Need Help with Windows XP Security 2012 Virus

JohnNgSF · #1 August 4th, 2011, 05:13 PM

My ASUS 1005 HA netbook got infected with some rogue XP Security malware. It turned off my Firewall and Antivirus program and kept sending up pop-ups claiming I was infected and needed to purchase this product in order to get rid of the stuff. I have read some stuff on google and have tried to disinfect my netbook.

So far, I used Malwarebytes' Anti-Malware to remove it. It caught some files and deleted them.

My Firewall is back on. But it has disabled the Automatic updates.

I have used the following anti-virus in the safe mode. All are showing clean so far. But the netbook is still erratic.

Malwarebytes Anti-Malware
AVG Free
Search and Destroy
Ad-Adware Free

My netbook is:
ASUS 1005 HA
Windows XP, SP3
2 GB Ram
250 GB HD, partitioned into two drives

My last visit here was in 2007 and AnnMarie was most helpful. Any information or help would be appreciated. Thanks in advance for your time and help.

**Jintan** · #2 August 5th, 2011, 02:38 AM

Hello JohnNgSF,

Let's take a look. If you have installed/used Alcohol and/or Daemon Tools there, post back here before doing the following, for some added steps.

If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

------------------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.

Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
Decline a download of avast itself if offered
If avast! antivirus is already installed, go to the dropdown next to AV engine: and select (none)
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

A lot, but comprehensive, and will make sure we get a good view of everything.

JohnNgSF · #3 August 5th, 2011, 06:03 AM

Thank you Jintan for your assistance.

OTL logfile created on: 8/4/2011 9:32:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Ng\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.33% Memory free
3.33 Gb Paging File | 2.64 Gb Available in Paging File | 79.22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.06 Gb Total Space | 41.54 Gb Free Space | 57.65% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 71.88 Gb Free Space | 99.76% Space Free | Partition Type: NTFS

Computer Name: NGNETBOOK | User Name: John Ng | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/04 20:30:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Ng\My Documents\Downloads\OTL.exe
PRC - [2011/07/08 07:55:36 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/11/25 10:15:06 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/16 21:27:25 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/16 21:27:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/25 14:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/03/25 07:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/20 10:06:08 | 000,302,080 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Program Files\Privoxy\privoxy.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/12/02 18:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

========== Modules (SafeList) ==========

MOD - [2011/08/04 20:30:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Ng\My Documents\Downloads\OTL.exe
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/07/18 17:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/08 07:55:36 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [On_Demand | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/28 04:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/21 01:35:17 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/16 21:27:21 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/04 10:23:05 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/25 14:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/20 10:06:08 | 000,302,080 | ---- | M] (The Privoxy team - www.privoxy.org) [Auto | Running] -- C:\Program Files\Privoxy\privoxy.exe -- (privoxy)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/07/09 14:01:02 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/07/08 07:55:36 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/02/04 07:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/12/03 02:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/07/16 21:27:14 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 00:35:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 09:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/04/20 07:38:18 | 000,232,872 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386. sys -- (SRS_PremiumSound_Service)
DRV - [2009/03/30 02:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/03/13 20:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/01 22:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/02/06 15:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/02/02 13:22:44 | 000,005,120 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Parental Control\bin\policyappblock.sys -- (policyappblockservice)
DRV - [2008/11/18 18:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf)
DRV - [2008/08/19 07:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/19 07:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/07/24 02:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/05/29 20:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/04/08 12:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2008/03/10 03:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 02:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/06/10 09:39:20 | 001,694,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb)
DRV - [2005/04/20 09:44:08 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/04/20 09:44:06 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=1587&gct=hp
IE - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={s earchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6102
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.6518
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.4.0.76
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\John Ng\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\John Ng\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.d ll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\John Ng\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\John Ng\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/25 10:16:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/07/09 14:01:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 09:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 09:17:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\moveplayer@movenetworks.com: C:\Documents and Settings\John Ng\Application Data\Move Networks [2009/11/14 15:06:47 | 000,000,000 | ---D | M]

[2009/08/03 21:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Extensions
[2009/08/03 21:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/08/02 00:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions
[2010/04/27 23:56:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/25 08:53:47 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/06/25 09:26:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/02/04 00:07:16 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2010/04/28 00:14:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/08/02 00:31:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/06/25 08:53:44 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2011/04/27 23:51:42 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011/04/28 00:03:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\engine@conduit.com
[2009/08/03 18:55:09 | 000,004,212 | ---- | M] () -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\sea rchplugins\aim-search.xml
[2009/09/13 10:22:37 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\sea rchplugins\aol-search.xml
[2011/07/24 08:09:16 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\sea rchplugins\askcom.xml
[2011/04/27 15:34:06 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\sea rchplugins\conduit.xml
[2011/03/24 06:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/08/03 21:07:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/25 09:25:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005..\Run: [Facebook Update] C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk = C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\John Ng\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/soft...01/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...5116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/29 04:07:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{efca04e8-00e7-11df-8910-002243deae35}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/04 02:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application DataMicrosoft
[2011/08/04 01:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Provisioning
[2011/08/03 23:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\SUPERAntiSpyware.com
[2011/08/03 23:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2011/08/03 23:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/03 23:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/03 23:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/02 23:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\Malwarebytes
[2011/08/02 23:27:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/02 23:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/02 23:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/02 23:27:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/02 23:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/02 23:17:19 | 009,545,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Ng\Desktop\mbam-setup.exe
[2011/08/02 06:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\Zoyjq
[2011/08/02 06:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\Esemn
[2011/08/02 06:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\Qixu
[2011/08/02 06:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\Lyqip
[2011/08/02 06:19:33 | 000,000,000 | ---D | C] -- C:\Adobe
[2011/08/02 06:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/08/02 00:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/02 00:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/25 00:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\PriceGong
[2011/07/07 22:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook
[2010/08/12 22:43:01 | 000,059,392 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/04 21:41:49 | 000,000,312 | RHS- | M] () -- C:\WINDOWS\tasks\UDZUDOB.job
[2011/08/04 21:41:48 | 000,064,512 | RHS- | M] () -- C:\WINDOWS\System32\mswsockj.dll
[2011/08/04 21:40:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/04 21:31:43 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/08/04 21:26:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/04 21:25:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/04 21:05:04 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job
[2011/08/04 21:04:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job
[2011/08/03 23:16:06 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/03 23:02:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\prvlcl.dat
[2011/08/03 22:39:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/08/03 22:23:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006UA.job
[2011/08/03 22:23:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006Core.job
[2011/08/03 22:04:02 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job
[2011/08/03 20:12:25 | 083,077,644 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/08/03 19:21:13 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/08/03 19:21:13 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/08/03 06:05:10 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job
[2011/08/02 23:27:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 23:17:15 | 000,000,399 | ---- | M] () -- C:\Documents and Settings\John Ng\Desktop\Shortcut to iExplore.lnk
[2011/08/02 20:48:36 | 000,012,222 | -HS- | M] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\dc67758srs7871g6vj6sykff42x0f
[2011/08/02 20:48:36 | 000,012,222 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\dc67758srs7871g6vj6sykff42x0f
[2011/08/02 20:23:43 | 000,001,822 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3692677265
[2011/08/02 20:23:43 | 000,001,822 | -HS- | M] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\2416377464
[2011/08/02 20:17:07 | 000,012,294 | -HS- | M] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\3692677265
[2011/08/02 20:17:05 | 000,012,250 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2416377464
[2011/07/31 21:00:32 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Ng\Desktop\mbam-setup.exe
[2011/07/31 20:54:24 | 001,008,041 | ---- | M] () -- C:\Documents and Settings\John Ng\Desktop\rkill.com
[2011/07/31 20:37:40 | 000,001,134 | ---- | M] () -- C:\Documents and Settings\John Ng\Desktop\FixNCR.reg
[2011/07/25 06:01:35 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/23 11:59:39 | 000,001,069 | ---- | M] () -- C:\Documents and Settings\John Ng\Desktop\Free YouTube to MP3 Converter.lnk
[2011/07/15 00:48:25 | 000,002,280 | ---- | M] () -- C:\Documents and Settings\John Ng\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/07/15 00:48:24 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\John Ng\Desktop\Google Chrome.lnk
[2011/07/13 06:00:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/10 10:23:12 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/09 14:01:02 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/07/08 07:55:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/08 07:55:36 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/03 23:16:06 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/02 23:27:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/02 23:17:42 | 001,008,041 | ---- | C] () -- C:\Documents and Settings\John Ng\Desktop\rkill.com
[2011/08/02 23:17:14 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\John Ng\Desktop\Shortcut to iExplore.lnk
[2011/08/02 23:16:56 | 000,001,134 | ---- | C] () -- C:\Documents and Settings\John Ng\Desktop\FixNCR.reg
[2011/08/02 20:14:48 | 000,012,294 | -HS- | C] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\3692677265
[2011/08/02 20:14:40 | 000,012,250 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2416377464
[2011/08/02 20:14:40 | 000,012,222 | -HS- | C] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\dc67758srs7871g6vj6sykff42x0f
[2011/08/02 20:14:40 | 000,001,822 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3692677265
[2011/08/02 20:14:40 | 000,001,822 | -HS- | C] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\2416377464
[2011/08/02 20:14:11 | 000,012,222 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dc67758srs7871g6vj6sykff42x0f
[2011/08/02 00:24:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/23 11:59:39 | 000,001,069 | ---- | C] () -- C:\Documents and Settings\John Ng\Desktop\Free YouTube to MP3 Converter.lnk
[2011/07/07 22:29:50 | 000,001,006 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job
[2011/07/07 22:29:50 | 000,000,984 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job
[2011/07/06 22:18:38 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006UA.job
[2011/07/06 22:18:38 | 000,000,976 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006Core.job
[2011/07/03 21:58:34 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2011/04/21 00:32:02 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/21 00:32:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/08/14 13:43:23 | 000,110,415 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2010/08/14 13:43:23 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2010/08/14 13:37:48 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010/08/12 22:44:14 | 001,509,416 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/12 22:43:00 | 000,012,043 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI
[2010/07/08 20:03:53 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/06/21 21:48:36 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/01/25 21:21:01 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/01/14 01:53:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Ng\Application Data\wklnhst.dat
[2009/12/31 15:35:42 | 000,117,144 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2009/12/31 15:35:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/12/01 07:50:19 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 01:31:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\prvlcl.dat
[2009/09/13 10:20:29 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/09/12 16:59:57 | 000,076,888 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/03 18:44:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/30 18:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/05/22 14:25:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe
[2009/05/22 14:25:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe
[2009/05/08 03:46:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/07 19:35:29 | 000,232,872 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386. sys
[2009/05/07 18:24:26 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/05/07 18:24:26 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/05/07 18:19:08 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2009/05/07 18:19:08 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2009/05/07 07:12:50 | 000,013,650 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/05/07 07:11:37 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/04/29 04:09:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/04/29 04:05:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/04/29 03:54:29 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/29 03:54:17 | 000,457,626 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/29 03:54:17 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/04/29 03:54:17 | 000,076,382 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/29 03:54:17 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/04/29 03:54:17 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/04/29 03:54:15 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/04/29 03:54:15 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/04/29 03:54:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/04/29 03:54:13 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/04/29 03:54:13 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/04/29 03:54:11 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/04/29 03:54:09 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/04/28 21:01:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/28 21:00:40 | 000,341,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/05 12:04:50 | 000,479,744 | ---- | C] () -- C:\WINDOWS\System32\PolicyLSP.dll
[2009/02/25 23:50:32 | 000,000,176 | ---- | C] () -- C:\WINDOWS\explorer.exe.config
[2008/09/02 04:25:26 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.b in
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2001/11/14 10:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

< End of report >

JohnNgSF · #4 August 5th, 2011, 06:29 AM

OTL Extras logfile created on: 8/4/2011 9:32:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Ng\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.33% Memory free
3.33 Gb Paging File | 2.64 Gb Available in Paging File | 79.22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 72.06 Gb Total Space | 41.54 Gb Free Space | 57.65% Space Free | Partition Type: NTFS
Drive D: | 72.05 Gb Total Space | 71.88 Gb Free Space | 99.76% Space Free | Partition Type: NTFS

Computer Name: NGNETBOOK | User Name: John Ng | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2481989111-2461257284-2038209094-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1249367258\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1249367258\ee\aolsoftware.exe:*:Enabled: AOL Shared Components -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1249367258\ee\AOLDesktop.exe" = C:\Program Files\Common Files\AOL\1249367258\ee\AOLDesktop.exe:*:Enabled:A OL Desktop -- (AOL LLC)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealP layer -- (RealNetworks, Inc.)
"C:\Documents and Settings\John Ng\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape. exe" = C:\Documents and Settings\John Ng\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...bled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microso ft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Documents and Settings\Bunky\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe " = C:\Documents and Settings\Bunky\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe :*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe " = C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe :*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 14
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{64C118AC-FA2A-4E9C-A76E-DC22CA4FC20D}" = Voice Command EN Trial Version
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C61886F-D069-46EF-A58A-76B17415D0B0}" = Facebook Video Calling 1.0.0.7153
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9BDA46B-2E17-4F43-9D7A-9B1E09A0A4D8}" = Data Sync
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{ECC524E3-FB9A-440A-810A-66A2476B5106}" = Facebook Video Calling 1.0.0.7777
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Amazon Kindle For PC" = Amazon Kindle For PC v1.0
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"AOL Regclient" = AOL Registration
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Asus Vibe2.0" = AsusVibe2.0
"AsusVibeCheckUpdate_is1" = AsusVibeCheckUpdate
"AVG9Uninstall" = AVG Free 9.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"Device Control" = Device Control
"EAX" = Creative EAX Console
"Eee Docking_is1" = Eee Docking 1.3.1.0
"Eee Storage" = Eee Storage
"EeePC1005HA" = EeePC1005HA Screen Saver
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.22.602
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GoToAssist" = GoToAssist Corporate
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
"InstallShield_{64C118AC-FA2A-4E9C-A76E-DC22CA4FC20D}" = Voice Command EN Trial Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Parental Control" = Parental Control
"pdfsam" = pdfsam
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"Privoxy" = Privoxy (remove only)
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Thoosje Vista Sidebar" = Thoosje Vista Sidebar
"ULTIMATER" = Microsoft Office Ultimate 2007
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2481989111-2461257284-2038209094-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/3/2011 10:21:27 PM | Computer Name = NGNETBOOK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 8/4/2011 1:29:14 AM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CA3AFBCF1240364B44B216208880483919937CF7.crt>
with error: The connection with the server was terminated abnormally

Error - 8/4/2011 1:29:14 AM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CA3AFBCF1240364B44B216208880483919937CF7.crt>
with error: This network connection does not exist.

Error - 8/4/2011 1:30:54 AM | Computer Name = NGNETBOOK | Source = Application Hang | ID = 1002
Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2011 2:15:46 AM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>
with error: The connection with the server was terminated abnormally

Error - 8/4/2011 2:15:47 AM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt>
with error: This network connection does not exist.

Error - 8/4/2011 11:37:59 PM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: The connection with the server was terminated abnormally

Error - 8/4/2011 11:37:59 PM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

Error - 8/5/2011 12:07:01 AM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: The connection with the server was terminated abnormally

Error - 8/5/2011 12:07:01 AM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt>
with error: This network connection does not exist.

[ OSession Events ]
Error - 2/21/2011 10:02:45 PM | Computer Name = NGNETBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19521
seconds with 1020 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/4/2011 11:18:52 PM | Computer Name = NGNETBOOK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

JohnNgSF · #5 August 5th, 2011, 06:55 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-04 22:49:56
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.FB2O
Running: 5q045wj3.exe; Driver: C:\DOCUME~1\JOHNNG~1\LOCALS~1\Temp\fwryypow.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[552] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BD000C
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B1000A
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B2000A
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006F000C
.text C:\WINDOWS\system32\SearchIndexer.exe[2244] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

JohnNgSF · #6 August 5th, 2011, 06:56 AM

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-04 22:52:36
-----------------------------
22:52:36.843 OS Version: Windows 5.1.2600 Service Pack 3
22:52:36.843 Number of processors: 2 586 0x1C02
22:52:36.843 ComputerName: NGNETBOOK UserName: John Ng
22:52:37.500 Initialize success
22:53:38.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:53:38.328 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
22:53:38.343 Disk 0 MBR read successfully
22:53:38.343 Disk 0 MBR scan
22:53:38.359 Disk 0 TDL4@MBR code has been found
22:53:38.359 Disk 0 Windows XP default MBR code found via API
22:53:38.375 Disk 0 MBR hidden
22:53:38.375 Disk 0 MBR [TDL4] **ROOTKIT**
22:53:38.390 Disk 0 trace - called modules:
22:53:38.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89cb14d0]<<
22:53:38.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a652030]
22:53:38.421 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a66a320]
22:53:38.437 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a649028]
22:53:38.453 \Driver\iaStor[0x8a659500] -> IRP_MJ_CREATE -> 0x89cb14d0
22:53:38.468 Scan finished successfully
22:54:00.078 Disk 0 MBR has been saved successfully to "E:\Virus Removal\MBR.dat"
22:54:00.125 The log file has been saved successfully to "E:\Virus Removal\aswMBR.txt"

**Jintan** · #7 August 6th, 2011, 01:25 AM

I reckon that rootkit diagnosis is pretty obvious there. Let's see to that.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please.

-----------

Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

-----------

Run a scan with aswMBR again, and post those three logs please.

JohnNgSF · #8 August 6th, 2011, 09:26 AM

Thank you Jintan for your assistance on this.

2011/08/05 20:37:25.0453 1432 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/05 20:37:25.0828 1432 ================================================== ==============================
2011/08/05 20:37:25.0828 1432 SystemInfo:
2011/08/05 20:37:25.0828 1432
2011/08/05 20:37:25.0828 1432 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/05 20:37:25.0828 1432 Product type: Workstation
2011/08/05 20:37:25.0828 1432 ComputerName: NGNETBOOK
2011/08/05 20:37:25.0828 1432 UserName: Administrator
2011/08/05 20:37:25.0828 1432 Windows directory: C:\WINDOWS
2011/08/05 20:37:25.0828 1432 System windows directory: C:\WINDOWS
2011/08/05 20:37:25.0828 1432 Processor architecture: Intel x86
2011/08/05 20:37:25.0828 1432 Number of processors: 2
2011/08/05 20:37:25.0828 1432 Page size: 0x1000
2011/08/05 20:37:25.0828 1432 Boot type: Safe boot with network
2011/08/05 20:37:25.0828 1432 ================================================== ==============================
2011/08/05 20:37:26.0312 1432 Initialize success
2011/08/05 20:37:28.0343 0672 ================================================== ==============================
2011/08/05 20:37:28.0343 0672 Scan started
2011/08/05 20:37:28.0343 0672 Mode: Manual;
2011/08/05 20:37:28.0343 0672 ================================================== ==============================
2011/08/05 20:37:29.0187 0672 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/05 20:37:29.0250 0672 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/05 20:37:29.0390 0672 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/05 20:37:29.0468 0672 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/05 20:37:29.0875 0672 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
2011/08/05 20:37:30.0156 0672 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/08/05 20:37:30.0515 0672 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
2011/08/05 20:37:30.0593 0672 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/05 20:37:30.0671 0672 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/05 20:37:30.0812 0672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/05 20:37:30.0890 0672 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/05 20:37:31.0031 0672 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/08/05 20:37:31.0093 0672 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/08/05 20:37:31.0171 0672 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/08/05 20:37:31.0312 0672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/05 20:37:31.0484 0672 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
2011/08/05 20:37:31.0609 0672 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/08/05 20:37:31.0718 0672 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/08/05 20:37:31.0859 0672 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/08/05 20:37:31.0921 0672 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/08/05 20:37:31.0968 0672 BTWUSB (2cfc2bd8785f82a42fcad83de1fa5a36) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/08/05 20:37:32.0062 0672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/05 20:37:32.0125 0672 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/05 20:37:32.0250 0672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/05 20:37:32.0390 0672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/05 20:37:32.0453 0672 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/05 20:37:32.0640 0672 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/05 20:37:32.0765 0672 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/05 20:37:32.0984 0672 ctsfm2k (fbef0216316f09d13c84ff4fdf73864d) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/08/05 20:37:33.0234 0672 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/05 20:37:33.0359 0672 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/05 20:37:33.0484 0672 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/05 20:37:33.0546 0672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/05 20:37:33.0640 0672 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/05 20:37:33.0781 0672 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/05 20:37:33.0968 0672 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/05 20:37:34.0109 0672 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/05 20:37:34.0171 0672 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/05 20:37:34.0234 0672 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/05 20:37:34.0312 0672 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/05 20:37:34.0453 0672 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/08/05 20:37:34.0546 0672 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/05 20:37:34.0625 0672 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/05 20:37:34.0687 0672 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/05 20:37:34.0828 0672 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/05 20:37:34.0890 0672 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/05 20:37:35.0031 0672 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/05 20:37:35.0187 0672 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/05 20:37:35.0250 0672 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/05 20:37:35.0328 0672 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/05 20:37:35.0421 0672 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/05 20:37:35.0640 0672 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/05 20:37:35.0906 0672 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/08/05 20:37:36.0187 0672 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys
2011/08/05 20:37:36.0281 0672 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/05 20:37:36.0640 0672 IntcAzAudAddService (1ae3cff80017ef89da959350724c7194) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/05 20:37:36.0937 0672 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/05 20:37:36.0984 0672 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/05 20:37:37.0046 0672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/05 20:37:37.0109 0672 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/05 20:37:37.0187 0672 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/05 20:37:37.0281 0672 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/05 20:37:37.0375 0672 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/05 20:37:37.0468 0672 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/05 20:37:37.0562 0672 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/05 20:37:37.0640 0672 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/05 20:37:37.0765 0672 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/05 20:37:37.0828 0672 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
2011/08/05 20:37:38.0046 0672 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2011/08/05 20:37:38.0156 0672 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2011/08/05 20:37:38.0234 0672 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/08/05 20:37:38.0390 0672 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/08/05 20:37:38.0515 0672 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/08/05 20:37:38.0578 0672 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/05 20:37:38.0750 0672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/05 20:37:38.0859 0672 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/05 20:37:38.0953 0672 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
2011/08/05 20:37:39.0093 0672 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/05 20:37:39.0156 0672 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/05 20:37:39.0250 0672 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/05 20:37:39.0359 0672 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/05 20:37:39.0500 0672 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/05 20:37:39.0609 0672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/05 20:37:39.0703 0672 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/05 20:37:39.0750 0672 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/05 20:37:39.0828 0672 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/05 20:37:39.0921 0672 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/05 20:37:39.0968 0672 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/05 20:37:40.0046 0672 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/05 20:37:40.0156 0672 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/05 20:37:40.0265 0672 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/05 20:37:40.0343 0672 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/05 20:37:40.0468 0672 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/05 20:37:40.0546 0672 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/05 20:37:40.0593 0672 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/05 20:37:40.0671 0672 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/05 20:37:40.0734 0672 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/05 20:37:40.0859 0672 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/05 20:37:41.0046 0672 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/05 20:37:41.0140 0672 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/05 20:37:41.0281 0672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/05 20:37:41.0343 0672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/05 20:37:41.0453 0672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/05 20:37:41.0578 0672 ossrv (8db4e2019734038de358e0b01983bde4) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/08/05 20:37:41.0671 0672 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/05 20:37:41.0734 0672 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/05 20:37:41.0828 0672 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/05 20:37:41.0890 0672 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/05 20:37:42.0000 0672 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/05 20:37:42.0078 0672 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/05 20:37:42.0531 0672 PfModNT (0abc514f6606324ce15484d079027798) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/08/05 20:37:42.0703 0672 policyappblockservice (e36eda6bcc41378f3115a9ceee256c00) C:\Program Files\Parental Control\bin\policyappblock.sys
2011/08/05 20:37:42.0812 0672 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/05 20:37:42.0906 0672 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/05 20:37:42.0968 0672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/05 20:37:43.0328 0672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/05 20:37:43.0390 0672 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/05 20:37:43.0468 0672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/05 20:37:43.0531 0672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/05 20:37:43.0640 0672 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/05 20:37:43.0750 0672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/05 20:37:43.0859 0672 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/05 20:37:44.0015 0672 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/05 20:37:44.0156 0672 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/08/05 20:37:44.0203 0672 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/08/05 20:37:44.0265 0672 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/08/05 20:37:44.0468 0672 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/05 20:37:44.0531 0672 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/05 20:37:44.0687 0672 sbusb (ef30dd31f3a07a0f0a960703c2446865) C:\WINDOWS\system32\DRIVERS\sbusb.sys
2011/08/05 20:37:44.0921 0672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/05 20:37:45.0031 0672 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/05 20:37:45.0140 0672 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/05 20:37:45.0328 0672 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/05 20:37:45.0500 0672 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/05 20:37:45.0593 0672 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/05 20:37:45.0703 0672 SRS_PremiumSound_Service (0bd44aa4743a9dbd2c638d699a7fd438) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386. sys
2011/08/05 20:37:45.0843 0672 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/05 20:37:45.0984 0672 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/05 20:37:46.0046 0672 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/05 20:37:46.0109 0672 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/05 20:37:46.0453 0672 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/08/05 20:37:46.0531 0672 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/05 20:37:46.0671 0672 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/05 20:37:46.0781 0672 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/05 20:37:46.0843 0672 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/05 20:37:46.0921 0672 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/05 20:37:47.0109 0672 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/05 20:37:47.0250 0672 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/05 20:37:47.0406 0672 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/05 20:37:47.0468 0672 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/05 20:37:47.0546 0672 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/05 20:37:47.0656 0672 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/05 20:37:47.0718 0672 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/05 20:37:47.0796 0672 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/05 20:37:47.0859 0672 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/05 20:37:47.0984 0672 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/05 20:37:48.0062 0672 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/05 20:37:48.0140 0672 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/05 20:37:48.0203 0672 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys
2011/08/05 20:37:48.0296 0672 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/05 20:37:48.0453 0672 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/05 20:37:48.0578 0672 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/05 20:37:48.0640 0672 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/08/05 20:37:48.0765 0672 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/08/05 20:37:48.0953 0672 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/05 20:37:49.0375 0672 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/05 20:37:49.0437 0672 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/05 20:37:49.0515 0672 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/05 20:37:49.0734 0672 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/08/05 20:37:49.0765 0672 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/05 20:37:49.0796 0672 Boot (0x1200) (e51350cad4830473d54b3f99296ea2bf) \Device\Harddisk0\DR0\Partition0
2011/08/05 20:37:49.0875 0672 Boot (0x1200) (23d9801df2bad941df900c69868db793) \Device\Harddisk0\DR0\Partition1
2011/08/05 20:37:49.0906 0672 ================================================== ==============================
2011/08/05 20:37:49.0906 0672 Scan finished
2011/08/05 20:37:49.0906 0672 ================================================== ==============================
2011/08/05 20:37:49.0953 1448 Detected object count: 1
2011/08/05 20:37:49.0953 1448 Actual detected object count: 1
2011/08/05 20:38:13.0625 1448 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/05 20:38:13.0625 1448 \Device\Harddisk0\DR0 - ok
2011/08/05 20:38:13.0625 1448 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/05 20:39:07.0078 0512 Deinitialize success

JohnNgSF · #9 August 6th, 2011, 09:29 AM

ComboFix 11-08-05.03 - Administrator 08/05/2011 21:05:56.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1658 [GMT -7:00]
Running from: C:\Documents and Settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\John Ng\GoToAssistDownloadHelper.exe
C:\WINDOWS\system32\Thumbs.db
D:\install.exe

((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 )))))))))))))))))))))))))))))))

2011-08-05 07:52:17 . 2011-08-05 07:52:55 -------- d-----w- C:\Documents and Settings\Administrator
2011-08-05 04:41:48 . 2011-08-05 04:41:48 64512 --sha-r- C:\WINDOWS\system32\mswsockj.dll
2011-08-04 09:00:55 . 2011-08-04 09:00:55 -------- d-----w- C:\Documents and Settings\All Users\Application DataMicrosoft
2011-08-04 08:56:43 . 2011-08-04 08:56:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Provisioning
2011-08-04 06:16:06 . 2011-08-04 06:16:06 -------- d-----w- C:\Documents and Settings\All Users\Application Data\!SASCORE
2011-08-04 06:16:01 . 2011-08-04 06:16:32 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-08-04 06:16:01 . 2011-08-04 06:16:01 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-03 06:27:35 . 2011-07-08 14:55:36 41272 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-03 06:27:32 . 2011-08-03 06:27:32 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-08-03 06:27:24 . 2011-08-03 06:27:43 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-03 06:27:24 . 2011-07-08 14:55:36 22712 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2011-08-02 13:19:33 . 2011-08-02 13:19:33 -------- d-----w- C:\Adobe
2011-07-07 05:18:39 . 2011-07-07 05:18:52 -------- d-----w- C:\Documents and Settings\Bunky\Local Settings\Application Data\Temp
2011-07-07 05:18:34 . 2011-07-07 05:18:56 -------- d-----w- C:\Documents and Settings\Bunky\Local Settings\Application Data\Facebook
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2011-07-10 17:23:12 . 2009-11-09 08:33:35 101720 ----a-w- C:\WINDOWS\system32\drivers\SBREDrv.sys
2011-07-09 21:01:02 . 2009-10-18 16:15:57 243152 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys
2011-06-17 05:59:16 . 2011-05-19 13:49:34 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02:05 . 2009-04-29 10:54:20 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-06-25 16:25:44 . 2011-03-24 13:02:23 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 15:11:00 2471240 ----a-w- C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 15:11:00 2471240]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-07 08:07:04 297808 ----a-w- C:\WINDOWS\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-07 08:07:04 297808 ----a-w- C:\WINDOWS\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Eee Docking"="C:\Program Files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 14:42:54 395776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 15:08:08 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 15:08:12 159744]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 08:57:54 1434920]
"SynAsusAcpi"="C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 08:58:06 79144]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.E XE" [2008-04-14 12:00:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2008-04-14 12:00:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.EXE" [2008-04-14 12:00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.EXE" [2008-04-14 12:00:00 455168]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 16:55:10 55824]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 03:22:08 17567744]
"SbUsb AudCtrl"="sbusbdll.dll" [2005-05-27 00:52:26 128000]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-11-30 01:38:18 421888]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 19:48:18 58656]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 18:44:34 31072]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-06-08 00:51:12 421160]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 19:55:28 937920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 12:00:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-7 376832]
AsusVibeLauncher.lnk - C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-13 548528]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-8-25 813584]
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 06:41:34 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54:14 551296 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 04:27:24 12536 ----a-w- C:\WINDOWS\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-07-04 17:22:53 13672 ----a-w- C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28:42 72208 ----a-w- c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^John Ng^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=C:\Documents and Settings\John Ng\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=C:\WINDOWS\pss\AOL Desktop.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^John Ng^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk]
path=C:\Documents and Settings\John Ng\Start Menu\Programs\Startup\Thoosje Vista Sidebar.lnk
backup=C:\WINDOWS\pss\Thoosje Vista Sidebar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55:28 937920 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-05-21 15:36:28 3824472 ----a-w- C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 19:48:18 58656 ----a-w- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusACPIServer]
2009-04-16 23:46:30 630784 ----a-w- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusEPCMonitor]
2009-03-13 20:15:02 98304 ----a-w- C:\Program Files\EeePC\ACPI\AsEPCMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusTray]
2009-04-16 22:58:54 118784 ----a-w- C:\Program Files\EeePC\ACPI\AsTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2011-04-05 13:31:19 2071904 ----a-w- C:\PROGRA~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2009-05-08 14:42:54 395776 ----a-w- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-12 14:04:46 133104 ----atw- C:\Documents and Settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44:34 31072 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34:50 41824 ----a-w- C:\Program Files\Common Files\AOL\1249367258\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 09:41:10 49152 ----a-w- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-08 00:51:12 421160 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-08 14:55:36 449584 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42:30 1695232 ------w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 22:51:28 3885408 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Parental Control]
2009-03-20 22:23:32 1104384 ----a-w- C:\Program Files\Parental Control\bin\pcontrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-19 15:07:42 131072 ----a-w- C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38:18 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-03-27 03:22:08 17567744 ----a-w- C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07:20 2260480 --sha-r- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 18:34:07 148888 ----a-w- C:\Program Files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-07-29 01:09:07 4599680 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-05 06:18:12 198160 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=3 (0x3)
"Lavasoft Ad-Aware Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1249367258\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1249367258\\ee\\AOLDesktop.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"C:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Documents and Settings\\John Ng\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octosh ape.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\Bunky\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling .exe"=
"C:\\Documents and Settings\\John Ng\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling .exe"=

R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [9/12/2009 9:04:39 PM 64288]
R1 AvgTdiX;AVG Free Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [10/18/2009 9:15:57 AM 243152]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;C:\WINDOWS\system32\drivers\l1c51x86.sy s [4/9/2009 4:17:24 AM 38912]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [10/18/2009 9:15:57 AM 216400]
S1 policyappblockservice;Parental Control Application Filter;C:\Program Files\Parental Control\bin\policyappblock.sys [2/2/2009 1:22:44 PM 5120]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27:02 AM 12880]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55:22 PM 67664]
S2 LBeepKE;LBeepKE;C:\WINDOWS\system32\drivers\LBeepK E.sys [8/25/2009 11:24:20 PM 10384]
S2 privoxy;privoxy;C:\Program Files\Privoxy\privoxy.exe --service --> C:\Program Files\Privoxy\privoxy.exe --service [?]
S2 SlingAgentService;SlingAgentService;C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 2:16:06 PM 93960]
S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [8/3/2009 6:53:42 PM 24652]
S3 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore.exe [7/18/2011 5:02:03 PM 123264]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfil t.sys [5/7/2009 6:19:03 PM 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/26/2010 7:55:29 PM 947528]
S3 avg9emc;AVG Free E-mail Scanner;C:\Program Files\AVG\AVG9\avgemc.exe [7/16/2010 9:27:14 PM 921952]
S3 avg9wd;AVG Free WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [7/16/2010 9:27:21 PM 308136]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 1:13:29 AM 15232]
S3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\dr ivers\mbam.sys [8/2/2011 11:27:24 PM 22712]
S3 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [8/2/2011 11:27:35 PM 366640]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49:20 AM 227232]
S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\drivers\sbusb.sys [8/12/2010 10:43:01 PM 1694592]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;C:\WINDOWS\system32\drivers\SRS_PremiumSound _i386.sys [5/7/2009 7:35:29 PM 232872]
S3 uvclf;uvclf;C:\WINDOWS\system32\drivers\uvclf.sys [4/1/2009 7:19:09 PM 39040]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 2:05:32 AM 2151640]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LBEEPKE

Contents of the 'Scheduled Tasks' folder

2011-08-04 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05:33 . 2011-06-28 11:19:45]

2011-06-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34:12 . 2008-07-30 19:34:12]

2011-08-03 C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job
- C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 05:29:49 . 2011-07-15 13:00:29]

2011-08-05 C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job
- C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 05:29:49 . 2011-07-15 13:00:29]

2011-08-05 C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006Core.job
- C:\Documents and Settings\Bunky\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 05:18:36 . 2011-07-07 05:18:33]

2011-08-05 C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006UA.job
- C:\Documents and Settings\Bunky\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 05:18:36 . 2011-07-07 05:18:33]

2011-08-05 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job
- C:\Documents and Settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 14:04:46 . 2009-08-12 14:04:46]

2011-08-06 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job
- C:\Documents and Settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 14:04:46 . 2009-08-12 14:04:46]

------- Supplementary Scan -------

uStart Page = hxxp://eeepc.asus.com/global
IE: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wwi0no1n.default\

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Aim6 - C:\Program Files\AIM6\aim6.exe
MSConfigStartUp-nmctxth - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
MSConfigStartUp-SRS Premium Sound - C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-05 21:14:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(652)
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
C:\WINDOWS\system32\WININET.dll
C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

Completion time: 2011-08-05 21:17:29
ComboFix-quarantined-files.txt 2011-08-06 04:17:26

Pre-Run: 46,857,654,272 bytes free
Post-Run: 47,132,536,832 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0E144DA11FBB4987083E6937A897F8D5

JohnNgSF · #10 August 6th, 2011, 09:36 AM

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-06 01:34:38
-----------------------------
01:34:38.890 OS Version: Windows 5.1.2600 Service Pack 3
01:34:38.890 Number of processors: 2 586 0x1C02
01:34:38.890 ComputerName: NGNETBOOK UserName: John Ng
01:34:39.703 Initialize success
01:34:45.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:34:45.687 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
01:34:45.718 Disk 0 MBR read successfully
01:34:45.718 Disk 0 MBR scan
01:34:45.734 Disk 0 Windows XP default MBR code
01:34:45.750 Disk 0 scanning sectors +312576705
01:34:45.828 Disk 0 scanning C:\WINDOWS\system32\drivers
01:34:58.687 Service scanning
01:35:00.421 Modules scanning
01:35:07.281 Disk 0 trace - called modules:
01:35:07.281
01:35:07.281 Scan finished successfully
01:36:09.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John Ng\My Documents\MBR.dat"
01:36:09.890 The log file has been saved successfully to "C:\Documents and Settings\John Ng\My Documents\aswMBR.txt"

**Jintan** · #11 August 7th, 2011, 02:15 AM

Would be positive, but aswMBR is being denied access to the kernel, so something is still involved. I now see you have both AVG and Ad-Aware. Ad-Aware is now an antivirus program, so would conflict and damage any other antivirus programs installed. You will need to temp disable all security programs, then one at a time, uninstall both antivirus programs. Rebooting between the uninstalls.

Since lately it hasn't done a complete uninstall, once you have done the uninstalls, go here and download and run the AVG uninstaller. Just select the 2011 uninstaller, which should remove any older versions as well.

Then run and post new ComboFix, Gmer and aswMBR scan logs, in that order please.

JohnNgSF · #12 August 7th, 2011, 06:58 AM

ComboFix 11-08-06.02 - Administrator 08/06/2011 22:40:59.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1648 [GMT -7:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Version.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\version.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))
.
.
2011-08-06 23:24 . 2011-08-06 18:02 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-06 17:56 . 2011-08-06 17:56 -------- d-----w- c:\program files\Lavasoft
2011-08-05 07:52 . 2011-08-05 07:52 -------- d-----w- c:\documents and settings\Administrator
2011-08-05 04:41 . 2011-08-05 04:41 64512 --sha-r- c:\windows\system32\mswsockj.dll
2011-08-04 09:00 . 2011-08-04 09:00 -------- d-----w- c:\documents and settings\All Users\Application DataMicrosoft
2011-08-04 08:56 . 2011-08-04 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Provisioning
2011-08-04 06:16 . 2011-08-04 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-08-04 06:16 . 2011-08-04 06:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-04 06:16 . 2011-08-04 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-03 06:27 . 2011-07-08 14:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-03 06:27 . 2011-08-03 06:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-03 06:27 . 2011-08-03 06:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-03 06:27 . 2011-07-08 14:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 13:19 . 2011-08-02 13:19 -------- d-----w- C:\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-07-21 21:59 . 2009-09-13 04:04 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-10 17:23 . 2009-11-09 08:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-17 05:59 . 2011-05-19 13:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2009-04-29 10:54 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-25 16:25 . 2011-03-24 13:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-06_04.14.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-07 05:50 . 2011-08-07 05:50 16384 c:\windows\temp\Perflib_Perfdata_6d8.dat
+ 2011-08-06 17:56 . 2011-07-21 21:59 64512 c:\windows\system32\DRVSTORE\lbd_69523D0F7F903BDB4 77CD80CFD35086362532B23\Lbd.sys
- 2009-05-08 14:05 . 2011-08-04 03:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-08 14:05 . 2011-08-06 18:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-08 14:05 . 2011-08-04 03:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-08 14:05 . 2011-08-06 18:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-05-08 14:05 . 2011-08-04 03:22 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2011-08-06 17:42 . 2011-08-06 18:11 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat
+ 2009-07-12 07:02 . 2009-07-12 07:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 07:02 . 2009-07-12 07:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 07:05 . 2009-07-12 07:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 05:11 . 2009-07-12 05:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b 9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll
+ 2009-07-12 05:11 . 2009-07-12 05:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b 9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll
+ 2009-07-12 05:14 . 2009-07-12 05:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b 9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll
+ 2009-07-12 05:11 . 2009-07-12 05:11 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b 9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll
+ 2011-08-06 17:57 . 2011-08-06 17:57 5157376 c:\windows\Installer\4a6746.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-07 08:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-07 08:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400]
"Facebook Update"="c:\documents and settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-07-15 137536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2008-04-14 455168]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"SbUsb AudCtrl"="sbusbdll.dll" [2005-05-27 128000]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQg BXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4 ADYARwA&inst=NwA3AC0ANgA3ADEAMAAwADgAMwAzADcALQBGA FAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0 ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsAN QAtAEYAOQBNADEAMABCACsAMgAtAEQARABUACsAMAAtAFgATwA 5ACsAMQA&prod=90&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-7 376832]
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-13 548528]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-25 813584]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-07-04 17:22 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John Ng^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=c:\documents and settings\John Ng\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John Ng^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk]
path=c:\documents and settings\John Ng\Start Menu\Programs\Startup\Thoosje Vista Sidebar.lnk
backup=c:\windows\pss\Thoosje Vista Sidebar.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 19:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusACPIServer]
2009-04-16 23:46 630784 ----a-w- c:\program files\EeePC\ACPI\AsAcpiSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusEPCMonitor]
2009-03-13 20:15 98304 ----a-w- c:\program files\EeePC\ACPI\AsEPCMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusTray]
2009-04-16 22:58 118784 ----a-w- c:\program files\EeePC\ACPI\AsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2009-05-08 14:42 395776 ----a-w- c:\program files\ASUS\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-12 14:04 133104 ----atw- c:\documents and settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1249367258\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 09:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-08 00:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-08 14:55 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Parental Control]
2009-03-20 22:23 1104384 ----a-w- c:\program files\Parental Control\bin\pcontrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-19 15:07 131072 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-03-27 03:22 17567744 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 18:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-07-29 01:09 4599680 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-05 06:18 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=3 (0x3)
"Lavasoft Ad-Aware Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1249367258\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1249367258\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\John Ng\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octosh ape.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Bunky\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling .exe"=
"c:\\Documents and Settings\\John Ng\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling .exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/12/2009 9:04 PM 64512]
R1 policyappblockservice;Parental Control Application Filter;c:\program files\Parental Control\bin\policyappblock.sys [2/2/2009 1:22 PM 5120]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [8/25/2009 11:24 PM 10384]
R2 privoxy;privoxy;c:\program files\Privoxy\privoxy.exe --service --> c:\program files\Privoxy\privoxy.exe --service [?]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 2:16 PM 93960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/3/2009 6:53 PM 24652]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sy s [4/9/2009 4:17 AM 38912]
R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/1/2009 7:19 PM 39040]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/18/2011 5:02 PM 123264]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [5/7/2009 6:19 PM 1684736]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/21/2011 2:59 PM 2151640]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [8/2/2011 11:27 PM 22712]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/2/2011 11:27 PM 366640]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [8/12/2010 10:43 PM 1694592]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound _i386.sys [5/7/2009 7:35 PM 232872]
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{efca04e8-00e7-11df-8910-002243deae35}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 21:59]
.
2011-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job
- c:\documents and settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 13:00]
.
2011-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job
- c:\documents and settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 13:00]
.
2011-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006Core.job
- c:\documents and settings\Bunky\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 05:18]
.
2011-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006UA.job
- c:\documents and settings\Bunky\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 05:18]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job
- c:\documents and settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 14:04]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job
- c:\documents and settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?l=dis&o=1587&gct=hp
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\John Ng\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-06 22:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R??????D~??A~??????A~???w????????|??????w???w????? ??????s?????????????b?????????????????????????s??? ?????m??? ???????C??s????|??s???wC??s ????????????b??????3$??@???4?A~??????????????????? w???????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(2104)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll
c:\program files\ASUS\Eee Storage\EcaremeDLL.dll
c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390 .31024__0d0f4b69e50e559b\SqliteShared.dll
c:\windows\assembly\GAC_32\System.Data.SQLite\1.0. 60.0__db937bc2d44ff139\System.Data.SQLite.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Privoxy\privoxy.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDll32.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
************************************************** ************************
.
Completion time: 2011-08-06 22:55:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-07 05:55
ComboFix2.txt 2011-08-06 04:17
.
Pre-Run: 49,601,286,144 bytes free
Post-Run: 49,580,961,792 bytes free
.
- - End Of File - - 53AA094B1C113C783E0A5764C75D03A7

JohnNgSF · #13 August 7th, 2011, 03:28 PM

trying again with AVG and Ad-Aware uninstalled.

ComboFix 11-08-06.02 - Administrator 08/07/2011 7:12.3.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1630 [GMT -7:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\John Ng\Local Settings\Temp\CR_C1A93.tmp\setup.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\arb\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\arb\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\arb\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\chs\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\chs\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\chs\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\cht\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\cht\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\cht\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hpbmiapi.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \HPBOID.EXE
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hpboidps.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \HPBPRO.EXE
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hpbprops.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \HPJCMN2U.DLL
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \HPJIPX1U.DLL
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hpoism01.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hppapml0.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hpqip09.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hpqish09.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\win9x_ me\atl.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\csy\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\csy\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\csy\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\dan\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\dan\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\dan\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\deu\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\deu\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\deu\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win2000\ hpzc3212.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win2000\ hpzid412.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win2000\ hpzipr12.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win2000\ hpzisc12.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win2000\ hpzius12.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win2000\ hpzs2k12.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp hpar98.vxd
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zbrx12.pdr
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zc3212.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zid412.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zimn12.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zipa12.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zipr12.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zisc12.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zius12.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zs9x12.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zuci12.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\winxp\hp paufd0.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\wrapper\ _isdel.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\wrapper\ _setup.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\wrapper\ setup.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\wrapper\ wrapper.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\fax\hpaiofax. dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\fax\hpzuifax. dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\h potiop2.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\h potpusd.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\h potscl2.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\h povst09.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\h powiax1.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\h powiax2.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\u sbscan.sy_
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\enu\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\enu\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\enu\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\esm\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\esm\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\esm\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\fin\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\fin\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\fin\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\fra\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\fra\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\fra\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\gdiplus.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\grk\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\grk\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\grk\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hbr\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hbr\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hbr\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzc3212.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzglu14.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\HPZidi01.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\HPZIDS01.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzjlog.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzjpp01.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzjut01.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzjvp01.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzpnp14.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzscr14.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzsetup.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzuci12.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hun\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hun\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hun\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\ita\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\ita\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\ita\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\jpn\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\jpn\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\jpn\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\kor\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\kor\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\kor\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\msvcirt.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\msvcrt.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\nld\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\nld\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\nld\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\non\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\non\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\non\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\plk\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\plk\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\plk\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\ptb\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\ptb\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\ptb\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\rus\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\rus\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\rus\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\Setup.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\cfgtoip.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpbntkrs.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpbskutl.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPCommunication .dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPeDiag.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPeSupport.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpgeneric.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjmpr30.vxd
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjmpr40.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjmpr50.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjndis3.vxd
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjndis4.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjndis5.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjnds50.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjsiadp.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjsira.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkexe.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_ar.dl l
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_en.dl l
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_es.dl l
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_fr.dl l
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_pt.dl l
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_zhcn. dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_zhtw. dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpoapd01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hponac01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hponicifs01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hponiprint01.ex e
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hponiscan01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\Hponiscp01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hporfd01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpowfs01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPScripting.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZarp01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZcdl01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZchk01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZddv01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzdui01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzfwx01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZgat01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzjfw01.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzjpp01.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzjut02.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzmsi01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZnet01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZnfx01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZnop01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZopt01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzpnp01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzprl01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZpsc01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZpsl01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZrcn01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZrcv01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZrein01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzscr01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzshl01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZsui01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZtim01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZwis01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZwrp01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZwup01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\imagezoneexpres s\PhotobackPluginSetup.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\InstallMetrics. dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\InternetUtil.dl l
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\mdfix01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\mfc42.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\MFC71.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msvcirt.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msvcp60.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msvcp71.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msvcr71.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msxml3.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msxml3a.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msxml3r.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\openssldll.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\rapiddiscovery. dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\redisco\hpzjfw0 1.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\redisco\hpzjrd0 1.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\redisco\hpzjsn0 1.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\redisco\wsnmp32 .dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\RulesEngine.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdicommunicatio ns.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdiencryption.d ll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdifirewall.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdifirewallnet. dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdiingredients. dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdiingredientsa gents.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdilog.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdinetware.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdisdk.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\snmp_pp.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\snmpnet_pp.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\tls704d.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\tls7712d.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\usbready.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\wis\win2k_xp\in stmsi.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\wis\win9x\instm si.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\wsnmp32.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\svc\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\svc\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\svc\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\tls704d.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\tur\drivers\com_lang\ hpofax08.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\tur\drivers\win9x_me\ usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\tur\drivers\win9x_me\ usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\unicows.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\usbhub.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\usbmon.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\usbprint.sys
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\aio\hpopdi05.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\aio\hpopin05.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\240075.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\270615USAM.E XE
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\AccessDenied Utility.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\afsinst.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\enu\Q283787_ W2K_SP3_x86.EXE
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\enu\WindowsX P-KB822603-x86-enu.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\esn\Q283787_ W2K_SP3_x86.EXE
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\esn\WindowsX P-KB822603-x86-esn.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\FixErr1714.e xe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\fra\Q283787_ W2K_SP3_x86.EXE
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\fra\WindowsX P-KB822603-x86-fra.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\HPZlgc01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\HPZprs01.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\MediaSizeSet tings.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\ptb\Q283787_ W2K_SP3_x86.EXE
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\ptb\WindowsX P-KB822603-x86-ptb.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\Q256858_W2K_ SP1_x86.EXE
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\Q283787_W2K_ SP3_x86_en.EXE
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\cfgmgr32.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\common\hpfpdi14. exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\common\hpqisc09. exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\common\hpzghl14. exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\common\hpzpin14. exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\setupapi.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\support_tools\ms i_install_cleanup\win2000\msicuu.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\support_tools\ms i_install_cleanup\win9x\msicu.exe
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\xmlparse.dll
c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\xmltok.dll
c:\documents and settings\John Ng\Local Settings\Temp\ose00000.exe
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\h\explorer.exe
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\h\iexplore.exe
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\nircmd.exe
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\nircmdc.exe
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\nird\iexplore.exe
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\pev.exe
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\procs\explorer.exe
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\procs\iexplore.com
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\procs\iexplore.exe
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\proxycheck.exe
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\sed.exe
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\swreg.exe
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\userinit.exe
c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\winlogon.exe
c:\documents and settings\John Ng\Local Settings\Temp\SUPERSetup\setup.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 )))))))))))))))))))))))))))))))
.
.
2011-08-07 14:05 . 2011-08-07 14:05 -------- d-----w- c:\windows\LastGood
2011-08-05 07:52 . 2011-08-05 07:52 -------- d-----w- c:\documents and settings\Administrator
2011-08-05 04:41 . 2011-08-05 04:41 64512 --sha-r- c:\windows\system32\mswsockj.dll
2011-08-04 09:00 . 2011-08-04 09:00 -------- d-----w- c:\documents and settings\All Users\Application DataMicrosoft
2011-08-04 08:56 . 2011-08-04 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Provisioning
2011-08-04 06:16 . 2011-08-04 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE
2011-08-04 06:16 . 2011-08-04 06:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-04 06:16 . 2011-08-04 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-03 06:27 . 2011-07-08 14:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-03 06:27 . 2011-08-03 06:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-03 06:27 . 2011-08-03 06:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-03 06:27 . 2011-07-08 14:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 13:19 . 2011-08-02 13:19 -------- d-----w- C:\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-07-10 17:23 . 2009-11-09 08:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-17 05:59 . 2011-05-19 13:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2009-04-29 10:54 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-25 16:25 . 2011-03-24 13:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-06_04.14.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-08 14:05 . 2011-08-06 18:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-08 14:05 . 2011-08-04 03:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-08 14:05 . 2011-08-06 18:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-05-08 14:05 . 2011-08-04 03:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-07 14:05 . 2011-07-21 21:59 64512 c:\windows\LastGood\system32\DRIVERS\Lbd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2009-11-07 08:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2009-11-07 08:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2008-04-14 455168]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
"SbUsb AudCtrl"="sbusbdll.dll" [2005-05-27 128000]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQg BXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4 ADYARwA&inst=NwA3AC0ANgA3ADEAMAAwADgAMwAzADcALQBGA FAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0 ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsAN QAtAEYAOQBNADEAMABCACsAMgAtAEQARABUACsAMAAtAFgATwA 5ACsAMQA&prod=90&ver=9.0.894" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-7 376832]
AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-13 548528]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-25 813584]
.
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-07-04 17:22 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John Ng^Start Menu^Programs^Startup^AOL Desktop.lnk]
path=c:\documents and settings\John Ng\Start Menu\Programs\Startup\AOL Desktop.lnk
backup=c:\windows\pss\AOL Desktop.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John Ng^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk]
path=c:\documents and settings\John Ng\Start Menu\Programs\Startup\Thoosje Vista Sidebar.lnk
backup=c:\windows\pss\Thoosje Vista Sidebar.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 19:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusACPIServer]
2009-04-16 23:46 630784 ----a-w- c:\program files\EeePC\ACPI\AsAcpiSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusEPCMonitor]
2009-03-13 20:15 98304 ----a-w- c:\program files\EeePC\ACPI\AsEPCMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusTray]
2009-04-16 22:58 118784 ----a-w- c:\program files\EeePC\ACPI\AsTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]
2009-05-08 14:42 395776 ----a-w- c:\program files\ASUS\Eee Docking\Eee Docking.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-12 14:04 133104 ----atw- c:\documents and settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1249367258\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 09:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-08 00:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-08 14:55 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Parental Control]
2009-03-20 22:23 1104384 ----a-w- c:\program files\Parental Control\bin\pcontrol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-19 15:07 131072 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-03-27 03:22 17567744 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 18:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-07-29 01:09 4599680 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-05 06:18 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=3 (0x3)
"Lavasoft Ad-Aware Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1249367258\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1249367258\\ee\\AOLDesktop.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Documents and Settings\\John Ng\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octosh ape.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Bunky\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling .exe"=
"c:\\Documents and Settings\\John Ng\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling .exe"=
.
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sy s [4/9/2009 4:17 AM 38912]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 policyappblockservice;Parental Control Application Filter;c:\program files\Parental Control\bin\policyappblock.sys [2/2/2009 1:22 PM 5120]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664]
S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [8/25/2009 11:24 PM 10384]
S2 privoxy;privoxy;c:\program files\Privoxy\privoxy.exe --service --> c:\program files\Privoxy\privoxy.exe --service [?]
S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 2:16 PM 93960]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/3/2009 6:53 PM 24652]
S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/18/2011 5:02 PM 123264]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [5/7/2009 6:19 PM 1684736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [8/2/2011 11:27 PM 22712]
S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/2/2011 11:27 PM 366640]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [8/12/2010 10:43 PM 1694592]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound _i386.sys [5/7/2009 7:35 PM 232872]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/1/2009 7:19 PM 39040]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LBEEPKE
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job
- c:\documents and settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 13:00]
.
2011-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job
- c:\documents and settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 13:00]
.
2011-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006Core.job
- c:\documents and settings\Bunky\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 05:18]
.
2011-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006UA.job
- c:\documents and settings\Bunky\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 05:18]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job
- c:\documents and settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 14:04]
.
2011-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job
- c:\documents and settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={s earchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-07 07:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2011-08-07 07:24:59
ComboFix-quarantined-files.txt 2011-08-07 14:24
ComboFix2.txt 2011-08-07 05:55
ComboFix3.txt 2011-08-06 04:17
.
Pre-Run: 49,714,434,048 bytes free
Post-Run: 49,691,598,848 bytes free
.
- - End Of File - - 6AC681D3639608897859D56B13629A44

JohnNgSF · #14 August 7th, 2011, 06:18 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-07 10:18:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB2O
Running: 90fbbho3.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwryypow.sys

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \FileSystem\Fastfat \Fat B9649D20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

JohnNgSF · #15 August 7th, 2011, 06:25 PM

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-07 10:23:35
-----------------------------
10:23:35.421 OS Version: Windows 5.1.2600 Service Pack 3
10:23:35.421 Number of processors: 2 586 0x1C02
10:23:35.421 ComputerName: NGNETBOOK UserName:
10:23:35.984 Initialize success
10:23:43.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:23:43.812 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
10:23:43.843 Disk 0 MBR read successfully
10:23:43.859 Disk 0 MBR scan
10:23:43.875 Disk 0 Windows XP default MBR code
10:23:43.906 Disk 0 scanning sectors +312576705
10:23:44.000 Disk 0 scanning C:\WINDOWS\system32\drivers
10:23:51.359 Service scanning
10:23:55.031 Modules scanning
10:24:00.265 Disk 0 trace - called modules:
10:24:00.328 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
10:24:00.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5db030]
10:24:00.375 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000070[0x8a626f18]
10:24:00.406 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a5e9028]
10:24:00.421 Scan finished successfully
10:24:44.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\MBR.dat"
10:24:44.890 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR log August 7.txt"

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
Virus: Security Shield 2012--please help	ronlin	Malware Removal	13	March 21st, 2012 02:24 AM
Virus: Security Shield 2012--need help	dmaksymyshyn	Malware Removal	19	March 1st, 2012 03:44 AM
Vista internet security 2012 Virus...	mxmom	Malware Removal	23	February 11th, 2012 05:42 AM
windows 7 antivirus 2012 app virus	redhawkwolf	Malware Removal	1	January 7th, 2012 03:48 AM
Vista Home Security 2012 virus	Lowella	Malware Removal	22	December 27th, 2011 02:15 AM