Reference the opera problem - it may be to do with the mail/rss feed updating at the same time
There is a little tip here about that
booting to the user selection but then computer freezes [Solved]
Started by
olbo
, Apr 27 2010 11:53 AM
-
This topic is locked
#16
Posted 02 May 2010 - 05:58 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Reference the opera problem - it may be to do with the mail/rss feed updating at the same time
There is a little tip here about that
#17
Posted 02 May 2010 - 06:09 AM
olbo
- Topic Starter
-
- Member
-
- 24 posts
Member
OTL results:
OTL logfile created on: 02/05/2010 19:51:06 - Run 3
OTL by OldTimer - Version 3.2.3.1 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1 015,00 Mb Total Physical Memory | 446,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43,70 Gb Total Space | 1,39 Gb Free Space | 3,17% Space Free | Partition Type: FAT32
Drive D: | 29,04 Gb Total Space | 0,25 Gb Free Space | 0,86% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-11EDA4279C
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/02 19:38:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\acovcnt.exe
PRC - [2010/04/30 17:23:12 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2009/08/06 16:29:34 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/10 21:37:42 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 13:08:48 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/19 01:07:04 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/04/14 08:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/24 10:41:18 | 000,086,016 | ---- | M] ( iPassion Technology Inc.) -- C:\WINDOWS\iPScan.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/08/02 00:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/08/02 00:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/06/01 14:02:54 | 000,491,520 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
PRC - [2006/05/03 11:05:00 | 000,055,808 | R--- | M] (Cognizance Corporation) -- c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
PRC - [2006/04/17 10:24:30 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006/04/01 09:37:00 | 002,170,880 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2006/03/14 07:30:16 | 000,593,920 | ---- | M] (Infineon Technologies AG) -- c:\Program Files\Infineon\Security Platform Software\SpTNA.exe
PRC - [2006/03/10 08:41:42 | 000,131,072 | ---- | M] (Infineon Technologies AG) -- c:\Program Files\Infineon\Security Platform Software\PSDrt.exe
PRC - [2006/02/21 19:36:52 | 000,017,920 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2005/11/29 11:51:04 | 000,099,872 | ---- | M] (Infineon Technologies AG) -- c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
PRC - [2005/10/17 17:09:34 | 000,987,136 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2005/07/06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe
PRC - [2002/10/16 21:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
========== Modules (SafeList) ==========
MOD - [2010/04/30 17:23:12 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2008/07/25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2006/05/17 16:39:26 | 000,028,672 | ---- | M] () -- C:\Program Files\ASUS\Asus MultiFrame\HookTitle.dll
MOD - [2005/10/17 03:03:00 | 000,052,736 | R--- | M] (Cognizance Corporation) -- C:\WINDOWS\system32\APSHook.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/08/06 16:29:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/10 21:37:42 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/03/06 02:36:00 | 000,132,096 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)
SRV - [2005/11/29 11:51:04 | 000,099,872 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE -- (PersonalSecureDriveService)
SRV - [2002/10/16 21:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper)
========== Driver Services (SafeList) ==========
DRV - [2009/12/08 01:36:00 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/10 21:37:42 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:08 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/14 10:51:44 | 000,014,232 | ---- | M] (www.ISRA.org.cn) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ProtectorA.sys -- (ProtectorA)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/17 19:22:02 | 000,242,432 | ---- | M] (iPassion Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iP293x.SYS -- (DCamUSBTP10)
DRV - [2008/04/14 02:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/08/29 08:10:34 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/26 10:39:32 | 001,707,776 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/05/25 12:40:58 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/05/16 19:14:00 | 000,017,840 | R--- | M] (Cognizance Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\itsdisk.sys -- (ItSDisk)
DRV - [2006/02/08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/31 18:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/01/24 10:45:56 | 000,034,944 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipswuio.sys -- (ipswuio)
DRV - [2005/12/14 17:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/11/29 11:50:58 | 000,036,768 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2005/11/24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/16 09:08:16 | 000,078,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005/11/11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/21 04:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/09/30 10:34:10 | 000,310,016 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/17 11:01:50 | 000,028,672 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/09/14 12:45:24 | 000,050,560 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/08/18 08:26:14 | 000,138,752 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/02/17 16:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 75 37 B8 79 62 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/20 00:37:10 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/04/30 17:12:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Value error. File not found
O2 - BHO: (BOC ProcessProtect Class) - {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - C:\WINDOWS\system32\ProcessProtection.dll (www.ISRA.org.cn)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Infineon Technologies AG)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.EXE (ASYSTeK Computer INC.)
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iPPCamScan] C:\WINDOWS\iPScan.exe ( iPassion Technology Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiFrame.lnk = C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: bankofchina.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: boc.cn ([ebs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: boc.cn ([www] http in Trusted sites)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...b?1271227136156 (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 219.141.140.10 202.106.196.115
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\OneCard: DllName - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/23 19:37:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/03/23 19:19:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (5319299816226816)
========== Files/Folders - Created Within 90 Days ==========
[2010/04/30 23:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\X-Lite
[2010/04/30 17:26:20 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/04/30 17:22:58 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/04/29 23:40:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/29 23:38:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/29 23:38:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/29 23:38:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/29 23:38:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/29 23:37:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/29 23:24:42 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/04/15 23:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CounterPath
[2010/04/14 14:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Facebook
[2010/03/30 20:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\bj
========== Files - Modified Within 90 Days ==========
[2010/05/02 19:38:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\acovcnt.exe
[2010/05/02 19:37:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/02 19:37:10 | 1064,587,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/02 19:37:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/02 15:57:24 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/05/02 15:57:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/05/02 15:56:42 | 004,825,046 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2010/05/02 12:12:56 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{090F85ED-A099-4AB2-8E2A-DCD984B0D929}.job
[2010/04/30 17:23:12 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/04/30 17:12:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/30 16:17:12 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/04/30 12:21:54 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/30 00:05:52 | 000,002,181 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2010/04/29 23:40:14 | 000,000,319 | RHS- | M] () -- C:\boot.ini
[2010/04/29 23:30:48 | 000,175,616 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 12:47:38 | 003,923,257 | R--- | M] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2010/04/27 02:01:56 | 000,000,250 | ---- | M] () -- C:\Boot.bak
[2010/04/27 01:01:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/26 15:58:14 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/17 00:23:46 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\user\PUTTY.RND
[2010/04/16 14:00:02 | 000,414,720 | ---- | M] () -- C:\Documents and Settings\user\Desktop\RESUME.doc
[2010/04/15 23:26:42 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\user\Desktop\X-Lite.lnk
[2010/04/15 22:46:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3343283159-1345008455-2348356966-1005Core1cac6a9790dd6c.job
[2010/04/15 01:34:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/22 18:41:48 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\user\Desktop\-Chinese011.doc
========== Files Created - No Company Name ==========
[2010/05/02 10:57:28 | 1064,587,264 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/30 17:13:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe
[2010/04/29 23:40:12 | 000,000,250 | ---- | C] () -- C:\Boot.bak
[2010/04/29 23:40:10 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/29 23:38:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/29 23:38:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/29 23:38:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/29 23:38:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/29 23:38:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/29 23:27:44 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\user\Desktop\avenger.exe
[2010/04/29 23:27:41 | 003,923,257 | R--- | C] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2010/04/27 02:01:55 | 000,000,319 | RHS- | C] () -- C:\boot.ini
[2010/04/16 14:00:00 | 000,414,720 | ---- | C] () -- C:\Documents and Settings\user\Desktop\RESUME.doc
[2010/03/22 18:28:24 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\user\Desktop\-Chinese011.doc
[2010/03/18 22:41:01 | 000,001,090 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3343283159-1345008455-2348356966-1005Core1cac6a9790dd6c.job
[2009/12/26 14:04:18 | 000,032,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\Protector.sys
[2009/02/21 00:01:23 | 000,000,167 | ---- | C] () -- C:\WINDOWS\usdthank.ini
[2009/02/21 00:01:23 | 000,000,031 | ---- | C] () -- C:\WINDOWS\idc.ini
[2008/06/13 03:08:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/03/26 21:54:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\ASUS_1280x1024_black.ini
[2008/03/23 20:19:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/23 19:54:08 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/03/23 19:41:15 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008/03/23 19:04:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.INI
[2008/03/23 19:04:30 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/04/03 15:30:00 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\scardsyn.dll
[2004/08/19 10:07:40 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2004/08/19 10:07:40 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[1998/05/06 20:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
========== LOP Check ==========
[2008/03/23 20:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2009/02/28 14:16:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E33597A3-E995-4DA4-A3A0-F1775979A8E0}
[2009/02/28 14:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/04 18:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/04/04 18:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/15 23:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CounterPath
[2008/03/23 20:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Infineon
[2008/04/14 23:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Asus
[2008/07/05 23:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2009/04/04 18:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nokia
[2009/04/04 18:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PC Suite
[2009/05/22 17:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FFSJ
[2010/01/02 11:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Skydur
[2010/04/14 14:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Facebook
[2010/05/02 12:12:56 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{090F85ED-A099-4AB2-8E2A-DCD984B0D929}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/21 22:57:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/08/21 22:57:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/21 22:57:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/21 22:57:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 08:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 08:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 08:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/03/23 19:29:54 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2008/03/23 19:29:54 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/03/23 19:29:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/11 20:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2010/02/24 21:11:08 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
========== Files - Unicode (All) ==========
[2010/03/25 23:14:18 | 000,000,018 | ---- | M] ()(C:\Documents and Settings\user\Desktop\?????.txt) -- C:\Documents and Settings\user\Desktop\新文字文件.txt
[2010/03/22 18:28:31 | 000,000,018 | ---- | C] ()(C:\Documents and Settings\user\Desktop\?????.txt) -- C:\Documents and Settings\user\Desktop\新文字文件.txt
< End of report >
is [2010/04/30 17:13:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe an issue ?
OTL logfile created on: 02/05/2010 19:51:06 - Run 3
OTL by OldTimer - Version 3.2.3.1 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
1 015,00 Mb Total Physical Memory | 446,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43,70 Gb Total Space | 1,39 Gb Free Space | 3,17% Space Free | Partition Type: FAT32
Drive D: | 29,04 Gb Total Space | 0,25 Gb Free Space | 0,86% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: YOUR-11EDA4279C
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/05/02 19:38:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\acovcnt.exe
PRC - [2010/04/30 17:23:12 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
PRC - [2009/08/06 16:29:34 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/10 21:37:42 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 13:08:48 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/19 01:07:04 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/04/14 08:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/24 10:41:18 | 000,086,016 | ---- | M] ( iPassion Technology Inc.) -- C:\WINDOWS\iPScan.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/08/02 00:38:30 | 000,802,816 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/08/02 00:32:44 | 000,696,320 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/06/01 14:02:54 | 000,491,520 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
PRC - [2006/05/03 11:05:00 | 000,055,808 | R--- | M] (Cognizance Corporation) -- c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
PRC - [2006/04/17 10:24:30 | 000,110,592 | ---- | M] () -- C:\WINDOWS\ATK0100\HControl.exe
PRC - [2006/04/01 09:37:00 | 002,170,880 | ---- | M] () -- C:\WINDOWS\ATK0100\ATKOSD.exe
PRC - [2006/03/14 07:30:16 | 000,593,920 | ---- | M] (Infineon Technologies AG) -- c:\Program Files\Infineon\Security Platform Software\SpTNA.exe
PRC - [2006/03/10 08:41:42 | 000,131,072 | ---- | M] (Infineon Technologies AG) -- c:\Program Files\Infineon\Security Platform Software\PSDrt.exe
PRC - [2006/02/21 19:36:52 | 000,017,920 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2005/11/29 11:51:04 | 000,099,872 | ---- | M] (Infineon Technologies AG) -- c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE
PRC - [2005/10/17 17:09:34 | 000,987,136 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2005/07/06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe
PRC - [2002/10/16 21:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
========== Modules (SafeList) ==========
MOD - [2010/04/30 17:23:12 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
MOD - [2008/07/25 11:17:20 | 000,635,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2006/05/17 16:39:26 | 000,028,672 | ---- | M] () -- C:\Program Files\ASUS\Asus MultiFrame\HookTitle.dll
MOD - [2005/10/17 03:03:00 | 000,052,736 | R--- | M] (Cognizance Corporation) -- C:\WINDOWS\system32\APSHook.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/08/06 16:29:34 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/10 21:37:42 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/08/02 00:39:20 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/08/02 00:31:22 | 000,937,984 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/08/02 00:24:22 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/03/06 02:36:00 | 000,132,096 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)
SRV - [2005/11/29 11:51:04 | 000,099,872 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- c:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE -- (PersonalSecureDriveService)
SRV - [2002/10/16 21:56:00 | 000,176,128 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\DiskeeperLite\DKService.exe -- (Diskeeper)
========== Driver Services (SafeList) ==========
DRV - [2009/12/08 01:36:00 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/10 21:37:42 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/30 10:33:08 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:06 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/14 10:51:44 | 000,014,232 | ---- | M] (www.ISRA.org.cn) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ProtectorA.sys -- (ProtectorA)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/17 19:22:02 | 000,242,432 | ---- | M] (iPassion Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iP293x.SYS -- (DCamUSBTP10)
DRV - [2008/04/14 02:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:36:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/08/29 08:10:34 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/08/02 01:27:48 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/07/26 10:39:32 | 001,707,776 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/05/25 12:40:58 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/05/16 19:14:00 | 000,017,840 | R--- | M] (Cognizance Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\itsdisk.sys -- (ItSDisk)
DRV - [2006/02/08 17:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/02 23:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/31 18:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/01/24 10:45:56 | 000,034,944 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ipswuio.sys -- (ipswuio)
DRV - [2005/12/14 17:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/11/29 11:50:58 | 000,036,768 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2005/11/24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/16 09:08:16 | 000,078,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTL8023xp)
DRV - [2005/11/11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/21 04:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/09/30 10:34:10 | 000,310,016 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/09/17 11:01:50 | 000,028,672 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/09/14 12:45:24 | 000,050,560 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/08/18 08:26:14 | 000,138,752 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/02/17 16:07:48 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2005/01/07 17:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 75 37 B8 79 62 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/07/20 00:37:10 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/04/30 17:12:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Value error. File not found
O2 - BHO: (BOC ProcessProtect Class) - {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - C:\WINDOWS\system32\ProcessProtection.dll (www.ISRA.org.cn)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Infineon Technologies AG)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKLM..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.EXE (ASYSTeK Computer INC.)
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iPPCamScan] C:\WINDOWS\iPScan.exe ( iPassion Technology Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MultiFrame.lnk = C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe (ASUSTek Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: bankofchina.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: boc.cn ([ebs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: boc.cn ([www] http in Trusted sites)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...b?1271227136156 (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 219.141.140.10 202.106.196.115
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\IfxWlxEN: DllName - IfxWlxEN.dll - C:\WINDOWS\System32\IfxWlxEN.dll (Infineon Technologies AG)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\OneCard: DllName - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll - c:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/23 19:37:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/03/23 19:19:58 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (5319299816226816)
========== Files/Folders - Created Within 90 Days ==========
[2010/04/30 23:45:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\X-Lite
[2010/04/30 17:26:20 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/04/30 17:22:58 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/04/29 23:40:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/29 23:38:19 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/29 23:38:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/29 23:38:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/29 23:38:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/29 23:37:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/29 23:24:42 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/04/15 23:26:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CounterPath
[2010/04/14 14:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Facebook
[2010/03/30 20:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\bj
========== Files - Modified Within 90 Days ==========
[2010/05/02 19:38:10 | 000,045,056 | ---- | M] () -- C:\WINDOWS\System32\acovcnt.exe
[2010/05/02 19:37:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/02 19:37:10 | 1064,587,264 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/02 19:37:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/02 15:57:24 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT
[2010/05/02 15:57:24 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini
[2010/05/02 15:56:42 | 004,825,046 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2010/05/02 12:12:56 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{090F85ED-A099-4AB2-8E2A-DCD984B0D929}.job
[2010/04/30 17:23:12 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe
[2010/04/30 17:12:48 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/30 16:17:12 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/04/30 12:21:54 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/30 00:05:52 | 000,002,181 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2010/04/29 23:40:14 | 000,000,319 | RHS- | M] () -- C:\boot.ini
[2010/04/29 23:30:48 | 000,175,616 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 12:47:38 | 003,923,257 | R--- | M] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2010/04/27 02:01:56 | 000,000,250 | ---- | M] () -- C:\Boot.bak
[2010/04/27 01:01:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/26 15:58:14 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/17 00:23:46 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\user\PUTTY.RND
[2010/04/16 14:00:02 | 000,414,720 | ---- | M] () -- C:\Documents and Settings\user\Desktop\RESUME.doc
[2010/04/15 23:26:42 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\user\Desktop\X-Lite.lnk
[2010/04/15 22:46:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3343283159-1345008455-2348356966-1005Core1cac6a9790dd6c.job
[2010/04/15 01:34:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/22 18:41:48 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\user\Desktop\-Chinese011.doc
========== Files Created - No Company Name ==========
[2010/05/02 10:57:28 | 1064,587,264 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/30 17:13:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe
[2010/04/29 23:40:12 | 000,000,250 | ---- | C] () -- C:\Boot.bak
[2010/04/29 23:40:10 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/29 23:38:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/29 23:38:19 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/29 23:38:19 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/29 23:38:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/29 23:38:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/29 23:27:44 | 000,731,136 | ---- | C] () -- C:\Documents and Settings\user\Desktop\avenger.exe
[2010/04/29 23:27:41 | 003,923,257 | R--- | C] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe
[2010/04/27 02:01:55 | 000,000,319 | RHS- | C] () -- C:\boot.ini
[2010/04/16 14:00:00 | 000,414,720 | ---- | C] () -- C:\Documents and Settings\user\Desktop\RESUME.doc
[2010/03/22 18:28:24 | 000,090,112 | ---- | C] () -- C:\Documents and Settings\user\Desktop\-Chinese011.doc
[2010/03/18 22:41:01 | 000,001,090 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3343283159-1345008455-2348356966-1005Core1cac6a9790dd6c.job
[2009/12/26 14:04:18 | 000,032,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\Protector.sys
[2009/02/21 00:01:23 | 000,000,167 | ---- | C] () -- C:\WINDOWS\usdthank.ini
[2009/02/21 00:01:23 | 000,000,031 | ---- | C] () -- C:\WINDOWS\idc.ini
[2008/06/13 03:08:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/03/26 21:54:25 | 000,000,060 | ---- | C] () -- C:\WINDOWS\ASUS_1280x1024_black.ini
[2008/03/23 20:19:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/23 19:54:08 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/03/23 19:41:15 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008/03/23 19:04:42 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\ABLKSR.INI
[2008/03/23 19:04:30 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/04/03 15:30:00 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\scardsyn.dll
[2004/08/19 10:07:40 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\MMIOPORT.SYS
[2004/08/19 10:07:40 | 000,002,538 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[1998/05/06 20:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
========== LOP Check ==========
[2008/03/23 20:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2009/02/28 14:16:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E33597A3-E995-4DA4-A3A0-F1775979A8E0}
[2009/02/28 14:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/04 18:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/04/04 18:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/04/15 23:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CounterPath
[2008/03/23 20:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Infineon
[2008/04/14 23:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Asus
[2008/07/05 23:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Opera
[2009/04/04 18:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Nokia
[2009/04/04 18:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PC Suite
[2009/05/22 17:50:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\FFSJ
[2010/01/02 11:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Skydur
[2010/04/14 14:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Facebook
[2010/05/02 12:12:56 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{090F85ED-A099-4AB2-8E2A-DCD984B0D929}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/21 22:57:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/08/21 22:57:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/21 22:57:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/21 22:57:14 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 08:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 08:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 08:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008/03/23 19:29:54 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2008/03/23 19:29:54 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/03/23 19:29:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/11 20:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2010/02/24 21:11:08 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
========== Files - Unicode (All) ==========
[2010/03/25 23:14:18 | 000,000,018 | ---- | M] ()(C:\Documents and Settings\user\Desktop\?????.txt) -- C:\Documents and Settings\user\Desktop\新文字文件.txt
[2010/03/22 18:28:31 | 000,000,018 | ---- | C] ()(C:\Documents and Settings\user\Desktop\?????.txt) -- C:\Documents and Settings\user\Desktop\新文字文件.txt
< End of report >
is [2010/04/30 17:13:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\acovcnt.exe an issue ?
#18
Posted 02 May 2010 - 06:23 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Lets check it out - as this one has mixed analysis
- Make sure to use Internet Explorer for this
- Please go to VirSCAN.org FREE on-line scan service
- Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
- C:\WINDOWS\system32\acovcnt.exe
- C:\WINDOWS\system32\acovcnt.exe
- Click on the Upload button
- If a pop-up appears saying the file has been scanned already, please select the ReScan button.
- Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
- Paste the contents of the Clipboard in your next reply.
#19
Posted 02 May 2010 - 07:11 AM
olbo
- Topic Starter
-
- Member
-
- 24 posts
Member
VirSCAN.org Scanned Report :
Scanned time : 2010/05/02 21:06:23 (CST)
Scanner results: tous les moteurs ont dit ne pas avoir trouvé de malware !
File Name : acovcnt.exe
File Size : 45056 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 6bcaf46e2b7fa9ace92b4d39f3037c5c
SHA1 : 6d5a81e3cf59832d73f28d6e87f51d073c3e4095
Online report : http://virscan.org/r...deea689f75.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100501070118 2010-05-01 25.02 -
AhnLab V3 2010.04.30.02 2010.04.30 2010-04-30 2.05 -
AntiVir 8.2.1.224 7.10.7.16 2010-04-30 0.26 -
Antiy 2.0.18 20100429.4301541 2010-04-29 0.02 -
Arcavir 2009 201005020249 2010-05-02 0.08 -
Authentium 5.1.1 201005011751 2010-05-01 1.55 -
AVAST! 4.7.4 100502-0 2010-05-02 0.04 -
AVG 8.5.793 271.1.1/2849 2010-05-02 0.27 -
BitDefender 7.81008.5692845 7.31474 2010-05-02 3.67 -
ClamAV 0.95.3 10889 2010-05-02 0.02 -
Comodo 3.13.579 4738 2010-05-02 2.50 -
CP Secure 1.3.0.5 2010.05.02 2010-05-02 0.06 -
Dr.Web 5.0.2.3300 2010.05.02 2010-05-02 7.33 -
F-Prot 4.4.4.56 20100501 2010-05-01 1.41 -
F-Secure 7.02.73807 2010.05.02.03 2010-05-02 0.19 -
Fortinet 4.0.14 11.764 2010-05-01 4.14 -
GData 21.72/21.24 20100502 2010-05-02 11.53 -
ViRobot 20100501 2010.05.01 2010-05-01 0.67 -
Ikarus T3.1.01.80 2010.05.02.75761 2010-05-02 5.93 -
JiangMin 13.0.900 2010.05.02 2010-05-02 2.24 -
Kaspersky 5.5.10 2010.05.02 2010-05-02 0.14 -
KingSoft 2009.2.5.15 2010.5.2.16 2010-05-02 1.12 -
McAfee 5400.1158 5969 2010-05-01 0.02 -
Microsoft 1.5703 2010.05.01 2010-05-01 11.40 -
Norman 6.04.12 6.04.00 2010-05-01 6.02 -
Panda 9.05.01 2010.05.01 2010-05-01 2.31 -
Trend Micro 9.120-1004 7.142.05 2010-05-02 0.09 -
Quick Heal 10.00 2010.05.01 2010-05-01 1.70 -
Rising 20.0 22.45.04.03 2010-04-30 1.39 -
Sophos 3.06.0 4.52 2010-05-02 3.67 -
Sunbelt 3.9.2418.2 6248 2010-05-01 9.46 -
Symantec 1.3.0.24 20100501.002 2010-05-01 1.85 -
nProtect 20100501.01 8055427 2010-05-01 15.16 -
The Hacker 6.5.2.0 v00275 2010-05-01 0.76 -
VBA32 3.12.12.4 20100429.2024 2010-04-29 2.61 -
VirusBuster 4.5.11.10 10.126.10/2000339 2010-05-02 2.36 -
Ok seems clean!!
I just thought it was a malware as I did a search on it on google before...
Tks a bunch for your help!!
(Opera pb was not the rss and mail pb)
I think i'm gonna use firefox
Scanned time : 2010/05/02 21:06:23 (CST)
Scanner results: tous les moteurs ont dit ne pas avoir trouvé de malware !
File Name : acovcnt.exe
File Size : 45056 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 6bcaf46e2b7fa9ace92b4d39f3037c5c
SHA1 : 6d5a81e3cf59832d73f28d6e87f51d073c3e4095
Online report : http://virscan.org/r...deea689f75.html
Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100501070118 2010-05-01 25.02 -
AhnLab V3 2010.04.30.02 2010.04.30 2010-04-30 2.05 -
AntiVir 8.2.1.224 7.10.7.16 2010-04-30 0.26 -
Antiy 2.0.18 20100429.4301541 2010-04-29 0.02 -
Arcavir 2009 201005020249 2010-05-02 0.08 -
Authentium 5.1.1 201005011751 2010-05-01 1.55 -
AVAST! 4.7.4 100502-0 2010-05-02 0.04 -
AVG 8.5.793 271.1.1/2849 2010-05-02 0.27 -
BitDefender 7.81008.5692845 7.31474 2010-05-02 3.67 -
ClamAV 0.95.3 10889 2010-05-02 0.02 -
Comodo 3.13.579 4738 2010-05-02 2.50 -
CP Secure 1.3.0.5 2010.05.02 2010-05-02 0.06 -
Dr.Web 5.0.2.3300 2010.05.02 2010-05-02 7.33 -
F-Prot 4.4.4.56 20100501 2010-05-01 1.41 -
F-Secure 7.02.73807 2010.05.02.03 2010-05-02 0.19 -
Fortinet 4.0.14 11.764 2010-05-01 4.14 -
GData 21.72/21.24 20100502 2010-05-02 11.53 -
ViRobot 20100501 2010.05.01 2010-05-01 0.67 -
Ikarus T3.1.01.80 2010.05.02.75761 2010-05-02 5.93 -
JiangMin 13.0.900 2010.05.02 2010-05-02 2.24 -
Kaspersky 5.5.10 2010.05.02 2010-05-02 0.14 -
KingSoft 2009.2.5.15 2010.5.2.16 2010-05-02 1.12 -
McAfee 5400.1158 5969 2010-05-01 0.02 -
Microsoft 1.5703 2010.05.01 2010-05-01 11.40 -
Norman 6.04.12 6.04.00 2010-05-01 6.02 -
Panda 9.05.01 2010.05.01 2010-05-01 2.31 -
Trend Micro 9.120-1004 7.142.05 2010-05-02 0.09 -
Quick Heal 10.00 2010.05.01 2010-05-01 1.70 -
Rising 20.0 22.45.04.03 2010-04-30 1.39 -
Sophos 3.06.0 4.52 2010-05-02 3.67 -
Sunbelt 3.9.2418.2 6248 2010-05-01 9.46 -
Symantec 1.3.0.24 20100501.002 2010-05-01 1.85 -
nProtect 20100501.01 8055427 2010-05-01 15.16 -
The Hacker 6.5.2.0 v00275 2010-05-01 0.76 -
VBA32 3.12.12.4 20100429.2024 2010-04-29 2.61 -
VirusBuster 4.5.11.10 10.126.10/2000339 2010-05-02 2.36 -
Ok seems clean!!
I just thought it was a malware as I did a search on it on google before...
Tks a bunch for your help!!
(Opera pb was not the rss and mail pb)
I think i'm gonna use firefox
#20
Posted 02 May 2010 - 07:14 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
At one time there was malware with that name - which is why I initially removed it, but it may be part of your cd/dvd software
I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
SPRING CLEAN
Download TFC to your desktop
THEN
Download Flush Flash from Here and follow the easy to use instructions on the same page
NEXT
Download and run Puran Disc Defragmenter
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
I will remove my tools now and give some recommendations, but I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
SPRING CLEAN
Download TFC to your desktop
- Open the file and close any other windows.
- It will close all programs itself when run, make sure to let it run uninterrupted.
- Click the Start button to begin the process. The program should not take long to finish its job
- Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
THEN
Download Flush Flash from Here and follow the easy to use instructions on the same page
NEXT
Download and run Puran Disc Defragmenter
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
- SpywareBlaster to help prevent spyware from installing in the first place.
Malwarebytes. Run weekly to keep your system clean
To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe
#21
Posted 03 May 2010 - 10:45 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
