Hello RKinner,
Thank you for your prompt help, sorry was bit busy to post my reply. All the logs are posted below for your reference, await your advise. Please note i have extrenal HDD also connected to this PC, I hope that HDD will also be cleared in our process..
BitDefender is starting to sense something called Win32.Viking.AU virus affecteing some .exe files. Thought it will be useful for you to advise accordingly.
OTL Log 1:OTL logfile created on: 7/27/2011 11:21:31 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\WORKS01\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1015.23 Mb Total Physical Memory | 604.35 Mb Available Physical Memory | 59.53% Memory free
2.39 Gb Paging File | 1.98 Gb Available in Paging File | 82.98% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 66.27 Gb Free Space | 84.82% Space Free | Partition Type: NTFS
Drive D: | 70.92 Gb Total Space | 50.56 Gb Free Space | 71.29% Space Free | Partition Type: NTFS
Drive G: | 931.28 Gb Total Space | 901.35 Gb Free Space | 96.79% Space Free | Partition Type: FAT32
Drive H: | 5.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 971.91 Mb Total Space | 388.74 Mb Free Space | 40.00% Space Free | Partition Type: FAT32
Computer Name: WORKS | User Name: WORKS01 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/07/27 11:10:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WORKS01\Desktop\OTL.exe
PRC - [2010/05/06 19:09:06 | 000,415,638 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2010/05/06 18:59:36 | 000,516,216 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2009/11/20 11:12:22 | 000,335,344 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
PRC - [2009/11/11 17:08:14 | 001,622,320 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
PRC - [2009/10/22 21:24:28 | 001,085,720 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
PRC - [2009/10/22 21:24:16 | 001,118,144 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
PRC - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 17:30:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/04 14:20:22 | 004,595,712 | ---- | M] () -- C:\Documents and Settings\WORKS01\Application Data\U3\000015D1A9628AFF\LaunchPad.exe
PRC - [1998/02/06 00:46:18 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\NILaunch.exe
========== Modules (SafeList) ========== MOD - [2011/07/27 11:10:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WORKS01\Desktop\OTL.exe
MOD - [2011/07/15 13:09:05 | 000,232,968 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_93\midas32.dll
MOD - [2008/04/14 17:30:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - [2011/07/22 12:52:59 | 000,274,432 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)
SRV - [2009/11/20 11:12:22 | 000,335,344 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
SRV - [2009/11/11 17:08:14 | 001,622,320 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- (VSSERV)
SRV - [2009/10/23 14:45:26 | 000,311,296 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
SRV - [2009/10/19 16:06:10 | 000,183,880 | ---- | M] (BitDefender S.R.L.
http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV - [2008/11/10 02:18:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/14 17:30:00 | 000,248,832 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2008/04/14 17:30:00 | 000,248,832 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\appmgmts.dll -- (AppMgmt)
========== Driver Services (SafeList) ========== DRV - [2009/11/10 17:04:14 | 000,152,456 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
DRV - [2009/10/28 18:02:34 | 000,054,656 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys -- (BDSelfPr)
DRV - [2009/10/19 16:04:00 | 000,119,048 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif)
DRV - [2009/10/19 16:04:00 | 000,110,984 | ---- | M] (BitDefender LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfndisf.sys -- (Bdfndisf)
DRV - [2009/09/22 08:22:06 | 000,083,208 | ---- | M] (BitDefender) [Kernel | Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys -- (BDVEDISK)
DRV - [2009/08/27 16:28:44 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
DRV - [2009/07/23 15:41:20 | 000,282,768 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bdfsfltr.sys -- (bdfsfltr)
DRV - [2009/05/07 03:22:06 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
DRV - [2009/03/24 14:24:24 | 000,006,144 | ---- | M] (BITDEFENDER LLC) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bdrawpr.sys -- (BdRawPr)
DRV - [2006/02/27 04:46:20 | 000,081,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://in.yahoo.com/?fr=fp-yie8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://in.yahoo.com/?fr=fp-yie8IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2011/07/27 10:12:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [Net-It Launcher] C:\WINDOWS\system32\NILaunch.exe ()
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.100 192.168.1.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-2820402105-6805472487-401406774-5631\mwau.exe) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\WORKS01\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\WORKS01\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\360hotfix.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\360rp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\360rpt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\360safe.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\360safebox.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\360sd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\360se.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\360SoftMgrSvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\360speedld.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\360tray.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ast.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avmailc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avwebgrd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\CCenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ccSvcHst.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ÐÞ¸´¹¤¾ß.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\egui.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kavstart.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kissvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kmailmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kpfw32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kpfwsvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\krnl360svc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kswebshield.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KVMonXP.kxp: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KVSrvXP.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kwatch.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Mcagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\mcmscsvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\McNASvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Mcods.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\McProxy.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\McSACore.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Mcshield.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\mcsysmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\mcvsshld.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\MpfSrv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\MPMon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\MPSVC.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\MPSVC1.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\MPSVC2.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\msksrver.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\qutmserv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RavMonD.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RavTask.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RsAgent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\rsnetsvr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RsTray.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\safeboxTray.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ScanFrm.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\sched.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\SfCtlCom.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\TMBMSRV.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\TmProxy.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\UfSeAgnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zhudongfangyu.exe: Debugger - ntsd -d (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/17 10:42:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/07/27 11:17:04 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/07/27 11:17:04 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/07/27 11:17:06 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/10/05 02:32:54 | 000,000,279 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/07/27 11:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Autorun Eater
[2011/07/27 11:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Autorun Eater
[2011/07/27 11:17:04 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2011/07/27 11:15:14 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\WORKS01\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/27 11:13:48 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\WORKS01\Desktop\aswMBR.exe
[2011/07/27 11:10:39 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\WORKS01\Desktop\OTL.exe
[2011/07/25 10:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Yahoo
[2011/07/24 17:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WORKS01\Application Data\Macromedia
[2011/07/24 17:15:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\WORKS01\PrivacIE
[2011/07/24 17:15:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WORKS01\Local Settings\Application Data\Yahoo
[2011/07/24 17:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2011/07/24 17:14:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\WORKS01\IETldCache
[2011/07/24 17:11:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/07/24 17:11:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/07/24 17:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WORKS01\Application Data\Yahoo!
[2011/07/24 17:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/07/24 17:11:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/07/24 17:09:34 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/07/24 17:09:29 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011/07/24 17:08:35 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/07/22 12:54:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WORKS01\Local Settings\Application Data\Adobe
[2011/07/22 12:53:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/07/11 11:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitDefender 2010
[2011/07/11 11:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2011/07/11 11:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WORKS01\Application Data\BitDefender
[2011/07/11 11:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
[2011/07/11 11:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/07/27 11:19:42 | 001,364,101 | ---- | M] () -- C:\Documents and Settings\WORKS01\Desktop\aesetup2.5.zip
[2011/07/27 11:15:14 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\WORKS01\Desktop\mbam-setup-1.51.1.1800.exe
[2011/07/27 11:13:48 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\WORKS01\Desktop\aswMBR.exe
[2011/07/27 11:10:39 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\WORKS01\Desktop\OTL.exe
[2011/07/27 11:09:24 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\WORKS01\Desktop\Flash_Disinfector.exe
[2011/07/27 10:13:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\WindowsUpdata7.jpg
[2011/07/27 10:12:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/27 10:09:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/27 10:08:12 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/25 23:20:13 | 000,000,223 | ---- | M] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2011/07/25 19:09:32 | 000,083,018 | ---- | M] () -- C:\Documents and Settings\WORKS01\Desktop\JET USA.jpg
[2011/07/24 17:14:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\WORKS01\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/07/16 21:07:03 | 000,000,132 | ---- | M] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2011/07/15 13:10:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ab_bl.sig
[2011/07/15 13:10:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\wsbl.dat
[2011/07/15 13:10:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_white.dat
[2011/07/15 13:10:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_summ.dat
[2011/07/15 13:10:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_spoof.sig
[2011/07/15 13:10:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_sign.slf
[2011/07/15 13:10:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2011/07/15 13:10:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ph_black.dat
[2011/07/15 13:10:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords2.dat
[2011/07/15 13:10:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pcwords.dat
[2011/07/15 13:10:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\pc_sign.slf
[2011/07/15 13:10:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ab_sbl.sig
[2011/07/14 11:13:20 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\WORKS01\Desktop\Free Commander.lnk
[2011/07/13 10:15:31 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/07/11 11:40:08 | 000,001,869 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/07/27 11:19:34 | 001,364,101 | ---- | C] () -- C:\Documents and Settings\WORKS01\Desktop\aesetup2.5.zip
[2011/07/27 11:09:24 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\WORKS01\Desktop\Flash_Disinfector.exe
[2011/07/27 10:13:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WindowsUpdata7.jpg
[2011/07/25 19:09:28 | 000,083,018 | ---- | C] () -- C:\Documents and Settings\WORKS01\Desktop\JET USA.jpg
[2011/07/22 12:53:56 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/07/15 13:10:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ab_bl.sig
[2011/07/15 13:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wsbl.dat
[2011/07/15 13:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_white.dat
[2011/07/15 13:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_summ.dat
[2011/07/15 13:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_spoof.sig
[2011/07/15 13:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_sign.slf
[2011/07/15 13:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_fuzzy.sig
[2011/07/15 13:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ph_black.dat
[2011/07/15 13:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords2.dat
[2011/07/15 13:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pcwords.dat
[2011/07/15 13:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\pc_sign.slf
[2011/07/15 13:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ab_sbl.sig
[2011/07/14 11:13:20 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\WORKS01\Desktop\Free Commander.lnk
[2011/07/13 10:15:31 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
[2011/07/11 17:50:04 | 000,000,132 | ---- | C] () -- C:\WINDOWS\System32\rezumatenoi.dat
[2011/07/11 11:40:08 | 000,001,869 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitDefender Internet Security 2010.lnk
[2011/03/21 13:04:07 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2011/03/17 16:46:21 | 000,008,867 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2011/03/17 16:03:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/17 16:01:50 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/17 12:19:08 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\WORKS01\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/17 11:59:16 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2011/03/17 11:53:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2011/03/17 11:39:03 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4885.dll
[2011/03/17 11:31:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Net-It Now! SE.INI
[2011/03/17 11:31:37 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\NIUninstall.exe
[2011/03/17 11:31:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\NILaunch.exe
[2011/03/17 11:31:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Approach.ini
[2011/03/17 11:30:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2011/03/17 10:56:37 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/17 10:45:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/17 10:39:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/15 12:45:34 | 000,181,248 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/04/14 17:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 17:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 17:30:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 17:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 17:30:00 | 000,248,832 | ---- | C] () -- C:\WINDOWS\System32\appmgmts.dll
[2008/04/14 17:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 17:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 17:30:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 17:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 17:30:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 17:30:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 17:30:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 17:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
[2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001/01/24 13:01:18 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2000/04/14 16:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1997/11/14 14:37:54 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1996/02/22 14:37:54 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1996/01/15 14:37:54 | 000,334,016 | ---- | C] () -- C:\WINDOWS\System32\loflt09.dll
[1995/09/25 14:38:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 14:37:52 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini
< End of report >
OTL Log 2: Extras.txtOTL Extras logfile created on: 7/27/2011 11:21:31 AM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\WORKS01\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1015.23 Mb Total Physical Memory | 604.35 Mb Available Physical Memory | 59.53% Memory free
2.39 Gb Paging File | 1.98 Gb Available in Paging File | 82.98% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78.13 Gb Total Space | 66.27 Gb Free Space | 84.82% Space Free | Partition Type: NTFS
Drive D: | 70.92 Gb Total Space | 50.56 Gb Free Space | 71.29% Space Free | Partition Type: NTFS
Drive G: | 931.28 Gb Total Space | 901.35 Gb Free Space | 96.79% Space Free | Partition Type: FAT32
Drive H: | 5.58 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 971.91 Mb Total Space | 388.74 Mb Free Space | 40.00% Space Free | Partition Type: FAT32
Computer Name: WORKS | User Name: WORKS01 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE" = C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft ® Visual Studio VSA RPC Event Creator -- (Microsoft Corporation)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4664D722-33D1-4B4A-A317-1E64178B7A97}" = BitDefender Internet Security 2010
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Autorun Eater_is1" = Autorun Eater v2.5
"FreeCommander_is1" = FreeCommander 2009.02b
"HDMI" = Intel® Graphics Media Accelerator Driver
"hp deskjet 3500 series_Driver" = hp deskjet 3500 series
"ie8" = Windows Internet Explorer 8
"MsJavaVM" = Microsoft VM for Java
"SmartSuite V98.0" = Lotus SmartSuite Release 9
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 7/20/2011 8:16:55 AM | Computer Name = WORKS | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Error - 7/21/2011 2:33:08 AM | Computer Name = WORKS | Source = Application Hang | ID = 1002
Description = Hanging application Photoshop.exe, version 7.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/21/2011 2:34:41 AM | Computer Name = WORKS | Source = Application Hang | ID = 1002
Description = Hanging application Photoshop.exe, version 7.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/21/2011 2:34:41 AM | Computer Name = WORKS | Source = Application Hang | ID = 1002
Description = Hanging application Photoshop.exe, version 7.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/21/2011 4:22:33 AM | Computer Name = WORKS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module gdiplus.dll, version 5.1.3102.5512, fault address 0x001576a4.
Error - 7/21/2011 4:24:00 AM | Computer Name = WORKS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module gdiplus.dll, version 5.1.3102.5512, fault address 0x001575e5.
Error - 7/22/2011 4:31:13 AM | Computer Name = WORKS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module gdiplus.dll, version 5.1.3102.5512, fault address 0x001576a4.
Error - 7/24/2011 12:35:22 AM | Computer Name = WORKS | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.
Error - 7/24/2011 4:07:56 AM | Computer Name = WORKS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module gdiplus.dll, version 5.1.3102.5512, fault address 0x001575e5.
Error - 7/24/2011 5:29:52 AM | Computer Name = WORKS | Source = Application Error | ID = 1000
Description = Faulting application freecommander.exe, version 2009.2.0.417, faulting
module , version 0.0.0.0, fault address 0x00000000.
[ System Events ]
Error - 7/27/2011 12:40:08 AM | Computer Name = WORKS | Source = System Error | ID = 1003
Description = Error code 1000007f, parameter1 00000008, parameter2 f7818d70, parameter3
00000000, parameter4 00000000.
Error - 7/27/2011 12:40:13 AM | Computer Name = WORKS | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 7/27/2011 12:40:13 AM | Computer Name = WORKS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 7/27/2011 12:40:14 AM | Computer Name = WORKS | Source = Service Control Manager | ID = 7023
Description = The Background Intelligent Transfer Service service terminated with
the following error: %%127
Error - 7/27/2011 12:40:29 AM | Computer Name = WORKS | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)
Error - 7/27/2011 12:40:29 AM | Computer Name = WORKS | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.
Error - 7/27/2011 12:40:44 AM | Computer Name = WORKS | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 7/27/2011 1:17:07 AM | Computer Name = WORKS | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
AJ-IMAC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{25B4F68D-82CE-4C57-9. The master browser is stopping or an election
is being forced.
Error - 7/27/2011 1:20:21 AM | Computer Name = WORKS | Source = Service Control Manager | ID = 7034
Description = The BitDefender Virus Shield service terminated unexpectedly. It
has done this 1 time(s).
Error - 7/27/2011 1:35:31 AM | Computer Name = WORKS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {4CD40054-9865-47B2-A16C-1BD17DA4AAD9}.
The
error: "%2" Happened while starting this command: C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
-Embedding
< End of report >
MBAM Log:Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7294
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
7/27/2011 11:48:52 AM
mbam-log-2011-07-27 (11-48-52).txt
Scan type: Quick scan
Objects scanned: 142567
Time elapsed: 5 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 59
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360speedld.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krnl360svc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kswebshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcods.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msksrver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qutmserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfCtlCom.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMBMSRV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TmProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UfSeAgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ÐÞ¸´¹¤¾ß.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\AVP.EXE (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Trojan.Agent) -> Value: Taskman -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\appmgmts.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\windowsupdata7.jpg (Trojan.Traces) -> Quarantined and deleted successfully.
aswMBR Log:aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-27 11:51:50
-----------------------------
11:51:50.359 OS Version: Windows 5.1.2600 Service Pack 3
11:51:50.359 Number of processors: 2 586 0x1C02
11:51:50.359 ComputerName: WORKS UserName:
11:52:06.171 Initialize success
11:52:39.984 AVAST engine download error: 0
11:52:54.843 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
11:52:54.843 Disk 0 Vendor: ST3160815AS 3.CHJ Size: 152627MB BusType: 3
11:52:54.859 Disk 0 MBR read successfully
11:52:54.859 Disk 0 MBR scan
11:52:54.859 Disk 0 Windows XP default MBR code
11:52:54.875 Disk 0 scanning sectors +312576705
11:52:54.937 Disk 0 scanning C:\WINDOWS\system32\drivers
11:52:57.671 Service scanning
11:52:57.953 Service Bdfndisf C:\WINDOWS\system32\DRIVERS\bdfndisf.sys **LOCKED** 32
11:52:58.859 Modules scanning
11:53:18.734 Disk 0 trace - called modules:
11:53:18.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
11:53:18.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86588ab8]
11:53:18.765 3 CLASSPNP.SYS[f75d8fd7] -> nt!IofCallDriver -> \Device\0000005f[0x865caf18]
11:53:18.765 5 ACPI.sys[f745f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86572d98]
11:53:18.765 Scan finished successfully
11:53:43.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\WORKS01\Desktop\MBR.dat"
11:53:43.000 The log file has been saved successfully to "C:\Documents and Settings\WORKS01\Desktop\aswMBR.txt"
aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-27 11:54:14
-----------------------------
11:54:14.515 OS Version: Windows 5.1.2600 Service Pack 3
11:54:14.515 Number of processors: 2 586 0x1C02
11:54:14.515 ComputerName: WORKS UserName:
11:54:14.765 Initialize success
12:06:59.613 AVAST engine defs: 11072601
12:09:37.753 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
12:09:37.753 Disk 0 Vendor: ST3160815AS 3.CHJ Size: 152627MB BusType: 3
12:09:37.785 Disk 0 MBR read successfully
12:09:37.785 Disk 0 MBR scan
12:09:37.800 Disk 0 Windows XP default MBR code
12:09:37.816 Disk 0 scanning sectors +312576705
12:09:37.878 Disk 0 scanning C:\WINDOWS\system32\drivers
12:09:44.738 Service scanning
12:09:44.972 Service Bdfndisf C:\WINDOWS\system32\DRIVERS\bdfndisf.sys **LOCKED** 32
12:09:45.800 Modules scanning
12:09:49.285 Disk 0 trace - called modules:
12:09:49.300 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
12:09:49.316 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86588ab8]
12:09:49.316 3 CLASSPNP.SYS[f75d8fd7] -> nt!IofCallDriver -> \Device\0000005f[0x865caf18]
12:09:49.316 5 ACPI.sys[f745f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x86572d98]
12:09:49.597 AVAST engine scan C:\WINDOWS
12:09:53.378 AVAST engine scan C:\WINDOWS\system32
12:11:50.628 AVAST engine scan C:\WINDOWS\system32\drivers
12:12:09.831 AVAST engine scan C:\Documents and Settings\WORKS01
12:13:23.191 AVAST engine scan C:\Documents and Settings\All Users
12:13:57.566 Scan finished successfully
12:14:15.128 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\WORKS01\Desktop\MBR.dat"
12:14:15.144 The log file has been saved successfully to "C:\Documents and Settings\WORKS01\Desktop\aswMBR.txt"
Await your reply.