TheTechGuide Forum

General Category => Tech Clinic => Topic started by: stephani on December 15, 2009, 09:08:08 PM

Title: System Volume, USB and many other viruses
Post by: stephani on December 15, 2009, 09:08:08 PM

After my friend borrowed by USB to use at an internet cafe, I've experienced a lot of problems and a lot of viruses. /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

In the past few weeks I've experienced the blue screen, unable to move or do anything after starting the computer. (I had to disable avast quickly to work the computer before it froze). I reformatted C drive and I reformatted my other drive by doing right click reformat but the viruses have not gone away (or it cud be because my USB's just keep infecting the computer and the computer keeps infecting the USB)

After searching around and doing scans I think I have a virus related to system volume information and the recylce / autorun virus on the USB and a load of other viruses...

Please help me get rid of the viruses on my computer and USB! ive tried everything and its driving me crazy.

Thanks in advance!



This is the hijackthis log after i scanned using Malware Bytes.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:20:32 PM, on 16/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Stephanie\My Documents\Downloads\avast_pro_setup.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe





Malwarebytes' Anti-Malware 1.42
Database version: 3371
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

16/12/2009 11:51:48 AM
mbam-log-2009-12-16 (11-51-48).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 154996
Time elapsed: 14 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\coolsos (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{110b50f0-4954-4300-b71d-d4de33922b3a} (Rogue.SpywareCleaner2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp-46b2ab3f (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.

Files Infected:
C:\autorun.inf (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\n1v93rqo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\comWebsite removed for spammingn (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\dp1.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqoeerw.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comWebsite removed for spammingn (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dp1.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\n1v93rqo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\n1v93rqo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\RECY\avrun.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{1F352EAD-9AC9-40DD-BA6E-513E4F07E039}\RP10\A0006383.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{1F352EAD-9AC9-40DD-BA6E-513E4F07E039}\RP16\A0021734.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{1F352EAD-9AC9-40DD-BA6E-513E4F07E039}\RP16\A0021737.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{1F352EAD-9AC9-40DD-BA6E-513E4F07E039}\RP5\A0000752.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{1F352EAD-9AC9-40DD-BA6E-513E4F07E039}\RP6\A0000767.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{1F352EAD-9AC9-40DD-BA6E-513E4F07E039}\RP8\A0006335.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{B04B49DA-EDB7-4DB2-A5D5-0BA521A8936B}\RP40\A0005065.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\n1v93rqo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\internet.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\「開始」功能表\程式集\å•Ÿå‹•\﹛﹛﹛.lnk                (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\internet.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\og.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\og.EDT (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ul.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XP-46B2AB3F.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bnmkue0.dll (Spyware.OnlineGames) -> Quarantined and deleted

--
End of file - 8882 bytes

Title: System Volume, USB and many other viruses
Post by: guestolo on December 15, 2009, 09:58:05 PM

Please do the following
Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color] (http://\"http://www.forospyware.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 2[/color] (http://\"http://subs.geekstogo.com/ComboFix.exe\")
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Title: System Volume, USB and many other viruses
Post by: stephani on December 15, 2009, 11:56:26 PM

I think there is a problem with ComboFix right now... or is it just me? >.<

Title: System Volume, USB and many other viruses
Post by: guestolo on December 16, 2009, 12:20:03 AM

Forget about ComboFix for now
Can you do the following

Download [color=\"#FF0000\"]OTL.exe[/color] (http://\"http://oldtimer.geekstogo.com/OTL.exe\")[/url] by OldTimer to your Desktop.

• Close all windows and double click on OTL.exe to run it
• Click Run Scan and let the program run uninterrupted.
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"

Title: System Volume, USB and many other viruses
Post by: stephani on December 16, 2009, 02:43:49 AM

My computer is in chinese so i hope those bits at the end of the report arent a big problem.

Thanks /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />


OTL logfile created on: 16/12/2009 6:10:47 PM - Run 1
OTL by OldTimer - Version 3.1.17.0     Folder = C:\Documents and Settings\Stephanie\桌面
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: 澳大利亞 | Language: ENA | Date Format: d/MM/yyyy
 
1014.36 Mb Total Physical Memory | 634.99 Mb Available Physical Memory | 62.60% Memory free
2.39 Gb Paging File | 2.09 Gb Available in Paging File | 87.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 60.36 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.37 Gb Free Space | 99.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 292.38 Gb Free Space | 98.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: STEPHANIE-NC10
Current User Name: Stephanie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2009/12/16 18:10:00 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie\桌面\OTL.exe
PRC - [2009/11/25 09:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 09:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 09:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/10/29 11:45:35 | 00,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PRC - [2008/10/07 19:22:48 | 02,768,896 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008/10/06 20:07:26 | 00,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008/08/29 04:34:52 | 01,044,480 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/08/27 06:51:00 | 16,851,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/05/21 18:44:30 | 00,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2008/05/20 22:02:08 | 00,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
PRC - [2008/04/14 22:00:00 | 00,978,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/29 08:00:20 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2008/02/29 08:00:16 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/02/29 08:00:14 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2008/02/29 08:00:10 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2008/02/29 08:00:04 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/12/20 22:40:30 | 00,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2007/04/01 09:02:38 | 01,416,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/04/01 09:02:38 | 00,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/04/01 09:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/10/30 16:29:28 | 00,036,864 | ---- | M] () -- C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe
PRC - [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2009/12/16 18:10:00 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie\桌面\OTL.exe
MOD - [2007/04/02 15:00:48 | 00,086,016 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2009/11/25 09:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 09:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 09:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 09:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/21 18:54:34 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/13 10:44:00 | 00,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2007/04/01 09:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/10/30 16:29:28 | 00,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service)
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2009/11/25 09:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 09:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 09:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 09:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 09:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 09:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/10/08 16:35:10 | 01,334,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/09/24 06:23:58 | 00,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC326.sys -- (VMC326)
DRV - [2008/08/29 04:18:14 | 00,224,736 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/08/27 09:35:00 | 04,753,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/27 18:02:00 | 00,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/04/14 22:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 22:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 22:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 22:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2008/02/16 06:12:06 | 05,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/14 21:01:02 | 00,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2007/04/01 06:02:42 | 00,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/24 03:50:42 | 00,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/10/27 14:18:05 | 00,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/ (http://\"http://www.google.com.au/\")
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=\"#E56717\"]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/11 11:32:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/11 11:32:37 | 00,000,000 | ---D | M]
 
[2009/11/21 20:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\Mozilla\Extensions
[2009/11/21 20:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\jk5ek3yn.default\extensions
[2009/11/21 18:46:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/03 11:42:02 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/03 11:42:02 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/03 11:42:02 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/03 11:42:02 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
 
O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF  [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: 傳送到 &Bluetooth 裝置... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab\") (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab\") (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (目前的首頁) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/29 11:41:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/16 11:07:15 | 00,000,063 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/12/16 11:07:15 | 00,000,063 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{08b293ee-d67a-11de-9e4f-00242b2e4cc2}\Shell\AutoRun\command - "" = n1v93rqo.exe
O33 - MountPoints2\{08b293ee-d67a-11de-9e4f-00242b2e4cc2}\Shell\open\Command - "" = n1v93rqo.exe
O33 - MountPoints2\{09e8b283-daf5-11de-9e5a-00242b2e4cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{09e8b283-daf5-11de-9e5a-00242b2e4cc2}\Shell\1\Command - "" = E:\Recycled.exe -- File not found
O33 - MountPoints2\{09e8b283-daf5-11de-9e5a-00242b2e4cc2}\Shell\2\Command - "" = E:\Recycled.exe -- File not found
O33 - MountPoints2\{5b0dda53-e5e9-11de-9e67-00242b2e4cc2}\Shell\AutoRun\command - "" = n1v93rqo.exe
O33 - MountPoints2\{5b0dda53-e5e9-11de-9e67-00242b2e4cc2}\Shell\open\Command - "" = n1v93rqo.exe
O33 - MountPoints2\{5f2831b2-d65b-11de-9e4e-00242b2e4cc2}\Shell\AutoRun\command - "" = n1v93rqo.exe
O33 - MountPoints2\{5f2831b2-d65b-11de-9e4e-00242b2e4cc2}\Shell\open\Command - "" = n1v93rqo.exe
O33 - MountPoints2\{fa1ef04c-d652-11de-9e4c-806d6172696f}\Shell\AutoRun\command - "" = n1v93rqo.exe
O33 - MountPoints2\{fa1ef04c-d652-11de-9e4c-806d6172696f}\Shell\open\Command - "" = n1v93rqo.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2009/12/16 18:09:58 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stephanie\桌面\OTL.exe
[2009/12/16 12:30:37 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/12/16 12:30:36 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/12/16 12:30:35 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/12/16 12:30:33 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/12/16 12:30:33 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/12/16 12:30:33 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/12/16 12:30:33 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/12/16 12:30:33 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/12/16 12:29:57 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/12/16 12:16:28 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/16 11:13:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Application Data\Malwarebytes
[2009/12/16 11:13:14 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/16 11:13:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/16 11:13:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/16 11:13:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/16 10:23:13 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/12/16 10:23:13 | 00,013,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/12/15 23:12:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Tracing
[2009/12/15 23:10:07 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/12/15 23:09:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/12/15 23:09:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/12/15 23:09:19 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/12/15 23:06:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/12/13 21:07:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Application Data\Real
[2009/12/11 11:32:34 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/12/11 11:32:34 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/12/11 11:32:34 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/12/11 11:32:34 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/12/11 11:32:33 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009/12/11 11:27:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Application Data\Media Player Classic
[2009/12/08 01:46:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\桌面\Tutoring Files
[2009/11/27 11:42:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/11/27 11:36:49 | 00,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\SONYPVU1.SYS
[2009/11/27 11:36:49 | 00,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2009/11/24 16:32:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\My Documents\我已接收的檔案
[2009/11/22 19:26:37 | 00,201,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/11/22 19:26:37 | 00,113,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/11/22 19:26:37 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/11/22 19:26:37 | 00,040,488 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/11/22 19:26:37 | 00,035,240 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/11/22 19:26:37 | 00,033,800 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/11/22 01:36:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Application Data\WinRAR
[2009/11/22 01:35:11 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/11/22 01:35:10 | 02,065,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/11/22 01:35:10 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/11/21 23:23:10 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/11/21 23:20:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\My Documents\Downloads
[2009/11/21 23:10:59 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/11/21 23:10:59 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCP71.dll
[2009/11/21 23:10:59 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCR71.dll
[2009/11/21 23:10:55 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/11/21 20:35:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Local Settings\Application Data\Mozilla
[2009/11/21 20:35:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Application Data\Mozilla
[2009/11/21 19:10:12 | 00,269,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/11/21 19:02:11 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/11/21 18:54:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/11/21 18:51:43 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2009/11/21 18:50:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/11/21 18:50:04 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/11/21 18:49:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/11/21 18:49:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/11/21 18:46:52 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/11/21 18:46:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/11/21 18:46:08 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/11/21 18:45:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Local Settings\Application Data\Microsoft Help
[2009/11/21 18:45:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/11/21 18:45:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/11/21 18:45:24 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/11/21 16:41:35 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/11/21 15:17:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Application Data\Macromedia
[2009/11/21 15:17:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/11/21 15:17:14 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/11/21 15:17:14 | 00,015,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/11/21 15:17:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/11/21 14:59:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/11/21 14:13:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\My Documents\Photos1
[2009/11/21 14:13:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\桌面\Uni Files
[2008/10/29 11:44:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/10/29 11:44:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/29 11:44:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/10/29 11:44:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2009/12/16 18:10:00 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie\桌面\OTL.exe
[2009/12/16 15:59:40 | 02,097,152 | -H-- | M] () -- C:\Documents and Settings\Stephanie\NTUSER.DAT
[2009/12/16 15:43:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/16 15:43:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/16 15:43:08 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/16 15:42:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Stephanie\ntuser.ini
[2009/12/16 15:42:08 | 03,755,768 | -H-- | M] () -- C:\Documents and Settings\Stephanie\Local Settings\Application Data\IconCache.db
[2009/12/16 12:30:37 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\avast! Antivirus.lnk
[2009/12/16 12:30:33 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/16 12:20:13 | 00,002,449 | ---- | M] () -- C:\Documents and Settings\Stephanie\桌面\HiJackThis.lnk
[2009/12/16 12:04:22 | 00,002,407 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Play Camera.lnk
[2009/12/16 11:13:17 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/12/16 10:24:16 | 00,022,016 | ---- | M] () -- C:\WINDOWS\System32\ZR-7400A.EXE
[2009/12/16 10:24:15 | 00,022,016 | -HS- | M] () -- C:\WINDOWS\System32\123.EXE
[2009/12/15 22:53:10 | 00,022,528 | ---- | M] () -- C:\WINDOWS\System32\U5-31B37.EXE
[2009/12/10 08:15:41 | 00,539,888 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 08:15:41 | 00,314,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 08:15:41 | 00,133,684 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat
[2009/12/10 08:15:41 | 00,043,472 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat
[2009/12/10 08:15:41 | 00,041,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 08:13:38 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/07 07:52:17 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/07 06:55:22 | 00,000,010 | ---- | M] () -- C:\WINDOWS\System32\a7.ini
[2009/12/07 06:55:21 | 00,022,528 | -HS- | M] () -- C:\WINDOWS\System32\ZOON-57A.EXE
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/27 11:48:55 | 00,075,800 | ---- | M] () -- C:\Documents and Settings\Stephanie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/25 09:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/25 09:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/25 09:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/25 09:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/25 09:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/25 09:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/25 09:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/25 09:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/25 09:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/23 14:35:21 | 01,594,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/21 20:35:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/11/21 18:46:36 | 00,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/21 18:46:17 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Mozilla Firefox.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2009/12/16 12:30:37 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\avast! Antivirus.lnk
[2009/12/16 12:29:57 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/12/16 12:16:28 | 00,002,449 | ---- | C] () -- C:\Documents and Settings\Stephanie\桌面\HiJackThis.lnk
[2009/12/16 11:53:08 | 10,637,02528 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/16 11:13:17 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk
[2009/12/16 10:24:16 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ZR-7400A.EXE
[2009/12/16 10:24:15 | 00,022,016 | -HS- | C] () -- C:\WINDOWS\System32\123.EXE
[2009/12/07 06:55:22 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\a7.ini
[2009/12/07 06:55:21 | 00,022,528 | -HS- | C] () -- C:\WINDOWS\System32\ZOON-57A.EXE
[2009/12/07 06:55:21 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\U5-31B37.EXE
[2009/11/21 23:23:15 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/21 20:35:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/21 18:46:17 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Mozilla Firefox.lnk
[2009/02/21 00:42:45 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Stephanie_KBD.ini
[2008/12/29 13:16:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/29 11:54:53 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2008/10/29 11:54:53 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2008/10/29 11:54:50 | 00,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2008/10/29 11:54:50 | 00,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2008/10/29 11:54:50 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2008/10/29 11:54:50 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2008/10/29 11:54:50 | 00,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2008/10/29 11:54:50 | 00,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2008/10/29 11:54:50 | 00,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2008/10/29 11:54:50 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2008/10/29 11:54:50 | 00,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2008/10/29 11:54:50 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2008/10/29 11:54:50 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2008/10/29 11:54:50 | 00,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2008/10/29 11:54:50 | 00,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2008/10/29 11:54:50 | 00,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2008/10/29 11:54:50 | 00,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2008/10/29 11:54:50 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2008/10/29 11:54:50 | 00,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2008/10/29 11:52:33 | 00,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2008/10/29 11:52:33 | 00,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2008/10/29 11:48:55 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/10/29 11:46:06 | 00,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2008/10/29 10:25:09 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/04/01 09:00:28 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/01 08:41:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >

OTL Extras logfile created on: 16/12/2009 6:10:47 PM - Run 1
OTL by OldTimer - Version 3.1.17.0     Folder = C:\Documents and Settings\Stephanie\桌面
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: 澳大利亞 | Language: ENA | Date Format: d/MM/yyyy
 
1014.36 Mb Total Physical Memory | 634.99 Mb Available Physical Memory | 62.60% Memory free
2.39 Gb Paging File | 2.09 Gb Available in Paging File | 87.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 60.36 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.37 Gb Free Space | 99.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 292.38 Gb Free Space | 98.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: STEPHANIE-NC10
Current User Name: Stephanie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1028-7B44-A81200000003}" = Adobe Reader 8.1.2 - Chinese Traditional
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"avast!" = avast! Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"RealAlt_is1" = Real Alternative 2.0.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Antivirus Events ]
Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_RestoreFile Error 3.  
 
Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestRestoreFile Error 3.  
 
Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestGetFile Error 3.  
 
Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::ExtractSelectedFiles()
 chestGetFile() failed: 3.  
 
[ Application Events ]
Error - 20/02/2009 10:43:52 AM | Computer Name = Stephanie-NC10 | Source = LoadPerf | ID = 3001
Description =
 
Error - 23/11/2009 12:09:24 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 486
Description = svchost (1060) 嘗試移動檔案 "C:\WINDOWS\system32\CatRoot2\edb.log" 至 "C:\WINDOWS\system32\CatRoot2\edb0001A.log"
 å¤±æ•—並出現系統錯誤 183 (0x000000b7): "當檔案已存在時，無法建立該檔案。 "。 移動檔案作業將會失敗並出現錯誤 -1022 (0xfffffc02)。
 
Error - 23/11/2009 12:09:24 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 413
Description = Catalog Database (1060) 無法建立新的記錄檔案，原因是資料庫無法寫入記錄磁碟機ã€
‚磁碟機可能為唯讀、用完磁碟空間、設定錯誤或損壞。錯誤
 -1022。
 
Error - 23/11/2009 12:09:24 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 492
Description = Catalog Database (1060)  "C:\WINDOWS\system32\CatRoot2\" 中的記錄檔案序列由於發生嚴重錯誤而停止。
 ä½¿ç”¨æ­¤è¨˜éŒ„檔案序列的資料庫將無法做進一步的更新。請修æ­
£å•é¡Œç„¶å¾Œé‡æ–°å•Ÿå‹•æˆ–從備份還原。
 
Error - 23/11/2009 12:35:42 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 454
Description = Catalog Database (840) 資料庫修復/還原失敗，發生意外錯誤 -551。
 
Error - 24/11/2009 2:12:26 AM | Computer Name = STEPHANIE-NC10 | Source = LoadPerf | ID = 3001
Description =
 
[ System Events ]
Error - 28/11/2009 8:13:21 AM | Computer Name = STEPHANIE-NC10 | Source = Dhcp | ID = 1002
Description = DHCP 伺服器 192.168.1.1 拒絕網路位址 00242B2E4CC2 的介面卡的  IP 位址租用 192.168.1.2
(DHCP 伺服器已傳送 DHCPNACK 訊息)。
 
Error - 28/11/2009 8:13:42 AM | Computer Name = STEPHANIE-NC10 | Source = W32Time | ID = 39452689
Description = 時間提供者 NtpClient: 手動的設定對等 'time.windows.com,0x1' 在進行 DNS 搜尋時  ç™¼ç”Ÿæ„å¤–錯誤。
 NtpClient 會在 15 分鐘內重新嘗試  DNS 搜尋。  éŒ¯èª¤æ˜¯: 通訊端操作無法連線到主機。 (0x80072751)
 
Error - 28/11/2009 8:13:42 AM | Computer Name = STEPHANIE-NC10 | Source = W32Time | ID = 39452701
Description = 時間提供者 NtpClient 已經設定成從某些時間來源  å–得時間，不過目前沒有可存取的時間來源，  å°‡å˜—試在 14 分內連絡上一個來源。
NTPCLIENT
 æ²’有正確的時間來源。
 
Error - 30/11/2009 6:51:12 PM | Computer Name = STEPHANIE-NC10 | Source = DCOM | ID = 10010
Description = 伺服器 {8BC3F05E-D86B-11D0-A075-00C04FB68820} 沒有在指定的等候逾時內登錄 DCOM。
 
Error - 7/12/2009 4:16:13 AM | Computer Name = STEPHANIE-NC10 | Source = Service Control Manager | ID = 7022
Description = WebClient 服務在啟動時暫停。
 
Error - 10/12/2009 1:12:03 AM | Computer Name = STEPHANIE-NC10 | Source = Dhcp | ID = 1002
Description = DHCP 伺服器 192.168.17.1 拒絕網路位址 00242B2E4CC2 的介面卡的  IP 位址租用 192.168.1.2
 (DHCP 伺服器已傳送 DHCPNACK 訊息)。
 
Error - 15/12/2009 9:22:28 PM | Computer Name = STEPHANIE-NC10 | Source = DCOM | ID = 10005
Description = DCOM 遇到錯誤 "%1084"，是當嘗試啟動服務 EventSystem 而引數為 ""，  ç‚ºäº†åŸ·è¡Œä¼ºæœå™¨:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 ä¹‹æ™‚
 
Error - 15/12/2009 9:22:56 PM | Computer Name = STEPHANIE-NC10 | Source = Service Control Manager | ID = 7026
Description = 下列開機啟動或系統啟動驅動程式無法載入:   Fips  intelppm
 
Error - 15/12/2009 9:52:23 PM | Computer Name = STEPHANIE-NC10 | Source = DCOM | ID = 10005
Description = DCOM 遇到錯誤 "%1084"，是當嘗試啟動服務 EventSystem 而引數為 ""，  ç‚ºäº†åŸ·è¡Œä¼ºæœå™¨:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 ä¹‹æ™‚
 
Error - 15/12/2009 9:53:17 PM | Computer Name = STEPHANIE-NC10 | Source = sr | ID = 1
Description = 系統還原篩選器在磁碟區 HarddiskVolume2 處理檔案  æ™‚遇到意外錯誤 0xC0000001。系統還原已經停止監視磁碟區。
 
 
< End of report >

Title: System Volume, USB and many other viruses
Post by: guestolo on December 16, 2009, 08:08:30 PM

Can you do the following
Double  click on OTL.exe and Run it

• Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
  
  Quote

  :OTL
  O4 - HKLM..\Run: [] File not found
  O32 - AutoRun File - [2009/12/16 11:07:15 | 00,000,063 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
  O32 - AutoRun File - [2009/12/16 11:07:15 | 00,000,063 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
  O33 - MountPoints2\{08b293ee-d67a-11de-9e4f-00242b2e4cc2}\Shell\AutoRun\command - "" = n1v93rqo.exe
  O33 - MountPoints2\{08b293ee-d67a-11de-9e4f-00242b2e4cc2}\Shell\open\Command - "" = n1v93rqo.exe
  O33 - MountPoints2\{09e8b283-daf5-11de-9e5a-00242b2e4cc2}\Shell - "" = AutoRun
  O33 - MountPoints2\{09e8b283-daf5-11de-9e5a-00242b2e4cc2}\Shell\1\Command - "" = E:\Recycled.exe -- File not found
  O33 - MountPoints2\{09e8b283-daf5-11de-9e5a-00242b2e4cc2}\Shell\2\Command - "" = E:\Recycled.exe -- File not found
  O33 - MountPoints2\{5b0dda53-e5e9-11de-9e67-00242b2e4cc2}\Shell\AutoRun\command - "" = n1v93rqo.exe
  O33 - MountPoints2\{5b0dda53-e5e9-11de-9e67-00242b2e4cc2}\Shell\open\Command - "" = n1v93rqo.exe
  O33 - MountPoints2\{5f2831b2-d65b-11de-9e4e-00242b2e4cc2}\Shell\AutoRun\command - "" = n1v93rqo.exe
  O33 - MountPoints2\{5f2831b2-d65b-11de-9e4e-00242b2e4cc2}\Shell\open\Command - "" = n1v93rqo.exe
  O33 - MountPoints2\{fa1ef04c-d652-11de-9e4c-806d6172696f}\Shell\AutoRun\command - "" = n1v93rqo.exe
  O33 - MountPoints2\{fa1ef04c-d652-11de-9e4c-806d6172696f}\Shell\open\Command - "" = n1v93rqo.exe
  [2009/12/16 10:24:16 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ZR-7400A.EXE
  [2009/12/16 10:24:15 | 00,022,016 | -HS- | C] () -- C:\WINDOWS\System32\123.EXE
  [2009/12/07 06:55:22 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\a7.ini
  [2009/12/07 06:55:21 | 00,022,528 | -HS- | C] () -- C:\WINDOWS\System32\ZOON-57A.EXE
  [2009/12/07 06:55:21 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\U5-31B37.EXE
  :Commands
  [EmptyTemp]
  [Reboot]

  
  
• Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
  
• Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
I'll need to see that log later
A copy of this log can also be found in
C:\_OTL\Moved Files folder

download Flash_Disinfector  (http://\"http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe\") and save it to your desktop

• Double on Flash_Disinfector.exe  to run it. If you receive a prompt, please allow it.
     
  
• You will be prompted to plug in your flash drive. Plug it in. If you have more than one, plug them in
• Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
• When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
     
  
• Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
  

[color=\"#4169E1\"]Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.[/color]

leave your Flash drive(s) connected to the computer
Go to Start>>My Computer
Right click on your Flash Drive(s) and select to scan with Avast

In addition:
Can you run an Online Virus scan
Temporarily disable your realtime protection with your own Virus scanner so it won't interfere with this scan
With Avast, simply right click on it's icon by the clock and choose to "Stop On Access Protections"
Ok the prompt
Go to the following link [color=\"#0000FF\"]ESET Online Scanner[/color] (http://\"http://www.eset.com/onlinescan/\")[/url]
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
     
  
• Click Start
     
  
• When asked, allow the ActiveX control to install
• Click Start
     
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
     
  
• Click Scan (This scan can take awhile, so please be patient)
     
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
     
  
• Copy and paste that log as a reply to this topic

Recap, I need to see the log from OTL and Eset also
Keep me informed how things are now running

Title: System Volume, USB and many other viruses
Post by: stephani on December 17, 2009, 05:41:50 AM

im not sure that the USB cleaner thing works for me. I tried it once before posting on this forum but it didnt seem to work. I manually just kept the files i needed and reformatted my 2 USB's so now they are fine and ive used the usb cleaner program on iagain just to be sure but my ipod seems to still ahve the virus. its making its own "exe" files and even after cleaning it with the program, i scanned with avast and its still doing it /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

the computer seems to be working better. Those viruses never really seemed to do anything but it was just annoying how avast always said i had viruses and i dont want viruses to be around regardless of whether its affecting me.

will post log soon. scanning now. thankyou for all the help so far /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Title: System Volume, USB and many other viruses
Post by: guestolo on December 17, 2009, 09:07:18 PM

Darn, should of had you plug in your Ipod also, it's that same as a Flash drive
Carry on and post the logs afterwards

Title: System Volume, USB and many other viruses
Post by: stephani on December 19, 2009, 06:38:20 AM

[quote name=\'guestolo\' post=\'466909\' date=\'Dec 17 2009, 09:07 PM\']Darn, should of had you plug in your Ipod also, it's that same as a Flash drive
Carry on and post the logs afterwards[/quote]



  sorry for late reply! I didplug in my ipod. but the program didnt fix it i dont think. Things do seem better.. but i wana completely get rid of every last bit of the damn virus!! btw.. is it safe to use internet banking and stuff like that?

 anywho. the logs!


OTL Extras logfile created on: 16/12/2009 6:10:47 PM - Run 1
OTL by OldTimer - Version 3.1.17.0     Folder = C:\Documents and Settings\Stephanie\桌面
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: 澳大利亞 | Language: ENA | Date Format: d/MM/yyyy
 
1014.36 Mb Total Physical Memory | 634.99 Mb Available Physical Memory | 62.60% Memory free
2.39 Gb Paging File | 2.09 Gb Available in Paging File | 87.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 60.36 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.37 Gb Free Space | 99.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 292.38 Gb Free Space | 98.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: STEPHANIE-NC10
Current User Name: Stephanie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1028-7B44-A81200000003}" = Adobe Reader 8.1.2 - Chinese Traditional
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"avast!" = avast! Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"RealAlt_is1" = Real Alternative 2.0.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Antivirus Events ]
Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_RestoreFile Error 3.  
 
Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestRestoreFile Error 3.  
 
Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestGetFile Error 3.  
 
Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::ExtractSelectedFiles()
 chestGetFile() failed: 3.  
 
[ Application Events ]
Error - 20/02/2009 10:43:52 AM | Computer Name = Stephanie-NC10 | Source = LoadPerf | ID = 3001
Description =
 
Error - 23/11/2009 12:09:24 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 486
Description = svchost (1060) 嘗試移動檔案 "C:\WINDOWS\system32\CatRoot2\edb.log" 至 "C:\WINDOWS\system32\CatRoot2\edb0001A.log"
 å¤±æ•—並出現系統錯誤 183 (0x000000b7): "當檔案已存在時，無法建立該檔案。 "。 移動檔案作業將會失敗並出現錯誤 -1022 (0xfffffc02)。
 
Error - 23/11/2009 12:09:24 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 413
Description = Catalog Database (1060) 無法建立新的記錄檔案，原因是資料庫無法寫入記錄磁碟機ã€
‚磁碟機可能為唯讀、用完磁碟空間、設定錯誤或損壞。錯誤
 -1022。
 
Error - 23/11/2009 12:09:24 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 492
Description = Catalog Database (1060)  "C:\WINDOWS\system32\CatRoot2\" 中的記錄檔案序列由於發生嚴重錯誤而停止。
 ä½¿ç”¨æ­¤è¨˜éŒ„檔案序列的資料庫將無法做進一步的更新。請修æ­
£å•é¡Œç„¶å¾Œé‡æ–°å•Ÿå‹•æˆ–從備份還原。
 
Error - 23/11/2009 12:35:42 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 454
Description = Catalog Database (840) 資料庫修復/還原失敗，發生意外錯誤 -551。
 
Error - 24/11/2009 2:12:26 AM | Computer Name = STEPHANIE-NC10 | Source = LoadPerf | ID = 3001
Description =
 
[ System Events ]
Error - 28/11/2009 8:13:21 AM | Computer Name = STEPHANIE-NC10 | Source = Dhcp | ID = 1002
Description = DHCP 伺服器 192.168.1.1 拒絕網路位址 00242B2E4CC2 的介面卡的  IP 位址租用 192.168.1.2
(DHCP 伺服器已傳送 DHCPNACK 訊息)。
 
Error - 28/11/2009 8:13:42 AM | Computer Name = STEPHANIE-NC10 | Source = W32Time | ID = 39452689
Description = 時間提供者 NtpClient: 手動的設定對等 'time.windows.com,0x1' 在進行 DNS 搜尋時  ç™¼ç”Ÿæ„å¤–錯誤。
 NtpClient 會在 15 分鐘內重新嘗試  DNS 搜尋。  éŒ¯èª¤æ˜¯: 通訊端操作無法連線到主機。 (0x80072751)
 
Error - 28/11/2009 8:13:42 AM | Computer Name = STEPHANIE-NC10 | Source = W32Time | ID = 39452701
Description = 時間提供者 NtpClient 已經設定成從某些時間來源  å–得時間，不過目前沒有可存取的時間來源，  å°‡å˜—試在 14 分內連絡上一個來源。
NTPCLIENT
 æ²’有正確的時間來源。
 
Error - 30/11/2009 6:51:12 PM | Computer Name = STEPHANIE-NC10 | Source = DCOM | ID = 10010
Description = 伺服器 {8BC3F05E-D86B-11D0-A075-00C04FB68820} 沒有在指定的等候逾時內登錄 DCOM。
 
Error - 7/12/2009 4:16:13 AM | Computer Name = STEPHANIE-NC10 | Source = Service Control Manager | ID = 7022
Description = WebClient 服務在啟動時暫停。
 
Error - 10/12/2009 1:12:03 AM | Computer Name = STEPHANIE-NC10 | Source = Dhcp | ID = 1002
Description = DHCP 伺服器 192.168.17.1 拒絕網路位址 00242B2E4CC2 的介面卡的  IP 位址租用 192.168.1.2
 (DHCP 伺服器已傳送 DHCPNACK 訊息)。
 
Error - 15/12/2009 9:22:28 PM | Computer Name = STEPHANIE-NC10 | Source = DCOM | ID = 10005
Description = DCOM 遇到錯誤 "%1084"，是當嘗試啟動服務 EventSystem 而引數為 ""，  ç‚ºäº†åŸ·è¡Œä¼ºæœå™¨:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 ä¹‹æ™‚
 
Error - 15/12/2009 9:22:56 PM | Computer Name = STEPHANIE-NC10 | Source = Service Control Manager | ID = 7026
Description = 下列開機啟動或系統啟動驅動程式無法載入:   Fips  intelppm
 
Error - 15/12/2009 9:52:23 PM | Computer Name = STEPHANIE-NC10 | Source = DCOM | ID = 10005
Description = DCOM 遇到錯誤 "%1084"，是當嘗試啟動服務 EventSystem 而引數為 ""，  ç‚ºäº†åŸ·è¡Œä¼ºæœå™¨:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 ä¹‹æ™‚
 
Error - 15/12/2009 9:53:17 PM | Computer Name = STEPHANIE-NC10 | Source = sr | ID = 1
Description = 系統還原篩選器在磁碟區 HarddiskVolume2 處理檔案  æ™‚遇到意外錯誤 0xC0000001。系統還原已經停止監視磁碟區。
 
 
< End of report >



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8a0084e0b282d44d89836dcdb94ddb02
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-17 12:16:55
# local_time=2009-12-17 10:16:55 )
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775141 100 98 0 197335534 0 0
# compatibility_mode=8192 67108863 100 0 828 828 0 0
# scanned=54178
# found=2
# cleaned=2
# scan_time=1456
C:\_OTL\MovedFiles\12172009_212358\C_WINDOWS\system32\U5-31B37.EXE    Win32/FlyStudio.OAL trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C
C:\_OTL\MovedFiles\12172009_212358\C_WINDOWS\system32\ZOON-57A.EXE    Win32/FlyStudio.OAL trojan (cleaned by deleting - quarantined)    00000000000000000000000000000000    C

Title: System Volume, USB and many other viruses
Post by: guestolo on December 19, 2009, 10:38:11 PM

Can you do the following
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
[color=\"blue\"]Updating Java:[/color]

• Download the latest version of  Java Runtime Environment (JRE) (http://\"http://java.sun.com/javase/downloads/index.jsp\").
  
• Scroll down to where it says "JRE 6 Update 17".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select Windows,>>Check the "agree" box and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.

- in your case, remove:

J2SE Runtime Environment 5.0

• Click the Remove or Change/Remove button.
  
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u17-windows-i586.exe that you downloaded to install the newest version.
  

Afterwards:
Download and save to desktop [color=\"#0000FF\"]Gmer.zip[/color] (http://\"http://www.gmer.net/gmer.zip\")
   1.  Extract the contents of the zipped file to desktop.
   2. Double click GMER.exe.
(http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif)
   3. If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
   4. In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...

• Sections
• IAT/EAT
• Drives/Partition other than Systemdrive (typically C:\)
• Show All (don't miss this one)

(http://i266.photobucket.com/albums/ii277/sUBs_/Gmer_initScan.gif)
            Click the image to enlarge it
   5. Then click the Scan button & wait for it to finish.
   6. Once done click on the [Save..] button, and in the File name area, type in "gmer.txt"(without quotes)
   7. Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

The OTL log that you posted wasn't the one I wanted to see, that's ok
But can you run a Fresh Scan with OTL.exe and post the new log that opens