Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible trojan slowing down new laptop [Closed]


  • This topic is locked This topic is locked

#1
dtravers2406

dtravers2406

    Member

  • Member
  • PipPip
  • 19 posts
Hi,

I've just purchased a new laptop yesterday and was installing Office 2010 (borrowed from my friend) when my anti-virus gave an alert that two possible trojan threats were found when I tried to open the .exe installation folder. These were found in my temporary folder in my user Appdata folder in the C Drive, and had the extensions "rarsfx1\ant.exe". My friend told me to install anyway, and when I tried to open Word, it worked for the first time, and subsequently couldn't be opened.

I then uninstalled the entire Office, and got another version of Office 2010 and installed it (currently running with no problems). However, my computer startup speed has been very slow (considering this is a brand new laptop) and I'm just concerned that the initial trojan virus has managed to attack the software. I've ran an anti-virus check on AVG: no problems detected.

Any idea if the slow startup is due to a possible trojan virus undetected by AVG?

Attached is my OTL Quick Scan log:


OTL logfile created on: 12/3/2012 9:13:46 AM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Wang Ting\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004809 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

7.92 Gb Total Physical Memory | 6.07 Gb Available Physical Memory | 76.66% Memory free
15.83 Gb Paging File | 13.93 Gb Available in Paging File | 88.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231.00 Gb Total Space | 150.54 Gb Free Space | 65.17% Space Free | Partition Type: NTFS
Drive D: | 343.60 Gb Total Space | 343.50 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Computer Name: WANGTING-PC | User Name: Wang Ting | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 09:13:23 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Wang Ting\Downloads\OTL.exe
PRC - [2012/02/15 07:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Wang Ting\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/02/03 17:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/28 07:23:10 | 005,458,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
PRC - [2011/09/06 16:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 16:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/19 12:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/08/17 15:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/24 16:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2011/06/05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/05 20:44:54 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/05/05 20:44:52 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/03/30 14:42:34 | 001,001,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/03/30 14:42:32 | 001,321,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/03/30 14:42:30 | 000,923,984 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/03/30 14:42:28 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2009/11/02 13:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2008/06/12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 17:21:42 | 000,429,040 | ---- | M] () -- C:\Users\Wang Ting\AppData\Local\Google\Chrome\Application\17.0.963.79\ppgooglenaclpluginchrome.dll
MOD - [2012/03/10 17:21:41 | 003,772,912 | ---- | M] () -- C:\Users\Wang Ting\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
MOD - [2012/03/10 17:20:17 | 000,122,880 | ---- | M] () -- C:\Users\Wang Ting\AppData\Local\Google\Chrome\Application\17.0.963.79\avutil-51.dll
MOD - [2012/03/10 17:20:16 | 000,220,672 | ---- | M] () -- C:\Users\Wang Ting\AppData\Local\Google\Chrome\Application\17.0.963.79\avformat-53.dll
MOD - [2012/03/10 17:20:15 | 001,747,456 | ---- | M] () -- C:\Users\Wang Ting\AppData\Local\Google\Chrome\Application\17.0.963.79\avcodec-53.dll
MOD - [2012/03/10 13:56:11 | 008,593,056 | ---- | M] () -- C:\Users\Wang Ting\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
MOD - [2011/02/17 00:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/05/07 22:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2009/11/02 13:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 13:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 11:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/21 09:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/04/21 08:42:50 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth®
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/11 17:42:19 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/05 20:44:54 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/05/05 20:44:52 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/03/30 14:42:34 | 001,001,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/03/30 14:42:32 | 001,321,296 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/03/30 14:42:30 | 000,923,984 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/06/04 01:48:28 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/08 12:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/12/08 12:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/17 15:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/30 06:47:20 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/06/17 11:40:40 | 000,186,152 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/06/05 07:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/05/01 13:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/04/22 18:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/21 09:09:26 | 000,294,912 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) Intel® Centrino®
DRV:64bit: - [2011/04/21 09:09:26 | 000,294,912 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) Intel® Centrino®
DRV:64bit: - [2011/04/11 18:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/22 18:14:04 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/08 14:44:08 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/03/08 14:44:08 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/02/18 07:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/16 18:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/21 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 01:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 08:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/10/28 02:24:33 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wang Ting\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wang Ting\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/03/11 21:24:00 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wang Ting\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wang Ting\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wang Ting\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Wang Ting\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Wang Ting\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Wang Ting\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: AVG Safe Search = C:\Users\Wang Ting\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Picky Wallpapers = C:\Users\Wang Ting\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Wang Ting\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - Startup: C:\Users\Wang Ting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Wang Ting\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.132.0.254 137.132.0.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F029BAC-BC83-48BC-8461-268F618A4975}: DhcpNameServer = 137.132.0.254 137.132.0.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{78D9C1D9-1300-486E-A2B4-6B7BA17119CB}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/12 08:01:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/12 07:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/03/12 07:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/03/12 07:57:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/03/12 07:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/03/12 07:55:29 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/03/12 00:54:19 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
[2012/03/11 23:02:57 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/03/11 22:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012/03/11 22:28:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/03/11 22:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/03/11 22:16:09 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/03/11 21:33:28 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2012/03/11 21:30:32 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\Microsoft Help
[2012/03/11 21:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/03/11 21:24:43 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\AVG2012
[2012/03/11 21:24:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/11 21:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/03/11 21:23:57 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\drivers\AVG
[2012/03/11 21:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/03/11 21:23:48 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\AVG
[2012/03/11 21:23:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/03/11 21:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/03/11 21:06:49 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\CrashDumps
[2012/03/11 21:06:08 | 000,000,000 | ---D | C] -- C:\Winlog
[2012/03/11 20:49:36 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\Samsung
[2012/03/11 20:49:35 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\Documents\My Received Files
[2012/03/11 20:49:29 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\Documents\samsung
[2012/03/11 20:40:58 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudmdm.sys
[2012/03/11 20:40:57 | 000,098,616 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\windows\SysNative\drivers\ssudbus.sys
[2012/03/11 20:38:54 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\windows\SysWow64\Redemption.dll
[2012/03/11 20:38:38 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\windows\SysWow64\dgderapi.dll
[2012/03/11 20:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/03/11 20:37:00 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\Downloaded Installations
[2012/03/11 20:26:04 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\ElevatedDiagnostics
[2012/03/11 20:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/03/11 18:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/11 18:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/11 18:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/03/11 18:36:16 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\Documents\Misc
[2012/03/11 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/03/11 17:47:25 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\Adobe
[2012/03/11 17:42:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012/03/11 17:39:48 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\Documents\Youcam
[2012/03/11 17:39:09 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\CyberLink
[2012/03/11 17:39:08 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\CyberLink
[2012/03/11 17:37:35 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\skypePM
[2012/03/11 17:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/03/11 17:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/03/11 17:36:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/03/11 17:34:33 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\WinRAR
[2012/03/11 17:34:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/03/11 17:22:48 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\Skype
[2012/03/11 17:21:45 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\Media Player Classic
[2012/03/11 17:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2012/03/11 17:21:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2012/03/11 17:15:32 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\Documents\Law
[2012/03/11 17:03:00 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\Dropbox
[2012/03/11 17:01:18 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/03/11 17:00:54 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\Dropbox
[2012/03/11 16:39:40 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\SoftGrid Client
[2012/03/11 16:39:40 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\SoftGrid Client
[2012/03/11 16:38:50 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\TP
[2012/03/11 16:35:10 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\Samsung
[2012/03/11 16:31:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/03/11 16:29:04 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/11 16:28:13 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\Google
[2012/03/11 16:27:46 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\Deployment
[2012/03/11 16:27:46 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\Apps
[2012/03/11 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\Macromedia
[2012/03/11 16:27:06 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\Adobe
[2012/03/11 16:14:31 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\Power2Go
[2012/03/11 16:14:05 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/11 16:14:05 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\Searches
[2012/03/11 16:14:05 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/11 16:14:05 | 000,000,000 | -H-D | C] -- C:\Users\Wang Ting\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/03/11 16:13:57 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\Identities
[2012/03/11 16:13:54 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\Contacts
[2012/03/11 16:13:26 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/03/11 16:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/03/11 16:13:14 | 000,000,000 | ---D | C] -- C:\Program Files\Elantech
[2012/03/11 16:08:04 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\VirtualStore
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\AppData\Local\Temporary Internet Files
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\Templates
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\Start Menu
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\SendTo
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\Recent
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\PrintHood
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\NetHood
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\Documents\My Videos
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\Documents\My Pictures
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\Documents\My Music
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\My Documents
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\Local Settings
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\AppData\Local\History
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\Cookies
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\Application Data
[2012/03/11 16:07:57 | 000,000,000 | -HSD | C] -- C:\Users\Wang Ting\AppData\Local\Application Data
[2012/03/11 16:07:54 | 000,000,000 | --SD | C] -- C:\Users\Wang Ting\AppData\Roaming\Microsoft
[2012/03/11 16:07:54 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\Videos
[2012/03/11 16:07:54 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\Saved Games
[2012/03/11 16:07:54 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\Pictures
[2012/03/11 16:07:54 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\Music
[2012/03/11 16:07:54 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/03/11 16:07:54 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\Links
[2012/03/11 16:07:54 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\Favorites
[2012/03/11 16:07:54 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\Downloads
[2012/03/11 16:07:54 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\Documents
[2012/03/11 16:07:54 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\Desktop
[2012/03/11 16:07:54 | 000,000,000 | R--D | C] -- C:\Users\Wang Ting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/03/11 16:07:54 | 000,000,000 | -H-D | C] -- C:\Users\Wang Ting\AppData
[2012/03/11 16:07:54 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\Temp
[2012/03/11 16:07:54 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Local\Microsoft
[2012/03/11 16:07:54 | 000,000,000 | ---D | C] -- C:\Users\Wang Ting\AppData\Roaming\Media Center Programs
[2012/03/11 16:07:36 | 000,000,000 | -HSD | C] -- C:\Recovery

========== Files - Modified Within 30 Days ==========

[2012/03/12 09:15:49 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 09:15:49 | 000,020,992 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 09:07:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/03/12 09:07:44 | 4204,314,623 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/12 08:04:20 | 000,419,888 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/03/12 08:01:12 | 000,607,190 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/03/12 08:01:12 | 000,355,328 | ---- | M] () -- C:\windows\SysNative\prfh0804.dat
[2012/03/12 08:01:12 | 000,103,568 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/03/12 08:01:12 | 000,101,428 | ---- | M] () -- C:\windows\SysNative\prfc0804.dat
[2012/03/12 07:55:04 | 001,170,808 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/03/12 07:53:15 | 000,000,924 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033331047-2765703156-2270149953-1001UA.job
[2012/03/11 22:28:38 | 001,186,942 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/11 21:25:55 | 058,899,053 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/03/11 21:23:57 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2012/03/11 21:23:57 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/03/11 20:50:30 | 000,001,026 | ---- | M] () -- C:\Users\Wang Ting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/11 20:39:02 | 000,001,981 | ---- | M] () -- C:\Users\Wang Ting\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/03/11 18:10:06 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/03/11 17:37:38 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2012/03/11 16:33:00 | 000,000,872 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033331047-2765703156-2270149953-1001Core.job
[2012/03/11 16:26:48 | 000,001,441 | ---- | M] () -- C:\Users\Wang Ting\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/11 16:12:55 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012/03/11 16:12:48 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
[2012/03/11 16:12:41 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2012/03/11 16:08:15 | 000,000,000 | ---- | M] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_300E4A_01QA.mrk
[2012/03/11 15:00:56 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2012/03/11 15:00:56 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2012/03/11 21:25:55 | 058,899,053 | ---- | C] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/03/11 21:23:57 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2012/03/11 21:23:57 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/03/11 20:50:30 | 000,001,026 | ---- | C] () -- C:\Users\Wang Ting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/03/11 20:39:02 | 000,001,981 | ---- | C] () -- C:\Users\Wang Ting\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk
[2012/03/11 18:10:06 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/03/11 17:40:55 | 000,002,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer ES 8.2.lnk
[2012/03/11 17:40:54 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
[2012/03/11 17:40:54 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
[2012/03/11 17:37:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2012/03/11 17:21:07 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2012/03/11 16:39:08 | 001,186,942 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/11 16:28:14 | 000,000,924 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033331047-2765703156-2270149953-1001UA.job
[2012/03/11 16:28:14 | 000,000,872 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3033331047-2765703156-2270149953-1001Core.job
[2012/03/11 16:26:48 | 000,001,441 | ---- | C] () -- C:\Users\Wang Ting\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/11 16:14:10 | 000,001,413 | ---- | C] () -- C:\Users\Wang Ting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/03/11 16:14:06 | 000,001,447 | ---- | C] () -- C:\Users\Wang Ting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/11 16:12:55 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_AMPPAL_01009.Wdf
[2012/03/11 16:12:48 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_btmaux_01009.Wdf
[2012/03/11 16:12:41 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
[2012/03/11 16:08:15 | 000,000,000 | ---- | C] () -- C:\windows\SysNative\drivers\144D_SAMSUNG_N_300E4A_01QA.mrk
[2012/03/11 16:07:54 | 000,000,290 | ---- | C] () -- C:\Users\Wang Ting\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/11 16:07:54 | 000,000,272 | ---- | C] () -- C:\Users\Wang Ting\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/01/31 18:15:44 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe
[2012/01/31 18:15:42 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll
[2012/01/31 18:15:42 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll
[2012/01/31 18:15:42 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll
[2012/01/31 18:15:42 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll
[2011/10/11 16:58:34 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/10/11 16:06:53 | 000,001,156 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/07/21 13:51:15 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/07/21 13:51:14 | 000,207,376 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/07/21 13:51:12 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2012/03/11 21:24:43 | 000,000,000 | ---D | M] -- C:\Users\Wang Ting\AppData\Roaming\AVG2012
[2012/03/12 09:10:42 | 000,000,000 | ---D | M] -- C:\Users\Wang Ting\AppData\Roaming\Dropbox
[2012/03/11 20:49:36 | 000,000,000 | ---D | M] -- C:\Users\Wang Ting\AppData\Roaming\Samsung
[2012/03/12 08:00:55 | 000,000,000 | ---D | M] -- C:\Users\Wang Ting\AppData\Roaming\SoftGrid Client
[2012/03/11 22:29:33 | 000,000,000 | ---D | M] -- C:\Users\Wang Ting\AppData\Roaming\TP
[2009/07/14 13:08:49 | 000,009,672 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Appreciate any help on this, thanks!

-wt
  • 0

Advertisements


#2
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi
:welcome: . I'm Michael and I'm going to help you fix your computer :)

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Topics that are idle for 4 days after I post instructions will be closed, unless I'm notified of the delay.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.


Sorry for the late reply. Do you still need help?

If yes, please do the following:

Posted Image OTL Custom Scan
  • Download OTL to your Desktop
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under Extra Registry select Use Safelist
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt and Extras.txt in Notepad windows.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them with your next reply.


Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :thumbsup:
  • 0

#3
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP