Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

First timer - OTL


  • Please log in to reply

#1
ngungo

ngungo

    New Member

  • Member
  • Pip
  • 6 posts
Dear supports,

I used to utilize combination of Malwarebytes, SuperAntiSpyware and HijackThis to maintain my computer. Now I've just learned that there are new and far better tool OTL so I would like to give it a try.

Here is the OTL log. There isn't any extra log. I don't know why. Please help!

OTL logfile created on: 10/13/2012 11:54:21 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\THANH.THANH-MINI1011\Desktop\Anti-Virus
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.36 Mb Total Physical Memory | 357.68 Mb Available Physical Memory | 35.26% Memory free
2.38 Gb Paging File | 1.72 Gb Available in Paging File | 72.14% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.98 Gb Total Space | 7.28 Gb Free Space | 7.14% Space Free | Partition Type: NTFS

Computer Name: THANH-MINI1011 | User Name: THANH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/13 09:47:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\THANH.THANH-MINI1011\Desktop\Anti-Virus\OTL.exe
PRC - [2012/10/10 05:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/02/18 16:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/07/22 12:22:54 | 000,623,984 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2009/06/05 11:32:34 | 000,617,984 | R--- | M] () -- C:\Program Files\Dell\Dell WWAN\WMCore\WMCore.exe
PRC - [2009/02/23 09:03:06 | 000,320,808 | ---- | M] (Compal Electronics, Inc) -- C:\Program Files\CapsLKNotify\CapsLKNotify.exe
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/16 06:18:52 | 000,180,224 | ---- | M] () -- C:\Program Files\UniKey\UniKey.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/10 05:06:15 | 000,460,312 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 05:06:13 | 012,435,992 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 05:06:12 | 004,005,912 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 05:04:44 | 000,156,712 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 05:04:43 | 000,275,496 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 05:04:42 | 002,168,360 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/06/18 10:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2011/03/30 13:29:38 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2009/06/05 11:32:34 | 000,617,984 | R--- | M] () -- C:\Program Files\Dell\Dell WWAN\WMCore\WMCore.exe
MOD - [2009/03/25 23:08:52 | 000,058,880 | R--- | M] () -- C:\Program Files\Dell\Dell WWAN\WMCore\MBMDebug.dll
MOD - [2009/02/04 17:30:42 | 000,577,536 | ---- | M] () -- C:\WINDOWS\system32\EMSC.dll
MOD - [2008/11/26 13:39:24 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008/11/26 13:39:16 | 000,753,664 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008/04/14 02:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 02:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005/08/16 06:18:52 | 000,180,224 | ---- | M] () -- C:\Program Files\UniKey\UniKey.exe
MOD - [2005/08/16 06:15:09 | 000,061,440 | ---- | M] () -- C:\Program Files\UniKey\UKHook35.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/08 17:13:15 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/11 20:53:52 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/03/05 13:15:59 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/05 11:32:34 | 000,617,984 | R--- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell WWAN\WMCore\WMCore.exe -- (WMCoreService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2010/04/30 17:09:44 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/04/30 17:09:22 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/09/01 18:05:42 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Afx.sys -- (OA012Afx)
DRV - [2009/09/01 18:05:04 | 000,272,256 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Vid.sys -- (OA012Vid)
DRV - [2009/09/01 18:04:06 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA012Ufd.sys -- (OA012Ufd)
DRV - [2009/02/24 18:49:00 | 005,032,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009/01/22 18:25:26 | 000,120,064 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/11/26 13:39:24 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/11/04 22:24:58 | 000,014,248 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EMSC.sys -- (EMSC)
DRV - [2008/08/05 22:10:00 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2006/01/04 17:41:00 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantas...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://bookmarkr.us/
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1F 40 24 C7 6B D8 CB 01 [binary data]
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://bookmarkr.us/ngungo/
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000265e3a0cbd
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.oovoostar...=201&country=US
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\..\SearchScopes\{542D21A5-B996-4876-8A25-926223A3C51A}: "URL" = http://search.yahoo....f-8&fr=chr-atty
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\..\SearchScopes\{6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantas...q={searchTerms}
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://bookmarkr.us"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.2.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..keyword.URL: "http://search.fantas...id=453&sr=0&q="
FF - prefs.js..network.proxy.ftp: "proxy.squabbel.com"
FF - prefs.js..network.proxy.ftp_port: 19600
FF - prefs.js..network.proxy.http: "proxy.squabbel.com"
FF - prefs.js..network.proxy.http_port: 19600
FF - prefs.js..network.proxy.no_proxies_on: "www.seo-proxies.com,www.www.seo-proxies.com,www.seo-proxies.com,cnd.squabbel.com"
FF - prefs.js..network.proxy.ssl: "proxy.squabbel.com"
FF - prefs.js..network.proxy.ssl_port: 19600
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/11 20:53:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/11 20:53:44 | 000,000,000 | ---D | M]

[2012/09/16 23:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\Extensions
[2012/10/05 21:54:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\Firefox\Profiles\gj0miju5.default\extensions
[2012/08/02 19:04:16 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\Firefox\Profiles\gj0miju5.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/08/20 17:37:37 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\Firefox\Profiles\gj0miju5.default\extensions\[email protected]
[2012/03/12 03:14:38 | 000,073,989 | ---- | M] () (No name found) -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\Firefox\Profiles\gj0miju5.default\extensions\[email protected]
[2011/12/16 19:41:10 | 000,011,558 | ---- | M] () (No name found) -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\Firefox\Profiles\gj0miju5.default\extensions\[email protected]
[2012/09/03 16:52:44 | 001,625,368 | ---- | M] () (No name found) -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\Firefox\Profiles\gj0miju5.default\extensions\[email protected]
[2012/04/14 12:21:16 | 000,084,034 | ---- | M] () (No name found) -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\Firefox\Profiles\gj0miju5.default\extensions\[email protected]
[2012/10/05 21:54:56 | 000,251,282 | ---- | M] () (No name found) -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\Firefox\Profiles\gj0miju5.default\extensions\[email protected]
[2012/08/22 08:31:27 | 000,341,143 | ---- | M] () (No name found) -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\Firefox\Profiles\gj0miju5.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2011/03/05 15:18:00 | 000,002,014 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\Firefox\Profiles\gj0miju5.default\searchplugins\bing-zugo.xml
[2012/09/16 22:56:34 | 000,002,522 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\Firefox\Profiles\gj0miju5.default\searchplugins\Search_Results.xml
[2012/09/23 08:04:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/11 20:53:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/09/23 08:04:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/09/11 20:53:52 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/20 17:37:18 | 000,002,287 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/08/31 08:33:05 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/16 22:56:34 | 000,002,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/31 08:33:05 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://bookmarkr.us/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://bookmarkr.us/
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16241 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Web Developer = C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Google Search = C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Finance = C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp\1.1_0\
CHR - Extension: Eye Dropper = C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.2.6_0\
CHR - Extension: Gmail = C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/13 08:49:15 | 000,000,995 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 8.17.168.121 pictotrade.com
O1 - Hosts: 165.225.131.53 congdantot.com
O1 - Hosts: 165.225.131.53 weborne.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKU\S-1-5-21-1645522239-1454471165-515967899-1004..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-1645522239-1454471165-515967899-1004..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1645522239-1454471165-515967899-1004..\Run: [UniKey] C:\Program Files\UniKey\UniKey.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1645522239-1454471165-515967899-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1299026551609 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1299026681812 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E825788D-9C8E-497C-90FF-1FA5F6ADF34E}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 20:45:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8428a13c-4413-11e0-887f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8428a13c-4413-11e0-887f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8428a13c-4413-11e0-887f-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/23 12:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\THANH.THANH-MINI1011\Start Menu\Programs\HiJackThis
[2012/09/23 11:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Desktop
[2012/09/23 08:04:52 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/09/23 08:04:52 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/09/23 08:04:52 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/09/16 22:56:33 | 000,000,000 | ---D | C] -- C:\Program Files\FantastiGames Toolbar
[2012/09/16 22:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\w3itemplate
[2009/09/04 09:23:32 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Program Files\putty.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/13 11:46:01 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1454471165-515967899-1004UA.job
[2012/10/13 11:12:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/13 09:45:19 | 000,473,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/13 09:45:19 | 000,076,382 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/13 09:41:13 | 001,578,256 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/10/13 09:41:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/12 17:46:00 | 000,000,956 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1454471165-515967899-1004Core.job
[2012/10/12 10:37:16 | 000,032,945 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Desktop\20121012UPRO.jpg
[2012/10/11 16:43:56 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\PUTTY.RND
[2012/10/10 19:51:13 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/10 16:32:42 | 000,034,315 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Desktop\20121010UPROa.jpg
[2012/10/10 09:07:53 | 000,034,039 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Desktop\20121010UPRO.jpg
[2012/10/10 03:01:24 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/08 17:13:14 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/08 17:13:13 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/05 11:32:11 | 000,000,063 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Desktop\quotes.csv
[2012/09/25 17:06:14 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/12 10:37:16 | 000,032,945 | ---- | C] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Desktop\20121012UPRO.jpg
[2012/10/10 16:32:42 | 000,034,315 | ---- | C] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Desktop\20121010UPROa.jpg
[2012/10/10 09:07:53 | 000,034,039 | ---- | C] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Desktop\20121010UPRO.jpg
[2012/10/05 11:32:09 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Desktop\quotes.csv
[2012/02/14 21:07:09 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/28 23:38:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/11 08:25:42 | 000,056,500 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/29 15:16:23 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\PUTTY.RND
[2011/03/04 19:35:06 | 000,055,808 | ---- | C] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/04 07:57:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\PUTTY.RND
[2011/03/01 21:22:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/01 18:38:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011/03/01 18:17:11 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2011/03/01 18:17:10 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2011/03/01 18:17:10 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2011/03/01 18:00:51 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2011/03/01 18:00:51 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2011/03/01 17:53:43 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\EMSC.dll
[2011/03/01 17:27:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/01 17:18:02 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/01 10:06:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/01 10:04:52 | 001,578,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2011/04/10 13:50:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/12/20 17:15:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/02/03 15:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2009/08/24 18:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2010/11/24 16:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/08/24 18:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32
[2009/08/24 18:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
[2009/08/24 18:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP32
[2011/08/20 17:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
[2012/09/16 22:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\boost_interprocess
[2011/03/01 17:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Vista32
[2011/03/01 17:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Vista64
[2011/03/01 17:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Win732
[2011/03/01 17:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Win764
[2011/03/01 17:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\XP32
[2011/08/20 18:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/24 18:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2010/09/29 05:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Foxit Software
[2011/08/20 17:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Babylon
[2012/10/12 10:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\FileZilla
[2011/07/04 23:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\GSplit
[2011/04/15 19:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\JGsoft
[2011/03/03 11:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Notepad++
[2012/06/06 14:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\NppToR
[2011/08/20 08:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\ooVoo Details
[2011/04/15 21:22:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\OpenOffice.org
[2011/06/21 12:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Philipp Winterberg
[2012/06/07 16:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\RStudio
[2011/04/10 13:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\Spacejock Software
[2011/05/10 14:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\temp
[2012/09/16 22:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\THANH.THANH-MINI1011\Application Data\w3itemplate

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
A belated welcome to G2G ngungo,

Sorry, but a busy place. The log shows a bit of adware/search hijacker activity. Let's get some other scan checks then start some repairs.

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please. That will suffice for the missing Extras.txt log.

-----------

To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


A lot, but comprehensive, and will make sure we get a good view of everything.
  • 0

#3
ngungo

ngungo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Sorry, but a busy place. The log shows a bit of adware/search hijacker activity. Let's get some other scan checks then start some repairs.

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please. That will suffice for the missing Extras.txt log.


Thanks for the response. :)
Here's the content of Hijackthis's unstall_list:



Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader X (10.1.4)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Battery Meter
CapsLKNotify
Dell 5530 Wireless Broadband Package
Dell Resource CD
Dell Touchpad
Dell Wireless 5540 HSPA Mini-Card Drivers
Dell Wireless WLAN Card Utility
EMSC
FileZilla Client 3.5.3
FreeMind
Google Talk Plugin
GSplit 3
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Integrated Webcam Driver (1.05.01.0820)
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 22
Java™ 6 Update 37
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
Notepad++
OpenOffice.org 3.4.1
PDF Settings
R for Windows 2.15.0
RarZilla Free Unrar
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RStudio
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
UniKey 3.63
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 2.0.2
Windows Internet Explorer 8
WinMerge 2.12.4
yWriter5
  • 0

#4
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Good, but if you check back there were two other scans I need to check, please.
  • 0

#5
ngungo

ngungo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
:) I know but it took too long to finish. Here, it is, and one more to go.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-20 21:05:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9120817AS rev.3.ADB
Running: oq0vrths.exe; Driver: C:\DOCUME~1\THANH~2.THA\LOCALS~1\Temp\kfdiypow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA9332320]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\Drivers\OA012Afx.sys entry point in "init" section [0xA94B3D50]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 94, C1, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 97, C1, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 94, C1, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 95, C1, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9197AE
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 96, C1, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 95, C1, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 96, C1, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91981F
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 94, C1, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91994D
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 95, C1, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 96, C1, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 97, C1, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F4, 1D, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F7, 1D, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F4, 1D, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F5, 1D, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F40E
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F6, 1D, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F5, 1D, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F6, 1D, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F47F
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F4, 1D, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F5AD
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F5, 1D, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F6, 1D, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F7, 1D, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 9C, C9, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 9F, C9, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 9C, C9, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 9D, C9, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B919FB6
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 9E, C9, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 9D, C9, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 9E, C9, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A027
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 9C, C9, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A155
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 9D, C9, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 9E, C9, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 9F, C9, 00]
.text C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00D80010
IAT C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3756] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00330010
IAT C:\Documents and Settings\THANH.THANH-MINI1011\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4024] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00E00010

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \FileSystem\Fastfat \Fat A7C81D20

---- EOF - GMER 1.0.15 ----
  • 0

#6
ngungo

ngungo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Download aswMBR ( 511KB ) to your desktop.
Double click the aswMBR.exe icon to run it
If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
If avast! antivirus is already installed, just do the next step.
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

I finished all these steps.
The windows seemed stop doing anything. I shut it down then it came up with a blue screen. I forced shut down by push and the power on/off button then restarted it again. It came up to the Windows XP screen and stay there.

I think it need to reinstall the windows. My computer is a netbook without CD drive. What can I do?
  • 0

#7
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Actually that's a tough one, since you need to create a bootable USB drive with your operating system on it. Very doable though.

I assume http://hjt.iamnotage...g-1024121.html' class='bbc_url' title='External link' rel='nofollow external'>this is yours.

Bad advice on an almost always innocent ctfmon startup, and rotten advice on saying most of the startups can be removed. I would suggest avoiding that site's analysis tool (those analyzer are really not to be relied on for anything, anyway).

--------

But there are certainly more areas for us to work through here before you opt to reinstall.

First, reboot to Safe Mode, where the malware and other functions is less active. At startup tap the F8 key about once per half-second, then select Safe Mode with Networking from the menu that will appear.

--------

Navigate (right click My Computer, left click Explore) to the following folder:

c:\windows\minidump

And if one is there, locate in it any recent minidump(date-somenumber).dmp files created, where "date-somenumber" matches dates of any recent crashes there. If they exist, then just zip a copy of it, and send it to jintan AT malwarecrypt.com as an attachment. Please place "Submitted Files - ngungo/gtg/dmp" as the email Subject.

---------

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
  • 0

#8
ngungo

ngungo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I just bought a CD drive. I booted the Dell Mini up from the original reinstall CD and use option repair. I then booted up from the hard drive again. It was up but it took very long time, 5 minutes at least. It is up now and I am carefully backing up all the data files now to a portable hard drive.

My next task is probably making a bootable USB drive (flash drive) with operating system. Can you give me a reference that shows how to do it?

Thanks,
ngungo
  • 0

#9
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
I can walk you through the usb setup, but are you certain you want to go that route? We really can help correct things to avoid such drastic measures. A Repair Install only basically redoes Windows, so would have little effect on non-Windows drivers and software.
  • 0

#10
ngungo

ngungo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Jintan,

1. :) Bootable USB drive: I thought you introduced that idea to me and I like the idea.

Actually that's a tough one, since you need to create a bootable USB drive with your operating system on it. Very doable though.


2. I finally fixed the windows XP. The netbook is now more responsive. Should I redo the whole exercise again from the begining of OTL?

Thanks,
ngungo
  • 0

#11
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Not sure what you meant by fixed, but either way, good for you, and yes, let's see what is there now, just to be sure.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP