the virus/spyware/trojan or malware you are infected with.Page 1

View previous topic View next topic Go down

the virus/spyware/trojan or malware you are infected with.Page 1

Post by canhk11d on Tue May 01, 2012 6:32 am

OTL logfile created on: 5/1/2012 1:10:06 PM - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = D:\My Documents\Downloads

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.22 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 38.66% Memory free
5.50 Gb Paging File | 3.62 Gb Available in Paging File | 65.88% Paging File free
Paging file location(s): C:\pagefile.sys 2500 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.70 Gb Total Space | 28.11 Gb Free Space | 72.63% Space Free | Partition Type: FAT32
Drive D: | 77.74 Gb Total Space | 73.81 Gb Free Space | 94.94% Space Free | Partition Type: FAT32
Drive E: | 116.39 Gb Total Space | 116.11 Gb Free Space | 99.76% Space Free | Partition Type: FAT32
Drive G: | 3.76 Gb Total Space | 3.76 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: MAY0111 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/01 13:09:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL (1).com
PRC - [2012/04/30 14:35:44 | 000,664,600 | ---- | M] ((주)에브리존) -- C:\Program Files\EveryZone\TurboVaccineFree\TvProtect.exe
PRC - [2012/04/30 14:35:36 | 000,104,864 | ---- | M] (EveryZone, Inc.) -- C:\Program Files\EveryZone\TurboVaccineFree\TvSvc.exe
PRC - [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/04/04 02:30:36 | 000,603,536 | ---- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2009/07/29 11:52:50 | 000,120,504 | ---- | M] (AhnLab, Inc.) -- C:\Program Files\AhnLab\V3IS80\V3Svc.exe
PRC - [2009/07/29 11:52:22 | 000,321,208 | ---- | M] (AhnLab, Inc.) -- C:\Program Files\AhnLab\V3IS80\V3SP.exe
PRC - [2004/08/04 01:07:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/30 14:29:46 | 000,225,280 | ---- | M] () -- C:\Program Files\EveryZone\TurboVaccineFree\bdfltlib.dll
MOD - [2012/04/28 09:07:02 | 000,444,400 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/28 09:07:00 | 003,915,248 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/28 09:05:36 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/28 09:05:34 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/04/28 09:05:34 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/28 08:09:20 | 008,743,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
MOD - [2009/11/23 12:14:48 | 000,058,648 | ---- | M] () -- \\?\C:\Program Files\EveryZone\TurboVaccineFree\avxdisk.dll
MOD - [2004/08/04 01:07:00 | 000,498,205 | ---- | M] () -- C:\WINDOWS\system32\dxmasf.dll
MOD - [2004/08/04 01:07:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/04/30 14:35:36 | 000,104,864 | ---- | M] (EveryZone, Inc.) [Auto | Running] -- C:\Program Files\EveryZone\TurboVaccineFree\TvSvc.exe -- (TurboVaccine Services)
SRV - [2012/04/30 14:29:46 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Running] -- C:\Program Files\EveryZone\TurboVaccineFree\scan.dll -- (scan)
SRV - [2012/04/28 16:35:50 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/13 17:08:30 | 000,246,112 | ---- | M] () [Auto | Stopped] -- C:\Program Files\fast connect\UpdateDog\ouc.exe -- (fast connect. RunOuc)
SRV - [2012/04/07 16:26:52 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/07/29 11:52:50 | 000,120,504 | ---- | M] (AhnLab, Inc.) [Auto | Running] -- C:\Program Files\AhnLab\V3IS80\V3Svc.exe -- (V3 Service)
SRV - [2004/08/04 01:07:00 | 000,158,873 | RHS- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\lgpnndxr.dll -- (ywybdaw)
SRV - [2004/08/04 01:07:00 | 000,158,873 | RHS- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\lgpnndxr.dll -- (wrmck)
SRV - [2004/08/04 01:07:00 | 000,158,873 | RHS- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\lgpnndxr.dll -- (jzpxomih)
SRV - [2004/08/04 01:07:00 | 000,158,873 | RHS- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\lgpnndxr.dll -- (gurgony)
SRV - [2004/08/04 01:07:00 | 000,158,873 | RHS- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\lgpnndxr.dll -- (fvgeegixz)
SRV - [2004/08/04 01:07:00 | 000,158,873 | RHS- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\lgpnndxr.dll -- (fjzec)
SRV - [2004/08/04 01:07:00 | 000,158,873 | RHS- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\lgpnndxr.dll -- (ehyyqdnsl)
SRV - [2004/08/04 01:07:00 | 000,158,873 | RHS- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\lgpnndxr.dll -- (dgctttybt)
SRV - [2004/08/04 01:07:00 | 000,158,873 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\lgpnndxr.dll -- (ansvy)
SRV - [2004/08/04 01:07:00 | 000,158,873 | RHS- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\lgpnndxr.dll -- (akzsxipsi)
SRV - [2004/08/04 01:07:00 | 000,158,873 | RHS- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\lgpnndxr.dll -- (agytwj)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\NSavFlt.sys -- (NSavFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (mbbdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_mbbusbdev.sys -- (ew_mbbusbdev)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\AhnLab\V3Lite\ATamptNt.sys -- (ATamptNt_V3LITE)
DRV - [2012/04/30 14:29:48 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV - [2012/04/13 17:08:32 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/04/13 17:08:32 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/22 14:58:42 | 000,065,136 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/07/29 13:44:20 | 000,054,840 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3IS80\TFFREGNT.SYS -- (TfFRegNt)
DRV - [2009/07/29 13:43:26 | 000,028,856 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3IS80\AHAWKENT.SYS -- (TfProcNt)
DRV - [2009/07/29 12:04:30 | 000,077,688 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\V3IS80\V3Ift2k.sys -- (V3IFt2K)
DRV - [2009/07/29 12:04:18 | 000,120,568 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\V3IS80\V3Flu2k.sys -- (V3Flu2k_V3IS80)
DRV - [2009/07/29 12:04:06 | 000,154,872 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\Program Files\AhnLab\V3IS80\V3Flt2k.sys -- (V3Flt2K)
DRV - [2009/07/29 12:03:54 | 000,128,384 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\V3IS80\ISPIBENt.sys -- (ISPIBEnt)
DRV - [2009/07/29 12:03:42 | 000,077,152 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\V3IS80\ISPrxENt.sys -- (ISPrxEnt)
DRV - [2009/07/29 12:03:30 | 000,139,520 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3IS80\ISIPSENt.sys -- (ISIPSEnt)
DRV - [2009/07/29 12:03:18 | 000,143,928 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3IS80\ISFWENt.sys -- (ISFWEnt)
DRV - [2009/07/29 12:02:50 | 000,107,320 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3IS80\ATamptNt.sys -- (ATamptNt_V3IS80)
DRV - [2009/07/29 12:02:38 | 000,124,912 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\Program Files\AhnLab\V3IS80\ASZFltNt.sys -- (ASZFltNt)
DRV - [2009/07/29 12:02:26 | 000,095,608 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AMonTDNt.sys -- (AMonTDnt)
DRV - [2009/07/29 12:02:14 | 000,053,208 | ---- | M] (AhnLab, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AMonHKNT.sys -- (AMonHKnt)
DRV - [2009/07/22 02:08:34 | 000,019,608 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CdmDrvNt.sys -- (CdmDrvNt)
DRV - [2009/07/22 02:07:22 | 000,052,456 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AhnRghNt.sys -- (AhnRghNt)
DRV - [2009/07/22 02:07:18 | 000,020,464 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AhnRec2k.sys -- (AhnRec2k)
DRV - [2009/07/16 13:42:24 | 000,052,984 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AhnFlt2k.sys -- (AhnFlt2k)
DRV - [2009/06/03 01:46:30 | 000,088,504 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\AhnLab\V3IS80\AhnACtNt.sys -- (AhnActNt)
DRV - [2009/06/01 13:23:00 | 001,265,536 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ahnsze.sys -- (AhnSZE)
DRV - [2009/06/01 13:22:00 | 001,611,136 | ---- | M] (AhnLab, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\v3engine.sys -- (v3engine)
DRV - [2008/12/11 20:12:12 | 000,024,348 | R--- | M] (Compaq Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EAWDMFD.SYS -- (eawdmfd)
DRV - [2008/11/25 00:37:50 | 004,952,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 14:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search, =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5


========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = [You must be registered and logged in to see this link.]
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: T\u00ECm v\u1EDBi Google = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Stealthy = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ieaebnkibonmpbhdaanjkmedikadnoje\2.0.3_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/19 12:07:54 | 000,000,133 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [TvFree] C:\Program Files\EveryZone\TurboVaccineFree\TvFree.exe ((주)에브리존)
O4 - HKLM..\Run: [V3 Session Process] C:\Program Files\AhnLab\V3IS80\V3SP.exe (AhnLab, Inc.)
O4 - HKCU..\Run: [eDict] C:\Program Files\Bkav\eDict\eDict.exe /startup File not found
O4 - HKCU..\Run: [mtd2002Svr] C:\Program Files\mtd2002\mtdserver.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E9682E4-0216-4A4C-9048-B9A98B1E3F84}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/03 05:36:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2012/05/01 12:14:00 | 000,013,630 | RHS- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0139fbe1-90ef-11e1-a3c3-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{0139fbe1-90ef-11e1-a3c3-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0139fbe1-90ef-11e1-a3c3-50e549e5a38a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{068c7e78-6f2e-11e1-8af5-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{068c7e78-6f2e-11e1-8af5-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{068c7e78-6f2e-11e1-8af5-50e549e5a38a}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{0903a3bb-91d0-11e1-83f9-af9135b6876e}\Shell - "" = AutoRun
O33 - MountPoints2\{0903a3bb-91d0-11e1-83f9-af9135b6876e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0903a3bb-91d0-11e1-83f9-af9135b6876e}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{0a1f79e2-73c9-11e1-8b00-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{0a1f79e2-73c9-11e1-8b00-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0a1f79e2-73c9-11e1-8b00-50e549e5a38a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{3580e21a-85d0-11e1-8b2c-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{3580e21a-85d0-11e1-8b2c-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3580e21a-85d0-11e1-8b2c-50e549e5a38a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3580e21b-85d0-11e1-8b2c-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{3580e21b-85d0-11e1-8b2c-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3580e21b-85d0-11e1-8b2c-50e549e5a38a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \RECYCLER\S-2-6-13-8753515685-7035537226-224711141-5442\qgihYaBB.exe
O33 - MountPoints2\{3580e21b-85d0-11e1-8b2c-50e549e5a38a}\Shell\explore\command - "" = \RECYCLER\S-2-6-13-8753515685-7035537226-224711141-5442\qgihYaBB.exe
O33 - MountPoints2\{3580e21b-85d0-11e1-8b2c-50e549e5a38a}\Shell\Open\command - "" = \RECYCLER\S-2-6-13-8753515685-7035537226-224711141-5442\qgihYaBB.exe
O33 - MountPoints2\{3c6837d2-7fb7-11e1-8b19-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{3c6837d2-7fb7-11e1-8b19-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c6837d2-7fb7-11e1-8b19-50e549e5a38a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{46d70152-7fb8-11e1-8b1a-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{46d70152-7fb8-11e1-8b1a-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{46d70152-7fb8-11e1-8b1a-50e549e5a38a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{499847e0-7fcf-11e1-8b1b-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{499847e0-7fcf-11e1-8b1b-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{499847e0-7fcf-11e1-8b1b-50e549e5a38a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{499847e2-7fcf-11e1-8b1b-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{499847e2-7fcf-11e1-8b1b-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{499847e2-7fcf-11e1-8b1b-50e549e5a38a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{50fd18ee-7d40-11e1-8b13-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{50fd18ee-7d40-11e1-8b13-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{50fd18ee-7d40-11e1-8b13-50e549e5a38a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5100c8c2-6f35-11e1-8af7-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{5100c8c2-6f35-11e1-8af7-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5100c8c2-6f35-11e1-8af7-50e549e5a38a}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5dd53618-77c4-11e1-8b09-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{5dd53618-77c4-11e1-8b09-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5dd53618-77c4-11e1-8b09-50e549e5a38a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8f7b000a-8550-11e1-8b29-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{8f7b000a-8550-11e1-8b29-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8f7b000a-8550-11e1-8b29-50e549e5a38a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{aac21522-7594-11e1-8b06-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{aac21522-7594-11e1-8b06-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{aac21522-7594-11e1-8b06-50e549e5a38a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL \RECYCLER\S-1-5-00-0842412853-7803135058-226225513-7463\aqhsMpDW.exe
O33 - MountPoints2\{aac21522-7594-11e1-8b06-50e549e5a38a}\Shell\explore\command - "" = \RECYCLER\S-1-5-00-0842412853-7803135058-226225513-7463\aqhsMpDW.exe
O33 - MountPoints2\{aac21522-7594-11e1-8b06-50e549e5a38a}\Shell\Open\command - "" = \RECYCLER\S-1-5-00-0842412853-7803135058-226225513-7463\aqhsMpDW.exe
O33 - MountPoints2\{cf9221c8-83bd-11e1-8b25-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{cf9221c8-83bd-11e1-8b25-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cf9221c8-83bd-11e1-8b25-50e549e5a38a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f6d0ddf4-82b1-11e1-8b22-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{f6d0ddf4-82b1-11e1-8b22-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f6d0ddf4-82b1-11e1-8b22-50e549e5a38a}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{faba2c4e-8472-11e1-8b27-50e549e5a38a}\Shell - "" = AutoRun
O33 - MountPoints2\{faba2c4e-8472-11e1-8b27-50e549e5a38a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{faba2c4e-8472-11e1-8b27-50e549e5a38a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: gurgony - C:\WINDOWS\system32\lgpnndxr.dll ()
NetSvcs: jzpxomih - C:\WINDOWS\system32\lgpnndxr.dll ()
NetSvcs: ehyyqdnsl - C:\WINDOWS\system32\lgpnndxr.dll ()
NetSvcs: akzsxipsi - C:\WINDOWS\system32\lgpnndxr.dll ()
NetSvcs: fvgeegixz - C:\WINDOWS\system32\lgpnndxr.dll ()
NetSvcs: agytwj - C:\WINDOWS\system32\lgpnndxr.dll ()
NetSvcs: ywybdaw - C:\WINDOWS\system32\lgpnndxr.dll ()
NetSvcs: fjzec - C:\WINDOWS\system32\lgpnndxr.dll ()
NetSvcs: wrmck - C:\WINDOWS\system32\lgpnndxr.dll ()
NetSvcs: dgctttybt - C:\WINDOWS\system32\lgpnndxr.dll ()
NetSvcs: ansvy - C:\WINDOWS\system32\lgpnndxr.dll ()

MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: mtd2002Svr - hkey= - key= - C:\Program Files\mtd2002\mtdserver.exe ()
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 1

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Flash Player 8
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 12:24:51 | 000,733,280 | ---- | C] (Google Inc.) -- C:\Documents and Settings\Administrator\Desktop\ChromeSetup.exe
[2012/05/01 11:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AhnLab
[2012/05/01 11:33:25 | 000,095,608 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AMonTDNt.sys
[2012/05/01 11:33:25 | 000,087,688 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AMonTDLH.sys
[2012/05/01 11:33:25 | 000,053,208 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AMonHKNT.sys
[2012/05/01 11:33:25 | 000,052,456 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AhnRghNt.sys
[2012/05/01 11:33:25 | 000,019,608 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\CdmDrvNt.sys
[2012/05/01 11:33:24 | 000,052,984 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AhnFlt2k.sys
[2012/05/01 11:33:24 | 000,020,464 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\AhnRec2k.sys
[2012/05/01 11:33:22 | 000,031,384 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\V3w32se2.dll
[2012/05/01 11:33:14 | 001,265,536 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\ahnsze.sys
[2012/05/01 11:33:02 | 001,611,136 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\v3engine.sys
[2012/05/01 11:33:02 | 001,267,200 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\BTScan.exe
[2012/05/01 11:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2012/05/01 11:23:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2012/05/01 11:23:50 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2012/05/01 11:23:49 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2012/05/01 11:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/04/30 14:29:21 | 000,285,704 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2012/04/30 14:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\에브리존
[2012/04/30 14:03:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/04/30 14:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\EveryZone
[2012/04/29 15:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\i-Connect HSPA USB Modem
[2012/04/29 10:39:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/04/29 10:24:45 | 000,081,987 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\AUCPLMNT.DLL
[2012/04/28 16:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\searchquband
[2012/04/28 16:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\AppData
[2012/04/27 06:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/04/26 11:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RapidTyping
[2012/04/26 11:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\RapidTyping
[2012/04/26 11:56:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012/04/26 09:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RapidTyping
[2012/04/26 09:27:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ilivid Player
[2012/04/23 14:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\eDict
[2012/04/23 14:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bkav
[2012/04/23 12:17:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WinZip
[2012/04/23 12:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/04/23 12:16:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/04/23 12:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/04/15 10:42:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
[2012/04/15 10:42:19 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/15 10:42:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/04/15 10:42:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/04/15 10:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/04/14 17:10:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AhnLab
[2012/04/14 16:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2012/04/14 16:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2012/04/13 17:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\fast connect
[2012/04/13 17:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fast connect
[2012/04/13 17:08:42 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2012/04/13 17:08:35 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2012/04/13 17:08:35 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01007.dll
[2012/04/13 17:08:35 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2012/04/13 17:08:35 | 000,090,368 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2012/04/13 17:08:35 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2012/04/13 17:08:35 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2012/04/13 17:08:35 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccid.sys
[2012/04/13 17:08:35 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2012/04/13 17:08:35 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2012/04/13 17:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\fast connect
[2012/04/13 11:10:34 | 000,000,000 | ---D | C] -- D:\My Documents\AutoCAD Sheet Sets
[2012/04/13 10:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2012/04/13 08:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Report for Email
[2012/04/11 17:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\D-com 3G
[2012/04/11 17:05:57 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2012/04/11 17:05:43 | 000,000,000 | ---D | C] -- C:\Program Files\D-com 3G
[2012/04/11 15:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/04/11 15:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/04/10 09:09:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\3week
[2012/04/10 09:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AhnLab
[2012/04/10 09:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\AhnLab
[2012/04/10 09:05:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AhnLab
[2012/04/09 18:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ECRSC
[2012/04/09 18:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ECRSC
[2012/04/09 18:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ESTsoft
[2012/04/09 18:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESTsoft
[2012/04/09 18:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\이스트소프트
[2012/04/09 17:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Naver
[2012/04/09 17:34:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/04/09 17:34:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Naver
[2012/04/09 17:34:41 | 000,000,000 | ---D | C] -- C:\Program Files\Naver
[2012/04/07 16:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\AnswerWorks 4.0
[2012/04/07 16:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/04/07 16:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Autodesk
[2012/04/07 16:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2012/04/07 16:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2007
[2012/04/07 16:20:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk
[2012/04/07 16:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2012/04/07 16:20:12 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2012/04/07 16:19:21 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/04/07 16:19:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/04/07 16:19:05 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/04/07 16:18:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2012/04/01 16:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\email
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/01 12:53:16 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/05/01 12:53:16 | 000,002,232 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/01 12:30:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/01 12:25:02 | 000,733,280 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Desktop\ChromeSetup.exe
[2012/05/01 11:33:32 | 000,001,529 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AhnLab V3 Internet Security 8.0.lnk
[2012/05/01 11:27:24 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/01 06:59:46 | 000,392,626 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/01 06:59:46 | 000,058,800 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/01 06:55:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/30 17:26:40 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2012/04/30 17:24:20 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Excel 2007.lnk
[2012/04/30 16:57:02 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1770027372-725345543-500Core.job
[2012/04/30 15:18:40 | 000,000,116 | ---- | M] () -- C:\WINDOWS\EZTools.ini
[2012/04/30 15:05:32 | 000,512,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/30 14:44:56 | 000,900,058 | ---- | M] () -- D:\My Documents\Mr Hoya0003.jpg
[2012/04/30 14:44:56 | 000,814,499 | ---- | M] () -- D:\My Documents\Mr Hoya0004.jpg
[2012/04/30 14:44:54 | 000,467,895 | ---- | M] () -- D:\My Documents\Mr Hoya0001.jpg
[2012/04/30 14:44:54 | 000,280,407 | ---- | M] () -- D:\My Documents\Mr Hoya0002.jpg
[2012/04/30 14:29:48 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys
[2012/04/30 14:29:22 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\터보백신 프리.lnk
[2012/04/30 14:12:56 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/30 10:22:26 | 001,745,691 | ---- | M] () -- D:\My Documents\THU1.jpg
[2012/04/30 10:15:18 | 001,769,832 | ---- | M] () -- D:\My Documents\THU.jpg
[2012/04/30 10:14:02 | 001,741,587 | ---- | M] () -- D:\My Documents\vinh.jpg
[2012/04/30 09:49:54 | 005,067,775 | ---- | M] () -- D:\My Documents\old draw.pdf
[2012/04/30 09:38:36 | 001,152,955 | ---- | M] () -- D:\My Documents\draw0004.jpg
[2012/04/30 09:38:36 | 001,024,075 | ---- | M] () -- D:\My Documents\draw0005.jpg
[2012/04/30 09:38:34 | 001,407,488 | ---- | M] () -- D:\My Documents\draw0001.jpg
[2012/04/30 09:38:34 | 001,323,262 | ---- | M] () -- D:\My Documents\draw0002.jpg
[2012/04/30 09:38:34 | 001,004,326 | ---- | M] () -- D:\My Documents\draw0003.jpg
[2012/04/28 16:35:50 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/04/28 16:35:50 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/04/28 08:11:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/27 16:26:02 | 000,170,492 | ---- | M] () -- D:\My Documents\vinh1.jpg
[2012/04/25 11:23:36 | 000,195,496 | ---- | M] () -- D:\My Documents\vo vinh 2.jpg
[2012/04/25 11:16:02 | 000,220,448 | ---- | M] () -- D:\My Documents\vo vinh.jpg
[2012/04/24 01:00:00 | 000,079,360 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/04/23 12:16:56 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/04/21 16:23:24 | 000,000,543 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LAC VIET mtd2002-EVA.lnk
[2012/04/21 13:40:04 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\UniKey.lnk
[2012/04/21 13:40:04 | 000,000,612 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\UniKey.lnk
[2012/04/18 16:04:58 | 000,776,105 | ---- | M] () -- D:\My Documents\Scan0004.jpg
[2012/04/15 10:42:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/13 17:09:00 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\fast connect.lnk
[2012/04/13 17:08:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012/04/13 17:08:46 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/04/13 17:08:32 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
[2012/04/13 17:08:32 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01007.dll
[2012/04/13 17:08:32 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys
[2012/04/13 17:08:32 | 000,090,368 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys
[2012/04/13 17:08:32 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys
[2012/04/13 17:08:32 | 000,064,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys
[2012/04/13 17:08:32 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccid.sys
[2012/04/13 17:08:32 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys
[2012/04/13 17:08:32 | 000,019,200 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwupgrade.sys
[2012/04/13 17:08:32 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys
[2012/04/12 17:28:26 | 000,911,013 | ---- | M] () -- D:\My Documents\cmt phong.jpg
[2012/04/12 09:21:40 | 000,005,976 | ---- | M] () -- D:\My Documents\anh vo.jpg
[2012/04/11 17:06:14 | 000,000,540 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\D-com 3G.lnk
[2012/04/11 15:45:36 | 000,000,043 | ---- | M] () -- C:\WINDOWS\directx.sys
[2012/04/11 08:07:30 | 000,000,522 | ---- | M] () -- C:\WINDOWS\System32\ayboot.ini
[2012/04/07 16:26:40 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2012/04/07 16:26:40 | 000,001,600 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2007.lnk
[2012/04/02 10:40:16 | 000,286,454 | ---- | M] () -- D:\My Documents\Scan0003.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/01 11:33:31 | 000,001,529 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AhnLab V3 Internet Security 8.0.lnk
[2012/05/01 11:23:50 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/05/01 11:23:50 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/05/01 11:23:50 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2012/05/01 11:23:49 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/05/01 11:23:48 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/04/30 15:16:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\EZTools.ini
[2012/04/30 14:44:54 | 000,814,499 | ---- | C] () -- D:\My Documents\Mr Hoya0004.jpg
[2012/04/30 14:44:53 | 000,900,058 | ---- | C] () -- D:\My Documents\Mr Hoya0003.jpg
[2012/04/30 14:44:53 | 000,467,895 | ---- | C] () -- D:\My Documents\Mr Hoya0001.jpg
[2012/04/30 14:44:53 | 000,280,407 | ---- | C] () -- D:\My Documents\Mr Hoya0002.jpg
[2012/04/30 14:29:21 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\터보백신 프리.lnk
[2012/04/30 10:22:24 | 001,745,691 | ---- | C] () -- D:\My Documents\THU1.jpg
[2012/04/30 10:15:15 | 001,769,832 | ---- | C] () -- D:\My Documents\THU.jpg
[2012/04/30 09:49:48 | 005,067,775 | ---- | C] () -- D:\My Documents\old draw.pdf
[2012/04/30 09:38:34 | 001,024,075 | ---- | C] () -- D:\My Documents\draw0005.jpg
[2012/04/30 09:38:33 | 001,323,262 | ---- | C] () -- D:\My Documents\draw0002.jpg
[2012/04/30 09:38:33 | 001,152,955 | ---- | C] () -- D:\My Documents\draw0004.jpg
[2012/04/30 09:38:33 | 001,004,326 | ---- | C] () -- D:\My Documents\draw0003.jpg
[2012/04/30 09:38:32 | 001,407,488 | ---- | C] () -- D:\My Documents\draw0001.jpg
[2012/04/27 16:26:00 | 000,170,492 | ---- | C] () -- D:\My Documents\vinh1.jpg
[2012/04/27 16:25:00 | 001,741,587 | ---- | C] () -- D:\My Documents\vinh.jpg
[2012/04/25 11:23:35 | 000,195,496 | ---- | C] () -- D:\My Documents\vo vinh 2.jpg
[2012/04/25 11:16:01 | 000,220,448 | ---- | C] () -- D:\My Documents\vo vinh.jpg
[2012/04/23 12:16:53 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2012/04/21 16:23:22 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LAC VIET mtd2002-EVA.lnk
[2012/04/21 13:40:03 | 000,000,612 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\UniKey.lnk
[2012/04/18 16:04:57 | 000,776,105 | ---- | C] () -- D:\My Documents\Scan0004.jpg
[2012/04/15 10:42:20 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/14 16:53:29 | 000,002,254 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/04/14 16:53:29 | 000,002,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/14 16:52:59 | 000,001,046 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1770027372-725345543-500Core.job
[2012/04/13 17:08:58 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\fast connect.lnk
[2012/04/13 17:08:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012/04/13 17:08:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/04/12 17:28:24 | 000,911,013 | ---- | C] () -- D:\My Documents\cmt phong.jpg
[2012/04/12 09:21:39 | 000,005,976 | ---- | C] () -- D:\My Documents\anh vo.jpg
[2012/04/11 17:06:12 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\D-com 3G.lnk
[2012/04/09 18:23:04 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\ayboot.ini
[2012/04/07 16:26:39 | 000,001,859 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
[2012/04/07 16:26:39 | 000,001,600 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AutoCAD 2007.lnk
[2012/04/02 10:40:14 | 000,286,454 | ---- | C] () -- D:\My Documents\Scan0003.jpg
[2012/03/27 16:06:50 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/16 00:11:35 | 000,000,043 | ---- | C] () -- C:\WINDOWS\directx.sys
[2012/03/15 23:36:11 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2012/03/15 23:36:11 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/05/01 12:25:02 | 000,733,280 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Desktop\ChromeSetup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2004/08/04 01:07:00 | 000,158,873 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\lgpnndxr.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2003/01/03 05:23:14 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2003/01/03 05:30:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2003/01/03 05:30:14 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2003/01/03 05:30:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2003/01/03 05:30:52 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2003/01/03 05:31:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2003/01/03 05:31:06 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2003/01/03 05:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2003/01/03 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2003/01/03 05:32:46 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2003/01/03 05:32:48 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2003/01/03 05:32:58 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2003/01/03 05:34:12 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2003/01/03 05:37:26 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2003/01/03 05:37:26 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2003/01/03 05:48:00 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2012/03/15 23:37:48 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2012/03/16 00:02:04 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2012/03/16 00:05:32 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/03/16 00:07:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2012/03/16 00:07:06 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2012/03/16 00:07:08 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2012/03/16 00:12:42 | 000,000,000 | ---D | M] -- C:\Program Files\UniKey
[2012/03/16 00:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2012/03/16 12:33:08 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2012/03/16 12:37:46 | 000,000,000 | ---D | M] -- C:\Program Files\mtd2002
[2012/03/19 06:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Download Manager
[2012/04/07 09:11:14 | 000,000,000 | ---D | M] -- C:\Program Files\GUM119.tmp
[2012/04/07 16:23:20 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2007
[2012/04/07 16:26:26 | 000,000,000 | ---D | M] -- C:\Program Files\AnswerWorks 4.0
[2012/04/09 17:34:42 | 000,000,000 | ---D | M] -- C:\Program Files\Naver
[2012/04/10 09:05:36 | 000,000,000 | ---D | M] -- C:\Program Files\AhnLab
[2012/04/11 15:45:46 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2012/04/11 17:05:44 | 000,000,000 | ---D | M] -- C:\Program Files\D-com 3G
[2012/04/13 17:08:28 | 000,000,000 | ---D | M] -- C:\Program Files\fast connect
[2012/04/15 10:41:18 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2012/04/23 12:16:48 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2012/04/23 14:41:42 | 000,000,000 | ---D | M] -- C:\Program Files\Bkav
[2012/04/29 15:18:58 | 000,000,000 | ---D | M] -- C:\Program Files\i-Connect HSPA USB Modem
[2012/04/30 14:02:34 | 000,000,000 | ---D | M] -- C:\Program Files\EveryZone
[2012/05/01 11:23:46 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack

< MD5 for: AGP440.SYS >
[2004/08/04 01:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 01:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/08/04 01:07:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2004/08/04 01:07:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/04 01:07:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/04 01:07:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/04 01:07:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004/08/03 17:07:00 | 000,093,184 | ---- | M] (Microsoft Corporation)





canhk11d
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2012-05-01
OS OS : win XP
Points Points : 16838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: the virus/spyware/trojan or malware you are infected with.Page 1

Post by canhk11d on Tue May 01, 2012 6:34 am

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/04 01:07:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/04 01:07:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/04 01:07:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004/08/03 17:07:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chrome.exe\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe" [2012/04/28 09:07:04 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2004/08/04 01:07:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2004/08/04 01:07:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2004/08/04 01:07:00 | 000,042,496 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2004/08/03 17:07:00 | 000,093,184 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2012/04/13 11:14:50 | 000,075,776 | ---- | M] ()(D:\My Documents\B?ng s?.xls) -- D:\My Documents\Bảng số.xls
[2012/04/13 11:14:40 | 000,075,776 | ---- | C] ()(D:\My Documents\B?ng s?.xls) -- D:\My Documents\Bảng số.xls
[2012/03/22 09:46:14 | 000,501,395 | ---- | M] ()(D:\My Documents\Khch s?n Vi?t Nh?t Mng Ci.docx) -- D:\My Documents\Khch sạn Việt Nhật Mng Ci.docx
[2012/03/22 09:46:12 | 000,501,395 | ---- | C] ()(D:\My Documents\Khch s?n Vi?t Nh?t Mng Ci.docx) -- D:\My Documents\Khch sạn Việt Nhật Mng Ci.docx

< End of report >

canhk11d
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2012-05-01
OS OS : win XP
Points Points : 16838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: the virus/spyware/trojan or malware you are infected with.Page 1

Post by canhk11d on Tue May 01, 2012 6:35 am

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-01 13:15:45

-----------------------------
13:15:45.640 OS Version: Windows 5.1.2600 Service Pack 2
13:15:45.640 Number of processors: 2 586 0x170A
13:15:45.703 ComputerName: MAY0111 UserName:
13:15:46.703 Initialize success
13:15:59.250 AVAST engine download error: 0
13:16:05.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:16:05.515 Disk 0 Vendor: WDC_WD2500AAKX-001CA0 15.01H15 Size: 238475MB BusType: 3
13:16:05.531 Disk 0 MBR read successfully
13:16:05.531 Disk 0 MBR scan
13:16:05.531 Disk 0 unknown MBR code
13:16:05.546 Disk 0 Partition 1 80 (A) 0C FAT32 LBA MSWIN4.1 39636 MB offset 63
13:16:05.546 Disk 0 Partition - 00 0F Extended LBA 198835 MB offset 81176445
13:16:05.578 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 79626 MB offset 81176508
13:16:05.578 Disk 0 Partition - 00 05 Extended 119208 MB offset 244252260
13:16:05.609 Disk 0 Partition 3 00 0B FAT32 MSWIN4.1 119208 MB offset 244252323
13:16:05.640 Disk 0 scanning sectors +488392065
13:16:05.796 Disk 0 scanning C:\WINDOWS\system32\drivers
13:16:09.500 Service scanning
13:16:15.781 Modules scanning
13:16:29.609 Disk 0 trace - called modules:
13:16:29.625 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
13:16:29.625 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aeb7ab8]
13:16:29.625 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\00000061[0x8aebc160]
13:16:29.625 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aec3940]
13:16:29.625 Scan finished successfully
13:16:43.421 Disk 0 MBR has been saved successfully to "D:\My Documents\Downloads\MBR.dat"
13:16:43.437 The log file has been saved successfully to "D:\My Documents\Downloads\aswMBR.txt"


canhk11d
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2012-05-01
OS OS : win XP
Points Points : 16838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: the virus/spyware/trojan or malware you are infected with.Page 1

Post by canhk11d on Tue May 01, 2012 6:55 am

OTL Extras logfile created on: 5/1/2012 1:05:16 PM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = D:\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.22 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 37.15% Memory free
5.50 Gb Paging File | 3.59 Gb Available in Paging File | 65.28% Paging File free
Paging file location(s): C:\pagefile.sys 2500 3500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.70 Gb Total Space | 28.10 Gb Free Space | 72.63% Space Free | Partition Type: FAT32
Drive D: | 77.74 Gb Total Space | 73.81 Gb Free Space | 94.94% Space Free | Partition Type: FAT32
Drive E: | 116.39 Gb Total Space | 116.11 Gb Free Space | 99.76% Space Free | Partition Type: FAT32
Drive G: | 3.76 Gb Total Space | 3.76 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: MAY0111 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5325:TCP" = 5325:TCP:*:Enabled:cgyigmb

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\HP Officejet 7500 E910\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet 7500 E910\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Program Files\Naver\NaverVaccine\NVC.npc" = C:\Program Files\Naver\NaverVaccine\NVC.npc:*:Enabled:NaverVaccine
"C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye" = C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye:*:Enabled:ALYac
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\EveryZone\TurboVaccineFree\TvFUp.exe" = C:\Program Files\EveryZone\TurboVaccineFree\TvFUp.exe:*:Enabled:TvFUp -- ((주)에브리존)
"C:\Program Files\EveryZone\TurboVaccineFree\TvFUpdate.exe" = C:\Program Files\EveryZone\TurboVaccineFree\TvFUpdate.exe:*:Enabled:TvFUpdate -- ((주)에브리존)
"C:\Program Files\EveryZone\TurboVaccineFree\TvFCount.exe" = C:\Program Files\EveryZone\TurboVaccineFree\TvFCount.exe:*:Enabled:TvFCount -- ((주)에브리존)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24DC9885-E759-4BD2-8A20-D4AC509A7FDE}" = HP Officejet 7500 E910 Help
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{634FA727-B731-4204-AADC-D6F34F41374F}" = HP Officejet 7500 E910 Basic Device Software
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{AF8267C6_8886_4cfd_AAC7_48BCB879743F}" = AhnLab V3 Internet Security 8.0
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D2}" = WinZip 16.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"터보백신 프리" = 터보백신 프리
"D-com 3G" = D-com 3G
"ENTERPRISE" = Microsoft Office Enterprise 2007
"fast connect" = fast connect
"Foxit Reader_is1" = Foxit Reader 5.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.7.0
"LAC VIET mtd2002-EVA_is1" = Uninstall LAC VIET mtd2002-EVA
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"UniKey" = UniKey 4.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/30/2012 3:17:13 AM | Computer Name = MAY0111 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 5/1/2012 12:58:42 AM | Computer Name = MAY0111 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server name or address could not be resolved

Error - 5/1/2012 1:13:32 AM | Computer Name = MAY0111 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server name or address could not be resolved

Error - 5/1/2012 1:13:34 AM | Computer Name = MAY0111 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 5/1/2012 1:13:34 AM | Computer Name = MAY0111 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 5/1/2012 1:55:46 AM | Computer Name = MAY0111 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server name or address could not be resolved

Error - 5/1/2012 1:55:46 AM | Computer Name = MAY0111 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 5/1/2012 1:55:46 AM | Computer Name = MAY0111 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 5/1/2012 1:55:59 AM | Computer Name = MAY0111 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 5/1/2012 1:55:59 AM | Computer Name = MAY0111 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

[ System Events ]
Error - 4/20/2012 3:01:39 AM | Computer Name = MAY0111 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{5E9682E4-0216-4A4C-9048-B9A98B1E3F84}. The
backup browser is stopping.

Error - 4/20/2012 6:34:29 AM | Computer Name = MAY0111 | Source = Service Control Manager | ID = 7023
Description = The Universal Helper service terminated with the following error:
%%126

Error - 4/20/2012 6:34:29 AM | Computer Name = MAY0111 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the fast connect. OUC service
to connect.

Error - 4/20/2012 6:34:29 AM | Computer Name = MAY0111 | Source = Service Control Manager | ID = 7000
Description = The fast connect. OUC service failed to start due to the following
error: %%1053

Error - 4/20/2012 6:34:29 AM | Computer Name = MAY0111 | Source = Service Control Manager | ID = 7000
Description = The NSavFlt service failed to start due to the following error: %%2

Error - 4/20/2012 10:00:34 PM | Computer Name = MAY0111 | Source = Service Control Manager | ID = 7023
Description = The Universal Helper service terminated with the following error:
%%126

Error - 4/20/2012 10:00:34 PM | Computer Name = MAY0111 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the fast connect. OUC service
to connect.

Error - 4/20/2012 10:00:34 PM | Computer Name = MAY0111 | Source = Service Control Manager | ID = 7000
Description = The fast connect. OUC service failed to start due to the following
error: %%1053

Error - 4/20/2012 10:00:34 PM | Computer Name = MAY0111 | Source = Service Control Manager | ID = 7000
Description = The NSavFlt service failed to start due to the following error: %%2

Error - 4/21/2012 2:22:48 AM | Computer Name = MAY0111 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
MICROSOFT that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{5E9682E4-0216-4A4C. The master browser is stopping or an election is
being forced.


< End of report >

canhk11d
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2012-05-01
OS OS : win XP
Points Points : 16838
# Likes # Likes : 0

View user profile

Back to top Go down

Re: the virus/spyware/trojan or malware you are infected with.Page 1

Post by Dr Jay on Tue May 01, 2012 8:52 am

Hello!

After analyzing the logs, I felt we should run this tool first:

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13713
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302069
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum