00,000,664 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CraigsPalFree.lnk
[2009/07/11 03:12:03 | 00,000,000 | ---D | C] -- C:\Program Files\CraigsPalFree
[2009/07/11 01:05:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/07/11 01:05:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVS4YOU
[2009/07/11 01:04:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/07/11 01:04:02 | 00,658,432 | ---- | C] (Borland Corporation) -- C:\WINDOWS\System32\cc3270mt.dll
[2009/07/10 15:20:57 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2009/07/08 22:32:01 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/07/08 22:32:01 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/07/08 22:32:01 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/07/08 22:32:00 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/07/08 22:32:00 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/07/08 22:31:54 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/07/07 23:28:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/07/07 19:06:11 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/07/07 19:06:11 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/07/06 17:12:28 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/07/06 17:09:37 | 00,000,000 | ---D | C] -- C:\7b49cd0acd4fa9932203f327
[2009/07/06 17:04:47 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009/07/06 17:04:47 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009/07/06 17:04:46 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2009/07/06 17:04:46 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009/07/06 17:04:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009/07/06 17:04:45 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2008/11/25 00:05:12 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/14 21:20:21 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/14 21:20:20 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/14 21:20:17 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/14 21:20:17 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/14 21:20:16 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/14 21:20:15 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/14 21:20:15 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/08/01 15:50:19 | 00,000,082 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/07/13 17:52:08 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/07/13 06:12:49 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IsUser11b.dll
[2008/07/13 06:05:54 | 00,017,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\WinRoute.sys
[2008/04/23 21:09:36 | 00,090,668 | ---- | C] () -- C:\WINDOWS\System32\vobis32.dll
[2008/04/01 12:15:10 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ANS2000.INI
[2008/04/01 12:15:10 | 00,000,020 | -H-- | C] () -- C:\WINDOWS\akebook.ini
[2008/04/01 12:15:10 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\a3kebook.ini
[2008/03/03 14:14:56 | 00,000,010 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2008/03/03 14:13:54 | 00,000,427 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2008/01/18 03:31:11 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/12/26 16:52:43 | 00,000,032 | ---- | C] () -- C:\WINDOWS\msiosd.ini
[2007/12/26 09:52:22 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/12/25 14:44:24 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/11/29 15:50:20 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[2007/08/15 06:27:18 | 00,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2003/07/16 09:45:02 | 00,001,063 | ---- | C] () -- C:\WINDOWS\win.ini
[2003/07/16 09:41:30 | 00,000,289 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2009/08/05 15:31:01 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/05 15:30:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/05 15:30:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/05 15:30:17 | 67,049,8816 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/05 15:23:29 | 04,844,488 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/08/05 10:03:11 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/08/05 10:00:17 | 00,462,996 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RootRepeal.zip
[2009/08/05 09:57:19 | 00,000,935 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2009/08/05 09:10:59 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/05 08:28:23 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2009/08/05 07:38:52 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/05 07:32:26 | 00,000,702 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpywareBlaster.lnk
[2009/08/05 04:34:56 | 00,016,711 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\myspace xmas.doc
[2009/08/05 04:06:38 | 28,253,232 | ---- | M] (Hewlett Packard) -- C:\Documents and Settings\Administrator\Desktop\5800_enu_win2k_xp.exe
[2009/08/05 04:02:59 | 02,414,728 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\980142e1a9d9cad603036c9c929081cc.PDF
[2009/08/04 17:38:41 | 11,501,267 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\handycam.pdf
[2009/08/04 13:33:55 | 00,319,001 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/04 11:20:53 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/30 19:29:47 | 00,319,001 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090804-133355.backup
[2009/07/25 19:32:22 | 00,000,064 | ---- | M] () -- C:\WINDOWS\GPlrLanc.dat
[2009/07/24 08:25:23 | 00,000,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/07/23 19:26:55 | 00,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PhoTags Express .lnk
[2009/07/22 14:34:50 | 00,077,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/21 22:32:59 | 00,318,193 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090730-192947.backup
[2009/07/19 22:39:48 | 00,255,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2009/07/19 18:48:58 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009/07/19 06:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/07/19 06:18:59 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/07/19 02:06:52 | 00,000,595 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2009/07/17 14:16:47 | 00,318,193 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090721-223259.backup
[2009/07/13 22:08:03 | 00,317,617 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090717-141647.backup
[2009/07/11 03:12:05 | 00,000,664 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CraigsPalFree.lnk
[2009/07/08 21:02:49 | 00,317,287 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090713-220803.backup
[2009/07/07 08:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\Softex\winroute\WinRoute.exe:SummaryInformation
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EFCCC46E
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E08FC17
< End of report >

and......
OTL Extras logfile created on: 8/5/2009 4:23:03 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

639.37 Mb Total Physical Memory | 404.96 Mb Available Physical Memory | 63.34% Memory free
1.53 Gb Paging File | 1.37 Gb Available in Paging File | 90.05% Paging File free
Paging file location(s): C:\pagefile.sys 960 1920 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 26.76 Gb Free Space | 71.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PCUSER-SG0LNUS3
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgemc.exe" = C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\IEPro\MiniDM.exe" = C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM -- (IE7Pro.com)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{6F16763B-E793-4060-A325-B1DBA3823CA8}" = uMark Lite
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92C5DB3D-9D6F-4324-BB11-57825F4C2635}" = DVD Decoder Pak for Windows XP
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B78823CD-488F-43B4-80D6-FAEADAE40EC4}" = Instant Wireless USB Adapter
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"AbiWord2" = AbiWord 2.6.6
"AbiwordIEPlugins" = AbiWord Importer/Exporter Plugins
"AbiwordToolsPlugins" = AbiWord Tools Plugins
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner (remove only)
"CraigsPalFree_is1" = CraigsPalFree version 3.32
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Desktop Calendar_is1" = Desktop Calendar 1.0
"Digimarc MyPictureMarc Watermarking Plugin" = Digimarc MyPictureMarc Watermarking Plugin
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IE7Pro" = IE7Pro
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.2.5 (Full)
"LimeWire" = LimeWire 5.1.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhoTagsExpress" = PhoTags Express
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"Revo Uninstaller" = Revo Uninstaller 1.83
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UltimateZip 2007_is1" = UltimateZip 2007
"WIC" = Windows Imaging Component
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"Winroute" = Winroute
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/4/2009 3:39:06 PM | Computer Name = PCUSER-SG0LNUS3 | Source = AVG7 | ID = 100
Description =

Error - 7/4/2009 5:31:09 PM | Computer Name = PCUSER-SG0LNUS3 | Source = AVG7 | ID = 100
Description =

Error - 7/4/2009 7:51:20 PM | Computer Name = PCUSER-SG0LNUS3 | Source = AVG7 | ID = 100
Description =

Error - 7/4/2009 10:57:44 PM | Computer Name = PCUSER-SG0LNUS3 | Source = AVG7 | ID = 100
Description =

Error - 7/5/2009 1:20:37 AM | Computer Name = PCUSER-SG0LNUS3 | Source = AVG7 | ID = 100
Description =

Error - 7/5/2009 6:52:06 AM | Computer Name = PCUSER-SG0LNUS3 | Source = AVG7 | ID = 100
Description =

Error - 7/5/2009 12:38:12 PM | Computer Name = PCUSER-SG0LNUS3 | Source = AVG7 | ID = 100
Description =

Error - 7/5/2009 2:35:06 PM | Computer Name = PCUSER-SG0LNUS3 | Source = AVG7 | ID = 100
Description =

Error - 7/5/2009 4:26:49 PM | Computer Name = PCUSER-SG0LNUS3 | Source = AVG7 | ID = 100
Description =

Error - 7/5/2009 11:01:42 PM | Computer Name = PCUSER-SG0LNUS3 | Source = AVG7 | ID = 100
Description =

[ System Events ]
Error - 8/5/2009 6:10:01 PM | Computer Name = PCUSER-SG0LNUS3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avg7Core Avg7RsXP Lbd

Error - 8/5/2009 6:30:28 PM | Computer Name = PCUSER-SG0LNUS3 | Source = m4301a | ID = 1
Description =

Error - 8/5/2009 6:30:28 PM | Computer Name = PCUSER-SG0LNUS3 | Source = m4301a | ID = 1
Description =

Error - 8/5/2009 6:30:44 PM | Computer Name = PCUSER-SG0LNUS3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service
to connect.

Error - 8/5/2009 6:30:44 PM | Computer Name = PCUSER-SG0LNUS3 | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%1053

Error - 8/5/2009 6:30:44 PM | Computer Name = PCUSER-SG0LNUS3 | Source = Service Control Manager | ID = 7000
Description = The AVG7 Alert Manager Server service failed to start due to the following
error: %%2

Error - 8/5/2009 6:30:44 PM | Computer Name = PCUSER-SG0LNUS3 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the AVG7 Update Service service
to connect.

Error - 8/5/2009 6:30:44 PM | Computer Name = PCUSER-SG0LNUS3 | Source = Service Control Manager | ID = 7000
Description = The AVG7 Update Service service failed to start due to the following
error: %%1053

Error - 8/5/2009 6:30:44 PM | Computer Name = PCUSER-SG0LNUS3 | Source = Service Control Manager | ID = 7000
Description = The AVG E-mail Scanner service failed to start due to the following
error: %%2

Error - 8/5/2009 6:30:59 PM | Computer Name = PCUSER-SG0LNUS3 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avg7Core Avg7RsXP Lbd


< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP