Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - stephani

Pages: [1]

Tech Clinic / System Volume, USB and many other viruses

« on: December 19, 2009, 06:38:20 AM »

[quote name=\'guestolo\' post=\'466909\' date=\'Dec 17 2009, 09:07 PM\']Darn, should of had you plug in your Ipod also, it's that same as a Flash drive
Carry on and post the logs afterwards[/quote]

sorry for late reply! I didplug in my ipod. but the program didnt fix it i dont think. Things do seem better.. but i wana completely get rid of every last bit of the damn virus!! btw.. is it safe to use internet banking and stuff like that?

anywho. the logs!

OTL Extras logfile created on: 16/12/2009 6:10:47 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Stephanie\æ¡Œé¢
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: æ¾³å¤§åˆ©äºž | Language: ENA | Date Format: d/MM/yyyy

1014.36 Mb Total Physical Memory | 634.99 Mb Available Physical Memory | 62.60% Memory free
2.39 Gb Paging File | 2.09 Gb Available in Paging File | 87.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 60.36 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.37 Gb Free Space | 99.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 292.38 Gb Free Space | 98.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPHANIE-NC10
Current User Name: Stephanie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=\"#E56717\"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=\"#E56717\"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[color=\"#E56717\"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1028-7B44-A81200000003}" = Adobe Reader 8.1.2 - Chinese Traditional
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"avast!" = avast! Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"RealAlt_is1" = Real Alternative 2.0.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]

[ Antivirus Events ]
Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_RestoreFile Error 3.

Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestRestoreFile Error 3.

Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestGetFile Error 3.

Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::ExtractSelectedFiles()
chestGetFile() failed: 3.

[ Application Events ]
Error - 20/02/2009 10:43:52 AM | Computer Name = Stephanie-NC10 | Source = LoadPerf | ID = 3001
Description =

Error - 23/11/2009 12:09:24 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 486
Description = svchost (1060) å˜—è©¦ç§»å‹•æª”æ¡ˆ "C:\WINDOWS\system32\CatRoot2\edb.log" è‡³ "C:\WINDOWS\system32\CatRoot2\edb0001A.log"
å¤±æ•—ä¸¦å‡ºç¾ç³»çµ±éŒ¯èª¤ 183 (0x000000b7): "ç•¶æª”æ¡ˆå·²å˜åœ¨æ™‚ï¼Œç„¡æ³•å»ºç«‹è©²æª”æ¡ˆã€‚ "ã€‚ ç§»å‹•æª”æ¡ˆä½œæ¥å°‡æœƒå¤±æ•—ä¸¦å‡ºç¾éŒ¯èª¤ -1022 (0xfffffc02)ã€‚

Error - 23/11/2009 12:09:24 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 413
Description = Catalog Database (1060) ç„¡æ³•å»ºç«‹æ–°çš„è¨˜éŒ„æª”æ¡ˆï¼ŒåŽŸå› æ˜¯è³‡æ–™åº«ç„¡æ³•å¯«å…¥è¨˜éŒ„ç£ç¢Ÿæ©Ÿã€
‚ç£ç¢Ÿæ©Ÿå¯èƒ½ç‚ºå”¯è®€ã€ç”¨å®Œç£ç¢Ÿç©ºé–“ã€è¨å®šéŒ¯èª¤æˆ–æå£žã€‚éŒ¯èª¤
-1022ã€‚

Error - 23/11/2009 12:09:24 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 492
Description = Catalog Database (1060) "C:\WINDOWS\system32\CatRoot2\" ä¸çš„è¨˜éŒ„æª”æ¡ˆåºåˆ—ç”±æ–¼ç™¼ç”Ÿåš´é‡éŒ¯èª¤è€Œåœæ¢ã€‚
ä½¿ç”¨æ¤è¨˜éŒ„æª”æ¡ˆåºåˆ—çš„è³‡æ–™åº«å°‡ç„¡æ³•åšé€²ä¸€æ¥çš„æ›´æ–°ã€‚è«‹ä¿®æ
£å•é¡Œç„¶å¾Œé‡æ–°å•Ÿå‹•æˆ–å¾žå‚™ä»½é‚„åŽŸã€‚

Error - 23/11/2009 12:35:42 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 454
Description = Catalog Database (840) è³‡æ–™åº«ä¿®å¾©/é‚„åŽŸå¤±æ•—ï¼Œç™¼ç”Ÿæ„å¤–éŒ¯èª¤ -551ã€‚

Error - 24/11/2009 2:12:26 AM | Computer Name = STEPHANIE-NC10 | Source = LoadPerf | ID = 3001
Description =

[ System Events ]
Error - 28/11/2009 8:13:21 AM | Computer Name = STEPHANIE-NC10 | Source = Dhcp | ID = 1002
Description = DHCP ä¼ºæœå™¨ 192.168.1.1 æ‹’çµ•ç¶²è·¯ä½å€ 00242B2E4CC2 çš„ä»‹é¢å¡çš„ IP ä½å€ç§Ÿç”¨ 192.168.1.2
(DHCP ä¼ºæœå™¨å·²å‚³é€ DHCPNACK è¨Šæ¯)ã€‚

Error - 28/11/2009 8:13:42 AM | Computer Name = STEPHANIE-NC10 | Source = W32Time | ID = 39452689
Description = æ™‚é–“æä¾›è€… NtpClient: æ‰‹å‹•çš„è¨å®šå°ç‰ 'time.windows.com,0x1' åœ¨é€²è¡Œ DNS æœå°‹æ™‚ ç™¼ç”Ÿæ„å¤–éŒ¯èª¤ã€‚
NtpClient æœƒåœ¨ 15 åˆ†é˜å…§é‡æ–°å˜—è©¦ DNS æœå°‹ã€‚ éŒ¯èª¤æ˜¯: é€šè¨Šç«¯æ“ä½œç„¡æ³•é€£ç·šåˆ°ä¸»æ©Ÿã€‚ (0x80072751)

Error - 28/11/2009 8:13:42 AM | Computer Name = STEPHANIE-NC10 | Source = W32Time | ID = 39452701
Description = æ™‚é–“æä¾›è€… NtpClient å·²ç¶“è¨å®šæˆå¾žæŸäº›æ™‚é–“ä¾†æº å–å¾—æ™‚é–“ï¼Œä¸éŽç›®å‰æ²’æœ‰å¯å˜å–çš„æ™‚é–“ä¾†æºï¼Œ å°‡å˜—è©¦åœ¨ 14 åˆ†å…§é€£çµ¡ä¸Šä¸€å€‹ä¾†æºã€‚
NTPCLIENT
æ²’æœ‰æ£ç¢ºçš„æ™‚é–“ä¾†æºã€‚

Error - 30/11/2009 6:51:12 PM | Computer Name = STEPHANIE-NC10 | Source = DCOM | ID = 10010
Description = ä¼ºæœå™¨ {8BC3F05E-D86B-11D0-A075-00C04FB68820} æ²’æœ‰åœ¨æŒ‡å®šçš„ç‰å€™é€¾æ™‚å…§ç™»éŒ„ DCOMã€‚

Error - 7/12/2009 4:16:13 AM | Computer Name = STEPHANIE-NC10 | Source = Service Control Manager | ID = 7022
Description = WebClient æœå‹™åœ¨å•Ÿå‹•æ™‚æš«åœã€‚

Error - 10/12/2009 1:12:03 AM | Computer Name = STEPHANIE-NC10 | Source = Dhcp | ID = 1002
Description = DHCP ä¼ºæœå™¨ 192.168.17.1 æ‹’çµ•ç¶²è·¯ä½å€ 00242B2E4CC2 çš„ä»‹é¢å¡çš„ IP ä½å€ç§Ÿç”¨ 192.168.1.2
(DHCP ä¼ºæœå™¨å·²å‚³é€ DHCPNACK è¨Šæ¯)ã€‚

Error - 15/12/2009 9:22:28 PM | Computer Name = STEPHANIE-NC10 | Source = DCOM | ID = 10005
Description = DCOM é‡åˆ°éŒ¯èª¤ "%1084"ï¼Œæ˜¯ç•¶å˜—è©¦å•Ÿå‹•æœå‹™ EventSystem è€Œå¼•æ•¸ç‚º ""ï¼Œ ç‚ºäº†åŸ·è¡Œä¼ºæœå™¨: {1BE1F766-5536-11D1-B726-00C04FB926AF}
ä¹‹æ™‚

Error - 15/12/2009 9:22:56 PM | Computer Name = STEPHANIE-NC10 | Source = Service Control Manager | ID = 7026
Description = ä¸‹åˆ—é–‹æ©Ÿå•Ÿå‹•æˆ–ç³»çµ±å•Ÿå‹•é©…å‹•ç¨‹å¼ç„¡æ³•è¼‰å…¥: Fips intelppm

Error - 15/12/2009 9:52:23 PM | Computer Name = STEPHANIE-NC10 | Source = DCOM | ID = 10005
Description = DCOM é‡åˆ°éŒ¯èª¤ "%1084"ï¼Œæ˜¯ç•¶å˜—è©¦å•Ÿå‹•æœå‹™ EventSystem è€Œå¼•æ•¸ç‚º ""ï¼Œ ç‚ºäº†åŸ·è¡Œä¼ºæœå™¨: {1BE1F766-5536-11D1-B726-00C04FB926AF}
ä¹‹æ™‚

Error - 15/12/2009 9:53:17 PM | Computer Name = STEPHANIE-NC10 | Source = sr | ID = 1
Description = ç³»çµ±é‚„åŽŸç¯©é¸å™¨åœ¨ç£ç¢Ÿå€ HarddiskVolume2 è™•ç†æª”æ¡ˆ æ™‚é‡åˆ°æ„å¤–éŒ¯èª¤ 0xC0000001ã€‚ç³»çµ±é‚„åŽŸå·²ç¶“åœæ¢ç›£è¦–ç£ç¢Ÿå€ã€‚

< End of report >

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8a0084e0b282d44d89836dcdb94ddb02
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-12-17 12:16:55
# local_time=2009-12-17 10:16:55 )
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775141 100 98 0 197335534 0 0
# compatibility_mode=8192 67108863 100 0 828 828 0 0
# scanned=54178
# found=2
# cleaned=2
# scan_time=1456
C:\_OTL\MovedFiles\12172009_212358\C_WINDOWS\system32\U5-31B37.EXE Win32/FlyStudio.OAL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\12172009_212358\C_WINDOWS\system32\ZOON-57A.EXE Win32/FlyStudio.OAL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Tech Clinic / System Volume, USB and many other viruses

« on: December 17, 2009, 05:41:50 AM »

im not sure that the USB cleaner thing works for me. I tried it once before posting on this forum but it didnt seem to work. I manually just kept the files i needed and reformatted my 2 USB's so now they are fine and ive used the usb cleaner program on iagain just to be sure but my ipod seems to still ahve the virus. its making its own "exe" files and even after cleaning it with the program, i scanned with avast and its still doing it

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

the computer seems to be working better. Those viruses never really seemed to do anything but it was just annoying how avast always said i had viruses and i dont want viruses to be around regardless of whether its affecting me.

will post log soon. scanning now. thankyou for all the help so far

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Tech Clinic / System Volume, USB and many other viruses

« on: December 16, 2009, 02:43:49 AM »

My computer is in chinese so i hope those bits at the end of the report arent a big problem.

Thanks

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

OTL logfile created on: 16/12/2009 6:10:47 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Stephanie\æ¡Œé¢
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: æ¾³å¤§åˆ©äºž | Language: ENA | Date Format: d/MM/yyyy

1014.36 Mb Total Physical Memory | 634.99 Mb Available Physical Memory | 62.60% Memory free
2.39 Gb Paging File | 2.09 Gb Available in Paging File | 87.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 60.36 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.37 Gb Free Space | 99.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 292.38 Gb Free Space | 98.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPHANIE-NC10
Current User Name: Stephanie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]

PRC - [2009/12/16 18:10:00 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie\æ¡Œé¢\OTL.exe
PRC - [2009/11/25 09:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 09:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 09:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/10/29 11:45:35 | 00,036,972 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0\bin\jusched.exe
PRC - [2008/10/07 19:22:48 | 02,768,896 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2008/10/06 20:07:26 | 00,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008/08/29 04:34:52 | 01,044,480 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2008/08/27 06:51:00 | 16,851,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/05/21 18:44:30 | 00,299,008 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2008/05/20 22:02:08 | 00,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
PRC - [2008/04/14 22:00:00 | 00,978,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/29 08:00:20 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2008/02/29 08:00:16 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/02/29 08:00:14 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2008/02/29 08:00:10 | 00,170,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxext.exe
PRC - [2008/02/29 08:00:04 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/12/20 22:40:30 | 00,659,456 | ---- | M] (Samsung Electronics,.LTD) -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2007/04/01 09:02:38 | 01,416,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/04/01 09:02:38 | 00,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/04/01 09:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/10/30 16:29:28 | 00,036,864 | ---- | M] () -- C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe
PRC - [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe

[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]

MOD - [2009/12/16 18:10:00 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie\æ¡Œé¢\OTL.exe
MOD - [2007/04/02 15:00:48 | 00,086,016 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll

[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]

SRV - [2009/11/25 09:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 09:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 09:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 09:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/11/21 18:54:34 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/13 10:44:00 | 00,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2007/04/01 09:02:36 | 00,273,256 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/10/30 16:29:28 | 00,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service)
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]

DRV - [2009/11/25 09:50:59 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 09:50:12 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 09:50:00 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 09:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 09:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 09:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/10/08 16:35:10 | 01,334,432 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2008/09/24 06:23:58 | 00,238,464 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMC326.sys -- (VMC326)
DRV - [2008/08/29 04:18:14 | 00,224,736 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/08/27 09:35:00 | 04,753,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/27 18:02:00 | 00,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/04/14 22:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 22:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 22:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 22:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2008/02/16 06:12:06 | 05,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/14 21:01:02 | 00,030,208 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2007/04/01 06:02:42 | 00,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/24 03:50:42 | 00,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/10/27 14:18:05 | 00,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)

[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=\"#E56717\"]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/11 11:32:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/11 11:32:37 | 00,000,000 | ---D | M]

[2009/11/21 20:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\Mozilla\Extensions
[2009/11/21 20:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Stephanie\Application Data\Mozilla\Firefox\Profiles\jk5ek3yn.default\extensions
[2009/11/21 18:46:14 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/03 11:42:02 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/11/03 11:42:02 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/11/03 11:42:02 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/11/03 11:42:02 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe (Samsung Electronics,.LTD)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\ã€Œé–‹å§‹ã€åŠŸèƒ½è¡¨\ç¨‹å¼é›†\å•Ÿå‹•\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: å‚³é€åˆ° &Bluetooth è£ç½®... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (ç›®å‰çš„é¦–é ) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/29 11:41:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/12/16 11:07:15 | 00,000,063 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/12/16 11:07:15 | 00,000,063 | RHS- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{08b293ee-d67a-11de-9e4f-00242b2e4cc2}\Shell\AutoRun\command - "" = n1v93rqo.exe
O33 - MountPoints2\{08b293ee-d67a-11de-9e4f-00242b2e4cc2}\Shell\open\Command - "" = n1v93rqo.exe
O33 - MountPoints2\{09e8b283-daf5-11de-9e5a-00242b2e4cc2}\Shell - "" = AutoRun
O33 - MountPoints2\{09e8b283-daf5-11de-9e5a-00242b2e4cc2}\Shell\1\Command - "" = E:\Recycled.exe -- File not found
O33 - MountPoints2\{09e8b283-daf5-11de-9e5a-00242b2e4cc2}\Shell\2\Command - "" = E:\Recycled.exe -- File not found
O33 - MountPoints2\{5b0dda53-e5e9-11de-9e67-00242b2e4cc2}\Shell\AutoRun\command - "" = n1v93rqo.exe
O33 - MountPoints2\{5b0dda53-e5e9-11de-9e67-00242b2e4cc2}\Shell\open\Command - "" = n1v93rqo.exe
O33 - MountPoints2\{5f2831b2-d65b-11de-9e4e-00242b2e4cc2}\Shell\AutoRun\command - "" = n1v93rqo.exe
O33 - MountPoints2\{5f2831b2-d65b-11de-9e4e-00242b2e4cc2}\Shell\open\Command - "" = n1v93rqo.exe
O33 - MountPoints2\{fa1ef04c-d652-11de-9e4c-806d6172696f}\Shell\AutoRun\command - "" = n1v93rqo.exe
O33 - MountPoints2\{fa1ef04c-d652-11de-9e4c-806d6172696f}\Shell\open\Command - "" = n1v93rqo.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]

[2009/12/16 18:09:58 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stephanie\æ¡Œé¢\OTL.exe
[2009/12/16 12:30:37 | 00,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/12/16 12:30:36 | 00,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/12/16 12:30:35 | 00,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/12/16 12:30:33 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/12/16 12:30:33 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/12/16 12:30:33 | 00,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/12/16 12:30:33 | 00,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/12/16 12:30:33 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/12/16 12:29:57 | 01,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/12/16 12:16:28 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/16 11:13:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Application Data\Malwarebytes
[2009/12/16 11:13:14 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/16 11:13:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/16 11:13:11 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/16 11:13:11 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/16 10:23:13 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/12/16 10:23:13 | 00,013,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/12/15 23:12:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Tracing
[2009/12/15 23:10:07 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/12/15 23:09:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/12/15 23:09:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/12/15 23:09:19 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/12/15 23:06:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/12/13 21:07:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Application Data\Real
[2009/12/11 11:32:34 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/12/11 11:32:34 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/12/11 11:32:34 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/12/11 11:32:34 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/12/11 11:32:33 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009/12/11 11:27:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Application Data\Media Player Classic
[2009/12/08 01:46:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\æ¡Œé¢\Tutoring Files
[2009/11/27 11:42:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/11/27 11:36:49 | 00,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\SONYPVU1.SYS
[2009/11/27 11:36:49 | 00,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[2009/11/24 16:32:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\My Documents\æˆ‘å·²æŽ¥æ”¶çš„æª”æ¡ˆ
[2009/11/22 19:26:37 | 00,201,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/11/22 19:26:37 | 00,113,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\Mpfp.sys
[2009/11/22 19:26:37 | 00,079,304 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/11/22 19:26:37 | 00,040,488 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2009/11/22 19:26:37 | 00,035,240 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/11/22 19:26:37 | 00,033,800 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2009/11/22 01:36:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Application Data\WinRAR
[2009/11/22 01:35:11 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/11/22 01:35:10 | 02,065,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/11/22 01:35:10 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/11/21 23:23:10 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/11/21 23:20:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\My Documents\Downloads
[2009/11/21 23:10:59 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/11/21 23:10:59 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCP71.dll
[2009/11/21 23:10:59 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCR71.dll
[2009/11/21 23:10:55 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/11/21 20:35:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Local Settings\Application Data\Mozilla
[2009/11/21 20:35:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Application Data\Mozilla
[2009/11/21 19:10:12 | 00,269,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/11/21 19:02:11 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/11/21 18:54:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/11/21 18:51:43 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2009/11/21 18:50:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/11/21 18:50:04 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/11/21 18:49:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/11/21 18:49:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/11/21 18:46:52 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/11/21 18:46:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/11/21 18:46:08 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/11/21 18:45:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Local Settings\Application Data\Microsoft Help
[2009/11/21 18:45:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/11/21 18:45:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/11/21 18:45:24 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/11/21 16:41:35 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/11/21 15:17:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\Application Data\Macromedia
[2009/11/21 15:17:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/11/21 15:17:14 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/11/21 15:17:14 | 00,015,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/11/21 15:17:13 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/11/21 14:59:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/11/21 14:13:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\My Documents\Photos1
[2009/11/21 14:13:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Stephanie\æ¡Œé¢\Uni Files
[2008/10/29 11:44:59 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/10/29 11:44:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/10/29 11:44:58 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/10/29 11:44:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]

[2009/12/16 18:10:00 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stephanie\æ¡Œé¢\OTL.exe
[2009/12/16 15:59:40 | 02,097,152 | -H-- | M] () -- C:\Documents and Settings\Stephanie\NTUSER.DAT
[2009/12/16 15:43:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/16 15:43:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/16 15:43:08 | 10,637,02528 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/16 15:42:19 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Stephanie\ntuser.ini
[2009/12/16 15:42:08 | 03,755,768 | -H-- | M] () -- C:\Documents and Settings\Stephanie\Local Settings\Application Data\IconCache.db
[2009/12/16 12:30:37 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\æ¡Œé¢\avast! Antivirus.lnk
[2009/12/16 12:30:33 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/16 12:20:13 | 00,002,449 | ---- | M] () -- C:\Documents and Settings\Stephanie\æ¡Œé¢\HiJackThis.lnk
[2009/12/16 12:04:22 | 00,002,407 | ---- | M] () -- C:\Documents and Settings\All Users\æ¡Œé¢\Play Camera.lnk
[2009/12/16 11:13:17 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\æ¡Œé¢\Malwarebytes' Anti-Malware.lnk
[2009/12/16 10:24:16 | 00,022,016 | ---- | M] () -- C:\WINDOWS\System32\ZR-7400A.EXE
[2009/12/16 10:24:15 | 00,022,016 | -HS- | M] () -- C:\WINDOWS\System32\123.EXE
[2009/12/15 22:53:10 | 00,022,528 | ---- | M] () -- C:\WINDOWS\System32\U5-31B37.EXE
[2009/12/10 08:15:41 | 00,539,888 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 08:15:41 | 00,314,842 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 08:15:41 | 00,133,684 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat
[2009/12/10 08:15:41 | 00,043,472 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat
[2009/12/10 08:15:41 | 00,041,170 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 08:13:38 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/07 07:52:17 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/07 06:55:22 | 00,000,010 | ---- | M] () -- C:\WINDOWS\System32\a7.ini
[2009/12/07 06:55:21 | 00,022,528 | -HS- | M] () -- C:\WINDOWS\System32\ZOON-57A.EXE
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/27 11:48:55 | 00,075,800 | ---- | M] () -- C:\Documents and Settings\Stephanie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/25 09:54:29 | 01,280,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/11/25 09:51:09 | 00,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/11/25 09:50:59 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/11/25 09:50:12 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/11/25 09:50:00 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/11/25 09:49:07 | 00,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/11/25 09:48:57 | 00,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/11/25 09:47:54 | 00,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/11/25 09:47:28 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/11/23 14:35:21 | 01,594,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/21 20:35:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/11/21 18:46:36 | 00,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/21 18:46:17 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\æ¡Œé¢\Mozilla Firefox.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]

[2009/12/16 12:30:37 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\æ¡Œé¢\avast! Antivirus.lnk
[2009/12/16 12:29:57 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/12/16 12:16:28 | 00,002,449 | ---- | C] () -- C:\Documents and Settings\Stephanie\æ¡Œé¢\HiJackThis.lnk
[2009/12/16 11:53:08 | 10,637,02528 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/16 11:13:17 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\æ¡Œé¢\Malwarebytes' Anti-Malware.lnk
[2009/12/16 10:24:16 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ZR-7400A.EXE
[2009/12/16 10:24:15 | 00,022,016 | -HS- | C] () -- C:\WINDOWS\System32\123.EXE
[2009/12/07 06:55:22 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\a7.ini
[2009/12/07 06:55:21 | 00,022,528 | -HS- | C] () -- C:\WINDOWS\System32\ZOON-57A.EXE
[2009/12/07 06:55:21 | 00,022,528 | ---- | C] () -- C:\WINDOWS\System32\U5-31B37.EXE
[2009/11/21 23:23:15 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/21 20:35:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/21 18:46:17 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\æ¡Œé¢\Mozilla Firefox.lnk
[2009/02/21 00:42:45 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Stephanie_KBD.ini
[2008/12/29 13:16:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/10/29 11:54:53 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\MagicKBD.INI
[2008/10/29 11:54:53 | 00,001,520 | ---- | C] () -- C:\WINDOWS\System32\Owner_KBD.ini
[2008/10/29 11:54:50 | 00,003,425 | ---- | C] () -- C:\WINDOWS\System32\KBDR.INI
[2008/10/29 11:54:50 | 00,002,741 | ---- | C] () -- C:\WINDOWS\System32\KBDD.INI
[2008/10/29 11:54:50 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDO.INI
[2008/10/29 11:54:50 | 00,002,699 | ---- | C] () -- C:\WINDOWS\System32\KBDC.INI
[2008/10/29 11:54:50 | 00,002,606 | ---- | C] () -- C:\WINDOWS\System32\KBDB.INI
[2008/10/29 11:54:50 | 00,002,236 | ---- | C] () -- C:\WINDOWS\System32\KBDQ.INI
[2008/10/29 11:54:50 | 00,001,956 | ---- | C] () -- C:\WINDOWS\System32\KBDE.INI
[2008/10/29 11:54:50 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\KBDP.INI
[2008/10/29 11:54:50 | 00,001,857 | ---- | C] () -- C:\WINDOWS\System32\KBDUU.INI
[2008/10/29 11:54:50 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDG.INI
[2008/10/29 11:54:50 | 00,001,835 | ---- | C] () -- C:\WINDOWS\System32\KBDA.INI
[2008/10/29 11:54:50 | 00,001,834 | ---- | C] () -- C:\WINDOWS\System32\KBDU.INI
[2008/10/29 11:54:50 | 00,001,819 | ---- | C] () -- C:\WINDOWS\System32\KBDN.INI
[2008/10/29 11:54:50 | 00,001,699 | ---- | C] () -- C:\WINDOWS\System32\KBDT.INI
[2008/10/29 11:54:50 | 00,001,697 | ---- | C] () -- C:\WINDOWS\System32\KBDV.INI
[2008/10/29 11:54:50 | 00,001,522 | ---- | C] () -- C:\WINDOWS\System32\KBDS.INI
[2008/10/29 11:54:50 | 00,001,476 | ---- | C] () -- C:\WINDOWS\System32\KBDF.INI
[2008/10/29 11:52:33 | 00,000,135 | R--- | C] () -- C:\WINDOWS\System32\lngEng.ini
[2008/10/29 11:52:33 | 00,000,117 | ---- | C] () -- C:\WINDOWS\System32\lngKor.ini
[2008/10/29 11:48:55 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/10/29 11:46:06 | 00,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2008/10/29 10:25:09 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007/04/01 09:00:28 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/04/01 08:41:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/02/17 12:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >

OTL Extras logfile created on: 16/12/2009 6:10:47 PM - Run 1
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\Stephanie\æ¡Œé¢
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: æ¾³å¤§åˆ©äºž | Language: ENA | Date Format: d/MM/yyyy

1014.36 Mb Total Physical Memory | 634.99 Mb Available Physical Memory | 62.60% Memory free
2.39 Gb Paging File | 2.09 Gb Available in Paging File | 87.34% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.04 Gb Total Space | 60.36 Gb Free Space | 84.96% Space Free | Partition Type: NTFS
Drive D: | 72.00 Gb Total Space | 71.37 Gb Free Space | 99.12% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 298.08 Gb Total Space | 292.38 Gb Free Space | 98.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEPHANIE-NC10
Current User Name: Stephanie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]

[color=\"#E56717\"]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=\"#E56717\"]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[color=\"#E56717\"]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[color=\"#E56717\"]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5CBB720F-08E6-4043-B83F-76C277AF6DE7}" = Samsung Wallpaper
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{ABB14904-A11B-4F42-996C-80FD608A0F17}" = Samsung EDS
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1028-7B44-A81200000003}" = Adobe Reader 8.1.2 - Chinese Traditional
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD723E53-A42C-4702-AA04-1D74A0311590}" = Magic Keyboard
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"avast!" = avast! Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera
"InstallShield_{DEA48EFD-22C1-4CD6-B887-EB2E6B2E4735}" = Samsung Network Manager 2.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"RealAlt_is1" = Real Alternative 2.0.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]

[ Antivirus Events ]
Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_RestoreFile Error 3.

Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestRestoreFile Error 3.

Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestGetFile Error 3.

Error - 14/12/2009 9:06:25 PM | Computer Name = STEPHANIE-NC10 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::ExtractSelectedFiles()
chestGetFile() failed: 3.

[ Application Events ]
Error - 20/02/2009 10:43:52 AM | Computer Name = Stephanie-NC10 | Source = LoadPerf | ID = 3001
Description =

Error - 23/11/2009 12:09:24 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 486
Description = svchost (1060) å˜—è©¦ç§»å‹•æª”æ¡ˆ "C:\WINDOWS\system32\CatRoot2\edb.log" è‡³ "C:\WINDOWS\system32\CatRoot2\edb0001A.log"
å¤±æ•—ä¸¦å‡ºç¾ç³»çµ±éŒ¯èª¤ 183 (0x000000b7): "ç•¶æª”æ¡ˆå·²å˜åœ¨æ™‚ï¼Œç„¡æ³•å»ºç«‹è©²æª”æ¡ˆã€‚ "ã€‚ ç§»å‹•æª”æ¡ˆä½œæ¥å°‡æœƒå¤±æ•—ä¸¦å‡ºç¾éŒ¯èª¤ -1022 (0xfffffc02)ã€‚

Error - 23/11/2009 12:09:24 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 413
Description = Catalog Database (1060) ç„¡æ³•å»ºç«‹æ–°çš„è¨˜éŒ„æª”æ¡ˆï¼ŒåŽŸå› æ˜¯è³‡æ–™åº«ç„¡æ³•å¯«å…¥è¨˜éŒ„ç£ç¢Ÿæ©Ÿã€
‚ç£ç¢Ÿæ©Ÿå¯èƒ½ç‚ºå”¯è®€ã€ç”¨å®Œç£ç¢Ÿç©ºé–“ã€è¨å®šéŒ¯èª¤æˆ–æå£žã€‚éŒ¯èª¤
-1022ã€‚

Error - 23/11/2009 12:09:24 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 492
Description = Catalog Database (1060) "C:\WINDOWS\system32\CatRoot2\" ä¸çš„è¨˜éŒ„æª”æ¡ˆåºåˆ—ç”±æ–¼ç™¼ç”Ÿåš´é‡éŒ¯èª¤è€Œåœæ¢ã€‚
ä½¿ç”¨æ¤è¨˜éŒ„æª”æ¡ˆåºåˆ—çš„è³‡æ–™åº«å°‡ç„¡æ³•åšé€²ä¸€æ¥çš„æ›´æ–°ã€‚è«‹ä¿®æ
£å•é¡Œç„¶å¾Œé‡æ–°å•Ÿå‹•æˆ–å¾žå‚™ä»½é‚„åŽŸã€‚

Error - 23/11/2009 12:35:42 AM | Computer Name = STEPHANIE-NC10 | Source = ESENT | ID = 454
Description = Catalog Database (840) è³‡æ–™åº«ä¿®å¾©/é‚„åŽŸå¤±æ•—ï¼Œç™¼ç”Ÿæ„å¤–éŒ¯èª¤ -551ã€‚

Error - 24/11/2009 2:12:26 AM | Computer Name = STEPHANIE-NC10 | Source = LoadPerf | ID = 3001
Description =

[ System Events ]
Error - 28/11/2009 8:13:21 AM | Computer Name = STEPHANIE-NC10 | Source = Dhcp | ID = 1002
Description = DHCP ä¼ºæœå™¨ 192.168.1.1 æ‹’çµ•ç¶²è·¯ä½å€ 00242B2E4CC2 çš„ä»‹é¢å¡çš„ IP ä½å€ç§Ÿç”¨ 192.168.1.2
(DHCP ä¼ºæœå™¨å·²å‚³é€ DHCPNACK è¨Šæ¯)ã€‚

Error - 28/11/2009 8:13:42 AM | Computer Name = STEPHANIE-NC10 | Source = W32Time | ID = 39452689
Description = æ™‚é–“æä¾›è€… NtpClient: æ‰‹å‹•çš„è¨å®šå°ç‰ 'time.windows.com,0x1' åœ¨é€²è¡Œ DNS æœå°‹æ™‚ ç™¼ç”Ÿæ„å¤–éŒ¯èª¤ã€‚
NtpClient æœƒåœ¨ 15 åˆ†é˜å…§é‡æ–°å˜—è©¦ DNS æœå°‹ã€‚ éŒ¯èª¤æ˜¯: é€šè¨Šç«¯æ“ä½œç„¡æ³•é€£ç·šåˆ°ä¸»æ©Ÿã€‚ (0x80072751)

Error - 28/11/2009 8:13:42 AM | Computer Name = STEPHANIE-NC10 | Source = W32Time | ID = 39452701
Description = æ™‚é–“æä¾›è€… NtpClient å·²ç¶“è¨å®šæˆå¾žæŸäº›æ™‚é–“ä¾†æº å–å¾—æ™‚é–“ï¼Œä¸éŽç›®å‰æ²’æœ‰å¯å˜å–çš„æ™‚é–“ä¾†æºï¼Œ å°‡å˜—è©¦åœ¨ 14 åˆ†å…§é€£çµ¡ä¸Šä¸€å€‹ä¾†æºã€‚
NTPCLIENT
æ²’æœ‰æ£ç¢ºçš„æ™‚é–“ä¾†æºã€‚

Error - 30/11/2009 6:51:12 PM | Computer Name = STEPHANIE-NC10 | Source = DCOM | ID = 10010
Description = ä¼ºæœå™¨ {8BC3F05E-D86B-11D0-A075-00C04FB68820} æ²’æœ‰åœ¨æŒ‡å®šçš„ç‰å€™é€¾æ™‚å…§ç™»éŒ„ DCOMã€‚

Error - 7/12/2009 4:16:13 AM | Computer Name = STEPHANIE-NC10 | Source = Service Control Manager | ID = 7022
Description = WebClient æœå‹™åœ¨å•Ÿå‹•æ™‚æš«åœã€‚

Error - 10/12/2009 1:12:03 AM | Computer Name = STEPHANIE-NC10 | Source = Dhcp | ID = 1002
Description = DHCP ä¼ºæœå™¨ 192.168.17.1 æ‹’çµ•ç¶²è·¯ä½å€ 00242B2E4CC2 çš„ä»‹é¢å¡çš„ IP ä½å€ç§Ÿç”¨ 192.168.1.2
(DHCP ä¼ºæœå™¨å·²å‚³é€ DHCPNACK è¨Šæ¯)ã€‚

Error - 15/12/2009 9:22:28 PM | Computer Name = STEPHANIE-NC10 | Source = DCOM | ID = 10005
Description = DCOM é‡åˆ°éŒ¯èª¤ "%1084"ï¼Œæ˜¯ç•¶å˜—è©¦å•Ÿå‹•æœå‹™ EventSystem è€Œå¼•æ•¸ç‚º ""ï¼Œ ç‚ºäº†åŸ·è¡Œä¼ºæœå™¨: {1BE1F766-5536-11D1-B726-00C04FB926AF}
ä¹‹æ™‚

Error - 15/12/2009 9:22:56 PM | Computer Name = STEPHANIE-NC10 | Source = Service Control Manager | ID = 7026
Description = ä¸‹åˆ—é–‹æ©Ÿå•Ÿå‹•æˆ–ç³»çµ±å•Ÿå‹•é©…å‹•ç¨‹å¼ç„¡æ³•è¼‰å…¥: Fips intelppm

Error - 15/12/2009 9:52:23 PM | Computer Name = STEPHANIE-NC10 | Source = DCOM | ID = 10005
Description = DCOM é‡åˆ°éŒ¯èª¤ "%1084"ï¼Œæ˜¯ç•¶å˜—è©¦å•Ÿå‹•æœå‹™ EventSystem è€Œå¼•æ•¸ç‚º ""ï¼Œ ç‚ºäº†åŸ·è¡Œä¼ºæœå™¨: {1BE1F766-5536-11D1-B726-00C04FB926AF}
ä¹‹æ™‚

Error - 15/12/2009 9:53:17 PM | Computer Name = STEPHANIE-NC10 | Source = sr | ID = 1
Description = ç³»çµ±é‚„åŽŸç¯©é¸å™¨åœ¨ç£ç¢Ÿå€ HarddiskVolume2 è™•ç†æª”æ¡ˆ æ™‚é‡åˆ°æ„å¤–éŒ¯èª¤ 0xC0000001ã€‚ç³»çµ±é‚„åŽŸå·²ç¶“åœæ¢ç›£è¦–ç£ç¢Ÿå€ã€‚

< End of report >

Tech Clinic / System Volume, USB and many other viruses

« on: December 15, 2009, 11:56:26 PM »

I think there is a problem with ComboFix right now... or is it just me? >.<

Tech Clinic / System Volume, USB and many other viruses

« on: December 15, 2009, 09:08:08 PM »

After my friend borrowed by USB to use at an internet cafe, I've experienced a lot of problems and a lot of viruses.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'

\' />

In the past few weeks I've experienced the blue screen, unable to move or do anything after starting the computer. (I had to disable avast quickly to work the computer before it froze). I reformatted C drive and I reformatted my other drive by doing right click reformat but the viruses have not gone away (or it cud be because my USB's just keep infecting the computer and the computer keeps infecting the USB)

After searching around and doing scans I think I have a virus related to system volume information and the recylce / autorun virus on the USB and a load of other viruses...

Please help me get rid of the viruses on my computer and USB! ive tried everything and its driving me crazy.

Thanks in advance!

This is the hijackthis log after i scanned using Malware Bytes.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:20:32 PM, on 16/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Stephanie\My Documents\Downloads\avast_pro_setup.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: å‚³é€åˆ° &Bluetooth è£ç½®... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe

Malwarebytes' Anti-Malware 1.42
Database version: 3371
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 6.0.2900.5512

16/12/2009 11:51:48 AM
mbam-log-2009-12-16 (11-51-48).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 154996
Time elapsed: 14 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\MADOWN (Worm.Magania) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\coolsos (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{110b50f0-4954-4300-b71d-d4de33922b3a} (Rogue.SpywareCleaner2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xp-46b2ab3f (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4 (Worm.AutoRun) -> Quarantined and deleted successfully.

Files Infected:
C:\autorun.inf (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\n1v93rqo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\comWebsite removed for spammingn (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\dp1.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aqoeerw.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comWebsite removed for spammingn (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dp1.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eAPI.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shell.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
D:\n1v93rqo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
E:\n1v93rqo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\RECY\avrun.exe (Trojan.Buzus) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{1F352EAD-9AC9-40DD-BA6E-513E4F07E039}\RP10\A0006383.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{1F352EAD-9AC9-40DD-BA6E-513E4F07E039}\RP16\A0021734.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{1F352EAD-9AC9-40DD-BA6E-513E4F07E039}\RP16\A0021737.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{1F352EAD-9AC9-40DD-BA6E-513E4F07E039}\RP5\A0000752.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{1F352EAD-9AC9-40DD-BA6E-513E4F07E039}\RP6\A0000767.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{1F352EAD-9AC9-40DD-BA6E-513E4F07E039}\RP8\A0006335.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
F:\System Volume Information\_restore{B04B49DA-EDB7-4DB2-A5D5-0BA521A8936B}\RP40\A0005065.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
G:\n1v93rqo.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\internet.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\Local Settings\Temp\E_4\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stephanie\ã€Œé–‹å§‹ã€åŠŸèƒ½è¡¨\ç¨‹å¼é›†\å•Ÿå‹•\ï¹›ï¹›ï¹›.lnk (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\internet.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\og.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\og.EDT (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\spec.fne (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ul.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\XP-46B2AB3F.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bnmkue0.dll (Spyware.OnlineGames) -> Quarantined and deleted

--
End of file - 8882 bytes

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - stephani

Tech Clinic / System Volume, USB and many other viruses

Tech Clinic / System Volume, USB and many other viruses

Tech Clinic / System Volume, USB and many other viruses

Tech Clinic / System Volume, USB and many other viruses

Tech Clinic / System Volume, USB and many other viruses