|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Need Help with Windows XP Security 2012 Virus
My ASUS 1005 HA netbook got infected with some rogue XP Security malware. It turned off my Firewall and Antivirus program and kept sending up pop-ups claiming I was infected and needed to purchase this product in order to get rid of the stuff. I have read some stuff on google and have tried to disinfect my netbook.
So far, I used Malwarebytes' Anti-Malware to remove it. It caught some files and deleted them. My Firewall is back on. But it has disabled the Automatic updates. I have used the following anti-virus in the safe mode. All are showing clean so far. But the netbook is still erratic. Malwarebytes Anti-Malware AVG Free Search and Destroy Ad-Adware Free My netbook is: ASUS 1005 HA Windows XP, SP3 2 GB Ram 250 GB HD, partitioned into two drives My last visit here was in 2007 and AnnMarie was most helpful. Any information or help would be appreciated. Thanks in advance for your time and help. |
#2
|
||||
|
||||
Hello JohnNgSF,
Let's take a look. If you have installed/used Alcohol and/or Daemon Tools there, post back here before doing the following, for some added steps. If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool. And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. ------------------ Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please. ----------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. Note - If Gmer shows it has located infection once it's opening scan completes, do not click the Scan button. We don't want hidden malware settings to cause any problems. Instead, just click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download aswMBR ( 511KB ) to your desktop.
A lot, but comprehensive, and will make sure we get a good view of everything. |
#3
|
|||
|
|||
Thank you Jintan for your assistance.
OTL logfile created on: 8/4/2011 9:32:35 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Ng\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.33% Memory free 3.33 Gb Paging File | 2.64 Gb Available in Paging File | 79.22% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 72.06 Gb Total Space | 41.54 Gb Free Space | 57.65% Space Free | Partition Type: NTFS Drive D: | 72.05 Gb Total Space | 71.88 Gb Free Space | 99.76% Space Free | Partition Type: NTFS Computer Name: NGNETBOOK | User Name: John Ng | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/08/04 20:30:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Ng\My Documents\Downloads\OTL.exe PRC - [2011/07/08 07:55:36 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/11/25 10:15:06 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe PRC - [2010/07/16 21:27:25 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe PRC - [2010/07/16 21:27:13 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/09/25 14:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009/03/25 07:43:40 | 000,376,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe PRC - [2008/04/14 05:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/01/20 10:06:08 | 000,302,080 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Program Files\Privoxy\privoxy.exe PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2004/12/02 18:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe ========== Modules (SafeList) ========== MOD - [2011/08/04 20:30:31 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Ng\My Documents\Downloads\OTL.exe MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011/07/18 17:02:03 | 000,123,264 | ---- | M] (SUPERAntiSpyware.com) [On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011/07/08 07:55:36 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [On_Demand | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/06/28 04:19:39 | 002,151,640 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service) SRV - [2010/07/21 01:35:17 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc) SRV - [2010/07/16 21:27:21 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/07/04 10:23:05 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist) SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009/09/25 14:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService) SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2008/01/20 10:06:08 | 000,302,080 | ---- | M] (The Privoxy team - www.privoxy.org) [Auto | Running] -- C:\Program Files\Privoxy\privoxy.exe -- (privoxy) SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS) ========== Driver Services (SafeList) ========== DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/07/09 14:01:02 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX) DRV - [2011/07/08 07:55:36 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/02/04 07:27:14 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer) DRV - [2010/12/03 02:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2010/07/16 21:27:14 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/06/03 00:35:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/06/17 09:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2009/04/20 07:38:18 | 000,232,872 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386. sys -- (SRS_PremiumSound_Service) DRV - [2009/03/30 02:13:30 | 005,063,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/03/13 20:05:26 | 001,528,928 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416) DRV - [2009/03/01 22:03:47 | 000,038,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2009/02/06 15:08:42 | 000,055,152 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr) DRV - [2009/02/02 13:22:44 | 000,005,120 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Parental Control\bin\policyappblock.sys -- (policyappblockservice) DRV - [2008/11/18 18:21:28 | 000,039,040 | ---- | M] (GenesysLogic Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\uvclf.sys -- (uvclf) DRV - [2008/08/19 07:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2008/08/19 07:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2008/08/05 05:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2008/07/24 02:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2008/05/29 20:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2008/04/08 12:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI) DRV - [2008/03/10 03:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2008/02/04 02:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006/01/04 00:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2005/06/10 09:39:20 | 001,694,592 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbusb.sys -- (sbusb) DRV - [2005/04/20 09:44:08 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2005/04/20 09:44:06 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT) DRV - [2003/01/10 14:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=1587&gct=hp IE - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) IE - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () IE - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={s earchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6102 FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.6518 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {9EB34849-81D3-4841-939D-666D522B889A}:1.4.0.76 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\John Ng\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\John Ng\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.d ll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\John Ng\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\John Ng\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/25 10:16:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extens ions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/07/09 14:01:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 09:25:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/18 09:17:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\moveplayer@movenetworks.com: C:\Documents and Settings\John Ng\Application Data\Move Networks [2009/11/14 15:06:47 | 000,000,000 | ---D | M] [2009/08/03 21:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Extensions [2009/08/03 21:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Extensions\mozswing@mozswing.org [2011/08/02 00:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions [2010/04/27 23:56:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/06/25 08:53:47 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2011/06/25 09:26:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010/02/04 00:07:16 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{9EB34849-81D3-4841-939D-666D522B889A} [2010/04/28 00:14:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/08/02 00:31:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011/06/25 08:53:44 | 000,000,000 | ---D | M] ("AOL Messaging Toolbar") -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{c2f863cd-0429-48c7-bb54-db756a951760} [2011/04/27 23:51:42 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2011/04/28 00:03:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ext ensions\engine@conduit.com [2009/08/03 18:55:09 | 000,004,212 | ---- | M] () -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\sea rchplugins\aim-search.xml [2009/09/13 10:22:37 | 000,001,746 | ---- | M] () -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\sea rchplugins\aol-search.xml [2011/07/24 08:09:16 | 000,002,571 | ---- | M] () -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\sea rchplugins\askcom.xml [2011/04/27 15:34:06 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\sea rchplugins\conduit.xml [2011/03/24 06:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2009/08/03 21:07:57 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/06/25 09:25:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml Hosts file not found O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O3 - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O3 - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005..\Run: [Facebook Update] C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnk = C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2481989111-2461257284-2038209094-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\John Ng\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm () O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/soft...01/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...5116/CTPID.cab (Creative Software AutoUpdate Support Package 1) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/04/29 04:07:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{efca04e8-00e7-11df-8910-002243deae35}\Shell\AutoRun\command - "" = E:\setupSNK.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/08/04 02:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application DataMicrosoft [2011/08/04 01:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Provisioning [2011/08/03 23:16:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\SUPERAntiSpyware.com [2011/08/03 23:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE [2011/08/03 23:16:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware [2011/08/03 23:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2011/08/03 23:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2011/08/02 23:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\Malwarebytes [2011/08/02 23:27:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/08/02 23:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/08/02 23:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/08/02 23:27:24 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011/08/02 23:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/08/02 23:17:19 | 009,545,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Ng\Desktop\mbam-setup.exe [2011/08/02 06:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\Zoyjq [2011/08/02 06:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\Esemn [2011/08/02 06:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\Qixu [2011/08/02 06:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\Lyqip [2011/08/02 06:19:33 | 000,000,000 | ---D | C] -- C:\Adobe [2011/08/02 06:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2011/08/02 00:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia [2011/08/02 00:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2011/07/25 00:15:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Application Data\PriceGong [2011/07/07 22:29:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook [2010/08/12 22:43:01 | 000,059,392 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/08/04 21:41:49 | 000,000,312 | RHS- | M] () -- C:\WINDOWS\tasks\UDZUDOB.job [2011/08/04 21:41:48 | 000,064,512 | RHS- | M] () -- C:\WINDOWS\System32\mswsockj.dll [2011/08/04 21:40:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/08/04 21:31:43 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2011/08/04 21:26:21 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/08/04 21:25:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/08/04 21:05:04 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job [2011/08/04 21:04:03 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job [2011/08/03 23:16:06 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/08/03 23:02:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\prvlcl.dat [2011/08/03 22:39:55 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011/08/03 22:23:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006UA.job [2011/08/03 22:23:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006Core.job [2011/08/03 22:04:02 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job [2011/08/03 20:12:25 | 083,077,644 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2011/08/03 19:21:13 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2011/08/03 19:21:13 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2011/08/03 06:05:10 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job [2011/08/02 23:27:37 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/08/02 23:17:15 | 000,000,399 | ---- | M] () -- C:\Documents and Settings\John Ng\Desktop\Shortcut to iExplore.lnk [2011/08/02 20:48:36 | 000,012,222 | -HS- | M] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\dc67758srs7871g6vj6sykff42x0f [2011/08/02 20:48:36 | 000,012,222 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\dc67758srs7871g6vj6sykff42x0f [2011/08/02 20:23:43 | 000,001,822 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3692677265 [2011/08/02 20:23:43 | 000,001,822 | -HS- | M] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\2416377464 [2011/08/02 20:17:07 | 000,012,294 | -HS- | M] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\3692677265 [2011/08/02 20:17:05 | 000,012,250 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\2416377464 [2011/07/31 21:00:32 | 009,545,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\John Ng\Desktop\mbam-setup.exe [2011/07/31 20:54:24 | 001,008,041 | ---- | M] () -- C:\Documents and Settings\John Ng\Desktop\rkill.com [2011/07/31 20:37:40 | 000,001,134 | ---- | M] () -- C:\Documents and Settings\John Ng\Desktop\FixNCR.reg [2011/07/25 06:01:35 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/07/23 11:59:39 | 000,001,069 | ---- | M] () -- C:\Documents and Settings\John Ng\Desktop\Free YouTube to MP3 Converter.lnk [2011/07/15 00:48:25 | 000,002,280 | ---- | M] () -- C:\Documents and Settings\John Ng\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2011/07/15 00:48:24 | 000,002,302 | ---- | M] () -- C:\Documents and Settings\John Ng\Desktop\Google Chrome.lnk [2011/07/13 06:00:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011/07/10 10:23:12 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys [2011/07/09 14:01:02 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2011/07/08 07:55:36 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011/07/08 07:55:36 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/08/03 23:16:06 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/08/02 23:27:37 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/08/02 23:17:42 | 001,008,041 | ---- | C] () -- C:\Documents and Settings\John Ng\Desktop\rkill.com [2011/08/02 23:17:14 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\John Ng\Desktop\Shortcut to iExplore.lnk [2011/08/02 23:16:56 | 000,001,134 | ---- | C] () -- C:\Documents and Settings\John Ng\Desktop\FixNCR.reg [2011/08/02 20:14:48 | 000,012,294 | -HS- | C] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\3692677265 [2011/08/02 20:14:40 | 000,012,250 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2416377464 [2011/08/02 20:14:40 | 000,012,222 | -HS- | C] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\dc67758srs7871g6vj6sykff42x0f [2011/08/02 20:14:40 | 000,001,822 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3692677265 [2011/08/02 20:14:40 | 000,001,822 | -HS- | C] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\2416377464 [2011/08/02 20:14:11 | 000,012,222 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\dc67758srs7871g6vj6sykff42x0f [2011/08/02 00:24:25 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/07/23 11:59:39 | 000,001,069 | ---- | C] () -- C:\Documents and Settings\John Ng\Desktop\Free YouTube to MP3 Converter.lnk [2011/07/07 22:29:50 | 000,001,006 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job [2011/07/07 22:29:50 | 000,000,984 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job [2011/07/06 22:18:38 | 000,000,998 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006UA.job [2011/07/06 22:18:38 | 000,000,976 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006Core.job [2011/07/03 21:58:34 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat [2011/04/21 00:32:02 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/04/21 00:32:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2010/08/14 13:43:23 | 000,110,415 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp [2010/08/14 13:43:23 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp [2010/08/14 13:37:48 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat [2010/08/12 22:44:14 | 001,509,416 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/08/12 22:43:00 | 000,012,043 | ---- | C] () -- C:\WINDOWS\System32\SBUSB.INI [2010/07/08 20:03:53 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi [2010/06/21 21:48:36 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin [2010/01/25 21:21:01 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll [2010/01/14 01:53:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Ng\Application Data\wklnhst.dat [2009/12/31 15:35:42 | 000,117,144 | ---- | C] () -- C:\WINDOWS\hpoins11.dat [2009/12/31 15:35:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2009/12/01 07:50:19 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/16 01:31:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Ng\Local Settings\Application Data\prvlcl.dat [2009/09/13 10:20:29 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2009/09/12 16:59:57 | 000,076,888 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/08/03 18:44:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/07/30 18:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini [2009/05/22 14:25:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe [2009/05/22 14:25:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe [2009/05/08 03:46:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2009/05/07 19:35:29 | 000,232,872 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386. sys [2009/05/07 18:24:26 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini [2009/05/07 18:24:26 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini [2009/05/07 18:19:08 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat [2009/05/07 18:19:08 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat [2009/05/07 07:12:50 | 000,013,650 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2009/05/07 07:11:37 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll [2009/04/29 04:09:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/04/29 04:05:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/04/29 03:54:29 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2009/04/29 03:54:17 | 000,457,626 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2009/04/29 03:54:17 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2009/04/29 03:54:17 | 000,076,382 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2009/04/29 03:54:17 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2009/04/29 03:54:17 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2009/04/29 03:54:15 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2009/04/29 03:54:15 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2009/04/29 03:54:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2009/04/29 03:54:13 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2009/04/29 03:54:13 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2009/04/29 03:54:11 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2009/04/29 03:54:09 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2009/04/28 21:01:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/04/28 21:00:40 | 000,341,832 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/03/05 12:04:50 | 000,479,744 | ---- | C] () -- C:\WINDOWS\System32\PolicyLSP.dll [2009/02/25 23:50:32 | 000,000,176 | ---- | C] () -- C:\WINDOWS\explorer.exe.config [2008/09/02 04:25:26 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.b in [2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2001/11/14 10:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001/07/07 03:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE < End of report > |
#4
|
|||
|
|||
OTL Extras logfile created on: 8/4/2011 9:32:35 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\John Ng\My Documents\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.33% Memory free 3.33 Gb Paging File | 2.64 Gb Available in Paging File | 79.22% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 72.06 Gb Total Space | 41.54 Gb Free Space | 57.65% Space Free | Partition Type: NTFS Drive D: | 72.05 Gb Total Space | 71.88 Gb Free Space | 99.76% Space Free | Partition Type: NTFS Computer Name: NGNETBOOK | User Name: John Ng | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] [HKEY_USERS\S-1-5-21-2481989111-2461257284-2038209094-1005\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery "1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List] "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC) "C:\Program Files\Common Files\AOL\1249367258\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1249367258\ee\aolsoftware.exe:*:Enabled: AOL Shared Components -- (AOL LLC) "C:\Program Files\Common Files\AOL\1249367258\ee\AOLDesktop.exe" = C:\Program Files\Common Files\AOL\1249367258\ee\AOLDesktop.exe:*:Enabled:A OL Desktop -- (AOL LLC) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealP layer -- (RealNetworks, Inc.) "C:\Documents and Settings\John Ng\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape. exe" = C:\Documents and Settings\John Ng\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...bled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.) "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard) "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( ) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.) "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microso ft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Documents and Settings\Bunky\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe " = C:\Documents and Settings\Bunky\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe :*:Enabled:Facebook Video Calling Plugin -- (Skype Limited) "C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe " = C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe :*:Enabled:Facebook Video Calling Plugin -- (Skype Limited) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 14 "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery "{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer "{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update "{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC "{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{64C118AC-FA2A-4E9C-A76E-DC22CA4FC20D}" = Voice Command EN Trial Version "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme "{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI "{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status "{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software "{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C61886F-D069-46EF-A58A-76B17415D0B0}" = Facebook Video Calling 1.0.0.7153 "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12 "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007 "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0) "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B9BDA46B-2E17-4F43-9D7A-9B1E09A0A4D8}" = Data Sync "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials "{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger "{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100 "{ECC524E3-FB9A-440A-810A-66A2476B5106}" = Facebook Video Calling 1.0.0.7777 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIM Toolbar" = AIM Toolbar "AIM_7" = AIM 7 "Amazon Kindle For PC" = Amazon Kindle For PC v1.0 "AoA Audio Extractor_is1" = AoA Audio Extractor 1.0 "AOL Regclient" = AOL Registration "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "Asus Vibe2.0" = AsusVibe2.0 "AsusVibeCheckUpdate_is1" = AsusVibeCheckUpdate "AVG9Uninstall" = AVG Free 9.0 "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com "Device Control" = Device Control "EAX" = Creative EAX Console "Eee Docking_is1" = Eee Docking 1.3.1.0 "Eee Storage" = Eee Storage "EeePC1005HA" = EeePC1005HA Screen Saver "FLV Player" = FLV Player 2.0 (build 25) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.22.602 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "GoToAssist" = GoToAssist Corporate "HDMI" = Intel(R) Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 7.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0 "HPExtendedCapabilities" = HP Customer Participation Program 7.0 "HPOCR" = OCR Software by I.R.I.S 7.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer "InstallShield_{64C118AC-FA2A-4E9C-A76E-DC22CA4FC20D}" = Voice Command EN Trial Version "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800 "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Parental Control" = Parental Control "pdfsam" = pdfsam "PrimoPDF" = PrimoPDF -- by Nitro PDF Software "Privoxy" = Privoxy (remove only) "RealPlayer 12.0" = RealPlayer "SoftwareUpdUtility" = Download Updater (AOL LLC) "SynTPDeinstKey" = Synaptics Pointing Device Driver "Thoosje Vista Sidebar" = Thoosje Vista Sidebar "ULTIMATER" = Microsoft Office Ultimate 2007 "Uninstall_is1" = Uninstall 1.0.0.1 "ViewpointMediaPlayer" = Viewpoint Media Player "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinLiveSuite_Wave3" = Windows Live Essentials "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2481989111-2461257284-2038209094-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall] "Google Chrome" = Google Chrome "Move Media Player" = Move Media Player "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 8/3/2011 10:21:27 PM | Computer Name = NGNETBOOK | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 8/4/2011 1:29:14 AM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CA3AFBCF1240364B44B216208880483919937CF7.crt> with error: The connection with the server was terminated abnormally Error - 8/4/2011 1:29:14 AM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/CA3AFBCF1240364B44B216208880483919937CF7.crt> with error: This network connection does not exist. Error - 8/4/2011 1:30:54 AM | Computer Name = NGNETBOOK | Source = Application Hang | ID = 1002 Description = Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 8/4/2011 2:15:46 AM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt> with error: The connection with the server was terminated abnormally Error - 8/4/2011 2:15:47 AM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/91C6D6EE3E8AC86384E548C299295C756C817B81.crt> with error: This network connection does not exist. Error - 8/4/2011 11:37:59 PM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: The connection with the server was terminated abnormally Error - 8/4/2011 11:37:59 PM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: This network connection does not exist. Error - 8/5/2011 12:07:01 AM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: The connection with the server was terminated abnormally Error - 8/5/2011 12:07:01 AM | Computer Name = NGNETBOOK | Source = crypt32 | ID = 131077 Description = Failed auto update retrieval of third-party root certificate from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/503006091D97D4F5AE39F7CBE7927D7D652D3431.crt> with error: This network connection does not exist. [ OSession Events ] Error - 2/21/2011 10:02:45 PM | Computer Name = NGNETBOOK | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19521 seconds with 1020 seconds of active time. This session ended with a crash. [ System Events ] Error - 8/4/2011 11:18:52 PM | Computer Name = NGNETBOOK | Source = DCOM | ID = 10005 Description = DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} < End of report > |
#5
|
|||
|
|||
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-04 22:49:56 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 Hitachi_ rev.FB2O Running: 5q045wj3.exe; Driver: C:\DOCUME~1\JOHNNG~1\LOCALS~1\Temp\fwryypow.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\Explorer.EXE[552] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A .text C:\WINDOWS\Explorer.EXE[552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A .text C:\WINDOWS\Explorer.EXE[552] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BD000C .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B1000A .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B2000A .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006F000C .text C:\WINDOWS\system32\SearchIndexer.exe[2244] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (NT File System Driver/Microsoft Corporation) Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!! Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior ---- EOF - GMER 1.0.15 ---- |
#6
|
|||
|
|||
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-04 22:52:36 ----------------------------- 22:52:36.843 OS Version: Windows 5.1.2600 Service Pack 3 22:52:36.843 Number of processors: 2 586 0x1C02 22:52:36.843 ComputerName: NGNETBOOK UserName: John Ng 22:52:37.500 Initialize success 22:53:38.328 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 22:53:38.328 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3 22:53:38.343 Disk 0 MBR read successfully 22:53:38.343 Disk 0 MBR scan 22:53:38.359 Disk 0 TDL4@MBR code has been found 22:53:38.359 Disk 0 Windows XP default MBR code found via API 22:53:38.375 Disk 0 MBR hidden 22:53:38.375 Disk 0 MBR [TDL4] **ROOTKIT** 22:53:38.390 Disk 0 trace - called modules: 22:53:38.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89cb14d0]<< 22:53:38.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a652030] 22:53:38.421 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000071[0x8a66a320] 22:53:38.437 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> [0x8a649028] 22:53:38.453 \Driver\iaStor[0x8a659500] -> IRP_MJ_CREATE -> 0x89cb14d0 22:53:38.468 Scan finished successfully 22:54:00.078 Disk 0 MBR has been saved successfully to "E:\Virus Removal\MBR.dat" 22:54:00.125 The log file has been saved successfully to "E:\Virus Removal\aswMBR.txt" |
#7
|
||||
|
||||
I reckon that rootkit diagnosis is pretty obvious there. Let's see to that.
Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller. In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested. When the scan completes it will create a log file on your C drive. Similar in name to this: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt Your copy will be different - some of those numbers will reflect the date/time it was just run by you there. Copy/paste those contents back here please. ----------- Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive. Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt. ----------- Run a scan with aswMBR again, and post those three logs please. |
#8
|
|||
|
|||
Thank you Jintan for your assistance on this.
2011/08/05 20:37:25.0453 1432 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29 2011/08/05 20:37:25.0828 1432 ================================================== ============================== 2011/08/05 20:37:25.0828 1432 SystemInfo: 2011/08/05 20:37:25.0828 1432 2011/08/05 20:37:25.0828 1432 OS Version: 5.1.2600 ServicePack: 3.0 2011/08/05 20:37:25.0828 1432 Product type: Workstation 2011/08/05 20:37:25.0828 1432 ComputerName: NGNETBOOK 2011/08/05 20:37:25.0828 1432 UserName: Administrator 2011/08/05 20:37:25.0828 1432 Windows directory: C:\WINDOWS 2011/08/05 20:37:25.0828 1432 System windows directory: C:\WINDOWS 2011/08/05 20:37:25.0828 1432 Processor architecture: Intel x86 2011/08/05 20:37:25.0828 1432 Number of processors: 2 2011/08/05 20:37:25.0828 1432 Page size: 0x1000 2011/08/05 20:37:25.0828 1432 Boot type: Safe boot with network 2011/08/05 20:37:25.0828 1432 ================================================== ============================== 2011/08/05 20:37:26.0312 1432 Initialize success 2011/08/05 20:37:28.0343 0672 ================================================== ============================== 2011/08/05 20:37:28.0343 0672 Scan started 2011/08/05 20:37:28.0343 0672 Mode: Manual; 2011/08/05 20:37:28.0343 0672 ================================================== ============================== 2011/08/05 20:37:29.0187 0672 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/08/05 20:37:29.0250 0672 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/08/05 20:37:29.0390 0672 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/08/05 20:37:29.0468 0672 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/08/05 20:37:29.0875 0672 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys 2011/08/05 20:37:30.0156 0672 AR5416 (e0ee769d14128014965e03b433f5f46e) C:\WINDOWS\system32\DRIVERS\athw.sys 2011/08/05 20:37:30.0515 0672 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys 2011/08/05 20:37:30.0593 0672 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/08/05 20:37:30.0671 0672 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/08/05 20:37:30.0812 0672 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/08/05 20:37:30.0890 0672 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/08/05 20:37:31.0031 0672 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys 2011/08/05 20:37:31.0093 0672 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys 2011/08/05 20:37:31.0171 0672 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys 2011/08/05 20:37:31.0312 0672 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/08/05 20:37:31.0484 0672 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys 2011/08/05 20:37:31.0609 0672 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys 2011/08/05 20:37:31.0718 0672 BTKRNL (70455baffc078b6152d1e52376296467) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 2011/08/05 20:37:31.0859 0672 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys 2011/08/05 20:37:31.0921 0672 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys 2011/08/05 20:37:31.0968 0672 BTWUSB (2cfc2bd8785f82a42fcad83de1fa5a36) C:\WINDOWS\system32\Drivers\btwusb.sys 2011/08/05 20:37:32.0062 0672 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/08/05 20:37:32.0125 0672 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/08/05 20:37:32.0250 0672 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/08/05 20:37:32.0390 0672 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/08/05 20:37:32.0453 0672 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/08/05 20:37:32.0640 0672 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/08/05 20:37:32.0765 0672 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/08/05 20:37:32.0984 0672 ctsfm2k (fbef0216316f09d13c84ff4fdf73864d) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys 2011/08/05 20:37:33.0234 0672 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/08/05 20:37:33.0359 0672 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/08/05 20:37:33.0484 0672 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/08/05 20:37:33.0546 0672 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/08/05 20:37:33.0640 0672 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/08/05 20:37:33.0781 0672 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/08/05 20:37:33.0968 0672 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/08/05 20:37:34.0109 0672 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/08/05 20:37:34.0171 0672 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/08/05 20:37:34.0234 0672 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/08/05 20:37:34.0312 0672 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/08/05 20:37:34.0453 0672 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 2011/08/05 20:37:34.0546 0672 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/08/05 20:37:34.0625 0672 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/08/05 20:37:34.0687 0672 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/08/05 20:37:34.0828 0672 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/08/05 20:37:34.0890 0672 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/08/05 20:37:35.0031 0672 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/08/05 20:37:35.0187 0672 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/08/05 20:37:35.0250 0672 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/08/05 20:37:35.0328 0672 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/08/05 20:37:35.0421 0672 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/08/05 20:37:35.0640 0672 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/08/05 20:37:35.0906 0672 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/08/05 20:37:36.0187 0672 iaStor (8ef427c54497c5f8a7a645990e4278c7) C:\WINDOWS\system32\drivers\iaStor.sys 2011/08/05 20:37:36.0281 0672 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/08/05 20:37:36.0640 0672 IntcAzAudAddService (1ae3cff80017ef89da959350724c7194) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/08/05 20:37:36.0937 0672 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/08/05 20:37:36.0984 0672 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/08/05 20:37:37.0046 0672 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/08/05 20:37:37.0109 0672 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/08/05 20:37:37.0187 0672 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/08/05 20:37:37.0281 0672 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/08/05 20:37:37.0375 0672 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/08/05 20:37:37.0468 0672 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/08/05 20:37:37.0562 0672 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/08/05 20:37:37.0640 0672 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/08/05 20:37:37.0765 0672 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/08/05 20:37:37.0828 0672 L1c (6c8658587e91ea25b0fd2e71781ad228) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 2011/08/05 20:37:38.0046 0672 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2011/08/05 20:37:38.0156 0672 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/08/05 20:37:38.0234 0672 LBeepKE (9ffd1cf2a782f2560e78eec4b8b8689e) C:\WINDOWS\system32\Drivers\LBeepKE.sys 2011/08/05 20:37:38.0390 0672 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 2011/08/05 20:37:38.0515 0672 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 2011/08/05 20:37:38.0578 0672 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys 2011/08/05 20:37:38.0750 0672 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/08/05 20:37:38.0859 0672 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/08/05 20:37:38.0953 0672 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys 2011/08/05 20:37:39.0093 0672 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/08/05 20:37:39.0156 0672 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/08/05 20:37:39.0250 0672 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/08/05 20:37:39.0359 0672 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/08/05 20:37:39.0500 0672 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/08/05 20:37:39.0609 0672 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/08/05 20:37:39.0703 0672 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/08/05 20:37:39.0750 0672 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/08/05 20:37:39.0828 0672 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/08/05 20:37:39.0921 0672 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/08/05 20:37:39.0968 0672 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/08/05 20:37:40.0046 0672 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/08/05 20:37:40.0156 0672 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/08/05 20:37:40.0265 0672 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/08/05 20:37:40.0343 0672 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/08/05 20:37:40.0468 0672 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/08/05 20:37:40.0546 0672 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/08/05 20:37:40.0593 0672 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/08/05 20:37:40.0671 0672 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/08/05 20:37:40.0734 0672 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/08/05 20:37:40.0859 0672 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/08/05 20:37:41.0046 0672 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/08/05 20:37:41.0140 0672 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/08/05 20:37:41.0281 0672 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/08/05 20:37:41.0343 0672 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/08/05 20:37:41.0453 0672 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/08/05 20:37:41.0578 0672 ossrv (8db4e2019734038de358e0b01983bde4) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys 2011/08/05 20:37:41.0671 0672 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/08/05 20:37:41.0734 0672 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/08/05 20:37:41.0828 0672 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/08/05 20:37:41.0890 0672 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/08/05 20:37:42.0000 0672 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/08/05 20:37:42.0078 0672 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/08/05 20:37:42.0531 0672 PfModNT (0abc514f6606324ce15484d079027798) C:\WINDOWS\system32\drivers\PfModNT.sys 2011/08/05 20:37:42.0703 0672 policyappblockservice (e36eda6bcc41378f3115a9ceee256c00) C:\Program Files\Parental Control\bin\policyappblock.sys 2011/08/05 20:37:42.0812 0672 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/08/05 20:37:42.0906 0672 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/08/05 20:37:42.0968 0672 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/08/05 20:37:43.0328 0672 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/08/05 20:37:43.0390 0672 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/08/05 20:37:43.0468 0672 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/08/05 20:37:43.0531 0672 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/08/05 20:37:43.0640 0672 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/08/05 20:37:43.0750 0672 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/08/05 20:37:43.0859 0672 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/08/05 20:37:44.0015 0672 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/08/05 20:37:44.0156 0672 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys 2011/08/05 20:37:44.0203 0672 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys 2011/08/05 20:37:44.0265 0672 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys 2011/08/05 20:37:44.0468 0672 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2011/08/05 20:37:44.0531 0672 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2011/08/05 20:37:44.0687 0672 sbusb (ef30dd31f3a07a0f0a960703c2446865) C:\WINDOWS\system32\DRIVERS\sbusb.sys 2011/08/05 20:37:44.0921 0672 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/08/05 20:37:45.0031 0672 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/08/05 20:37:45.0140 0672 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/08/05 20:37:45.0328 0672 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/08/05 20:37:45.0500 0672 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/08/05 20:37:45.0593 0672 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/08/05 20:37:45.0703 0672 SRS_PremiumSound_Service (0bd44aa4743a9dbd2c638d699a7fd438) C:\WINDOWS\system32\drivers\srs_PremiumSound_i386. sys 2011/08/05 20:37:45.0843 0672 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/08/05 20:37:45.0984 0672 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/08/05 20:37:46.0046 0672 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/08/05 20:37:46.0109 0672 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/08/05 20:37:46.0453 0672 SynTP (a10d781153bb23036b474ffedb448266) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/08/05 20:37:46.0531 0672 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/08/05 20:37:46.0671 0672 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/08/05 20:37:46.0781 0672 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/08/05 20:37:46.0843 0672 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/08/05 20:37:46.0921 0672 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/08/05 20:37:47.0109 0672 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/08/05 20:37:47.0250 0672 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/08/05 20:37:47.0406 0672 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/08/05 20:37:47.0468 0672 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/08/05 20:37:47.0546 0672 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/08/05 20:37:47.0656 0672 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/08/05 20:37:47.0718 0672 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/08/05 20:37:47.0796 0672 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/08/05 20:37:47.0859 0672 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/08/05 20:37:47.0984 0672 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/08/05 20:37:48.0062 0672 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/08/05 20:37:48.0140 0672 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 2011/08/05 20:37:48.0203 0672 uvclf (c019889035cdc1a06f2febc93cbb6897) C:\WINDOWS\system32\DRIVERS\uvclf.sys 2011/08/05 20:37:48.0296 0672 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/08/05 20:37:48.0453 0672 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/08/05 20:37:48.0578 0672 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/08/05 20:37:48.0640 0672 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/08/05 20:37:48.0765 0672 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/08/05 20:37:48.0953 0672 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/08/05 20:37:49.0375 0672 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/08/05 20:37:49.0437 0672 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/08/05 20:37:49.0515 0672 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/08/05 20:37:49.0734 0672 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0 2011/08/05 20:37:49.0765 0672 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/08/05 20:37:49.0796 0672 Boot (0x1200) (e51350cad4830473d54b3f99296ea2bf) \Device\Harddisk0\DR0\Partition0 2011/08/05 20:37:49.0875 0672 Boot (0x1200) (23d9801df2bad941df900c69868db793) \Device\Harddisk0\DR0\Partition1 2011/08/05 20:37:49.0906 0672 ================================================== ============================== 2011/08/05 20:37:49.0906 0672 Scan finished 2011/08/05 20:37:49.0906 0672 ================================================== ============================== 2011/08/05 20:37:49.0953 1448 Detected object count: 1 2011/08/05 20:37:49.0953 1448 Actual detected object count: 1 2011/08/05 20:38:13.0625 1448 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/08/05 20:38:13.0625 1448 \Device\Harddisk0\DR0 - ok 2011/08/05 20:38:13.0625 1448 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/08/05 20:39:07.0078 0512 Deinitialize success |
#9
|
|||
|
|||
ComboFix 11-08-05.03 - Administrator 08/05/2011 21:05:56.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1658 [GMT -7:00] Running from: C:\Documents and Settings\Administrator\My Documents\Downloads\ComboFix.exe AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Documents and Settings\John Ng\GoToAssistDownloadHelper.exe C:\WINDOWS\system32\Thumbs.db D:\install.exe ((((((((((((((((((((((((( Files Created from 2011-07-06 to 2011-08-06 ))))))))))))))))))))))))))))))) 2011-08-05 07:52:17 . 2011-08-05 07:52:55 -------- d-----w- C:\Documents and Settings\Administrator 2011-08-05 04:41:48 . 2011-08-05 04:41:48 64512 --sha-r- C:\WINDOWS\system32\mswsockj.dll 2011-08-04 09:00:55 . 2011-08-04 09:00:55 -------- d-----w- C:\Documents and Settings\All Users\Application DataMicrosoft 2011-08-04 08:56:43 . 2011-08-04 08:56:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Provisioning 2011-08-04 06:16:06 . 2011-08-04 06:16:06 -------- d-----w- C:\Documents and Settings\All Users\Application Data\!SASCORE 2011-08-04 06:16:01 . 2011-08-04 06:16:32 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2011-08-04 06:16:01 . 2011-08-04 06:16:01 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2011-08-03 06:27:35 . 2011-07-08 14:55:36 41272 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2011-08-03 06:27:32 . 2011-08-03 06:27:32 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2011-08-03 06:27:24 . 2011-08-03 06:27:43 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2011-08-03 06:27:24 . 2011-07-08 14:55:36 22712 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys 2011-08-02 13:19:33 . 2011-08-02 13:19:33 -------- d-----w- C:\Adobe 2011-07-07 05:18:39 . 2011-07-07 05:18:52 -------- d-----w- C:\Documents and Settings\Bunky\Local Settings\Application Data\Temp 2011-07-07 05:18:34 . 2011-07-07 05:18:56 -------- d-----w- C:\Documents and Settings\Bunky\Local Settings\Application Data\Facebook . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) 2011-07-10 17:23:12 . 2009-11-09 08:33:35 101720 ----a-w- C:\WINDOWS\system32\drivers\SBREDrv.sys 2011-07-09 21:01:02 . 2009-10-18 16:15:57 243152 ----a-w- C:\WINDOWS\system32\drivers\avgtdix.sys 2011-06-17 05:59:16 . 2011-05-19 13:49:34 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2011-06-02 14:02:05 . 2009-04-29 10:54:20 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys 2011-06-25 16:25:44 . 2011-03-24 13:02:23 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2011-03-18 15:11:00 2471240 ----a-w- C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 15:11:00 2471240] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayIconExtension1] @="{fe25455d-b4c2-4e32-97d2-92632ec1c224}" [HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}] 2009-11-07 08:07:04 297808 ----a-w- C:\WINDOWS\system32\mscoree.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayIconExtension2] @="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}" [HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}] 2009-11-07 08:07:04 297808 ----a-w- C:\WINDOWS\system32\mscoree.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Eee Docking"="C:\Program Files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 14:42:54 395776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 15:08:08 135168] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 15:08:12 159744] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 08:57:54 1434920] "SynAsusAcpi"="C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 08:58:06 79144] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.E XE" [2008-04-14 12:00:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScI nst.exe" [2008-04-14 12:00:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT \TINTSETP.EXE" [2008-04-14 12:00:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TIN TSETP.EXE" [2008-04-14 12:00:00 455168] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 16:55:10 55824] "RTHDCPL"="RTHDCPL.EXE" [2009-03-27 03:22:08 17567744] "SbUsb AudCtrl"="sbusbdll.dll" [2005-05-27 00:52:26 128000] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2010-11-30 01:38:18 421888] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 19:48:18 58656] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 18:44:34 31072] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-06-08 00:51:12 421160] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 19:55:28 937920] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 12:00:00 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-7 376832] AsusVibeLauncher.lnk - C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-13 548528] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2009-8-25 813584] McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 06:41:34 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 00:02:18 113024] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54:14 551296 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-07-17 04:27:24 12536 ----a-w- C:\WINDOWS\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-07-04 17:22:53 13672 ----a-w- C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 19:28:42 72208 ----a-w- c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^John Ng^Start Menu^Programs^Startup^AOL Desktop.lnk] path=C:\Documents and Settings\John Ng\Start Menu\Programs\Startup\AOL Desktop.lnk backup=C:\WINDOWS\pss\AOL Desktop.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^John Ng^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk] path=C:\Documents and Settings\John Ng\Start Menu\Programs\Startup\Thoosje Vista Sidebar.lnk backup=C:\WINDOWS\pss\Thoosje Vista Sidebar.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 19:55:28 937920 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim] 2010-05-21 15:36:28 3824472 ----a-w- C:\Program Files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 19:48:18 58656 ----a-w- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusACPIServer] 2009-04-16 23:46:30 630784 ----a-w- C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusEPCMonitor] 2009-03-13 20:15:02 98304 ----a-w- C:\Program Files\EeePC\ACPI\AsEPCMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusTray] 2009-04-16 22:58:54 118784 ----a-w- C:\Program Files\EeePC\ACPI\AsTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY] 2011-04-05 13:31:19 2071904 ----a-w- C:\PROGRA~1\AVG\AVG9\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking] 2009-05-08 14:42:54 395776 ----a-w- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-08-12 14:04:46 133104 ----atw- C:\Documents and Settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 18:44:34 31072 ----a-w- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2008-06-24 18:34:50 41824 ----a-w- C:\Program Files\Common Files\AOL\1249367258\ee\aolsoftware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 09:41:10 49152 ----a-w- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-06-08 00:51:12 421160 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-07-08 14:55:36 449584 ----a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 12:42:30 1695232 ------w- C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-02-06 22:51:28 3885408 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Parental Control] 2009-03-20 22:23:32 1104384 ----a-w- C:\Program Files\Parental Control\bin\pcontrol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-12-19 15:07:42 131072 ----a-w- C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 01:38:18 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-03-27 03:22:08 17567744 ----a-w- C:\WINDOWS\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 23:07:20 2260480 --sha-r- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-05-21 18:34:07 148888 ----a-w- C:\Program Files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-07-29 01:09:07 4599680 ----a-w- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-11-05 06:18:12 198160 ----a-w- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOL ACS"=3 (0x3) "Lavasoft Ad-Aware Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "C:\\Program Files\\Common Files\\AOL\\1249367258\\ee\\aolsoftware.exe"= "C:\\Program Files\\Common Files\\AOL\\1249367258\\ee\\AOLDesktop.exe"= "C:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "C:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "C:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Documents and Settings\\John Ng\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octosh ape.exe"= "C:\\Program Files\\AIM\\aim.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "C:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Documents and Settings\\Bunky\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling .exe"= "C:\\Documents and Settings\\John Ng\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling .exe"= R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [9/12/2009 9:04:39 PM 64288] R1 AvgTdiX;AVG Free Network Redirector;C:\WINDOWS\system32\drivers\avgtdix.sys [10/18/2009 9:15:57 AM 243152] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;C:\WINDOWS\system32\drivers\l1c51x86.sy s [4/9/2009 4:17:24 AM 38912] S1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\drivers\avgldx86.sys [10/18/2009 9:15:57 AM 216400] S1 policyappblockservice;Parental Control Application Filter;C:\Program Files\Parental Control\bin\policyappblock.sys [2/2/2009 1:22:44 PM 5120] S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27:02 AM 12880] S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55:22 PM 67664] S2 LBeepKE;LBeepKE;C:\WINDOWS\system32\drivers\LBeepK E.sys [8/25/2009 11:24:20 PM 10384] S2 privoxy;privoxy;C:\Program Files\Privoxy\privoxy.exe --service --> C:\Program Files\Privoxy\privoxy.exe --service [?] S2 SlingAgentService;SlingAgentService;C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 2:16:06 PM 93960] S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [8/3/2009 6:53:42 PM 24652] S3 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore.exe [7/18/2011 5:02:03 PM 123264] S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfil t.sys [5/7/2009 6:19:03 PM 1684736] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/26/2010 7:55:29 PM 947528] S3 avg9emc;AVG Free E-mail Scanner;C:\Program Files\AVG\AVG9\avgemc.exe [7/16/2010 9:27:14 PM 921952] S3 avg9wd;AVG Free WatchDog;C:\Program Files\AVG\AVG9\avgwdsvc.exe [7/16/2010 9:27:21 PM 308136] S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 1:13:29 AM 15232] S3 MBAMProtector;MBAMProtector;C:\WINDOWS\system32\dr ivers\mbam.sys [8/2/2011 11:27:24 PM 22712] S3 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [8/2/2011 11:27:35 PM 366640] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49:20 AM 227232] S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\drivers\sbusb.sys [8/12/2010 10:43:01 PM 1694592] S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;C:\WINDOWS\system32\drivers\SRS_PremiumSound _i386.sys [5/7/2009 7:35:29 PM 232872] S3 uvclf;uvclf;C:\WINDOWS\system32\drivers\uvclf.sys [4/1/2009 7:19:09 PM 39040] S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [12/3/2010 2:05:32 AM 2151640] --- Other Services/Drivers In Memory --- *NewlyCreated* - LBEEPKE Contents of the 'Scheduled Tasks' folder 2011-08-04 C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-12-03 09:05:33 . 2011-06-28 11:19:45] 2011-06-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34:12 . 2008-07-30 19:34:12] 2011-08-03 C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job - C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 05:29:49 . 2011-07-15 13:00:29] 2011-08-05 C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job - C:\Documents and Settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 05:29:49 . 2011-07-15 13:00:29] 2011-08-05 C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006Core.job - C:\Documents and Settings\Bunky\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 05:18:36 . 2011-07-07 05:18:33] 2011-08-05 C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006UA.job - C:\Documents and Settings\Bunky\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 05:18:36 . 2011-07-07 05:18:33] 2011-08-05 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job - C:\Documents and Settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 14:04:46 . 2009-08-12 14:04:46] 2011-08-06 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job - C:\Documents and Settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 14:04:46 . 2009-08-12 14:04:46] ------- Supplementary Scan ------- uStart Page = hxxp://eeepc.asus.com/global IE: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll FF - ProfilePath - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wwi0no1n.default\ - - - - ORPHANS REMOVED - - - - MSConfigStartUp-Adobe Reader Speed Launcher - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-Aim6 - C:\Program Files\AIM6\aim6.exe MSConfigStartUp-nmctxth - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe MSConfigStartUp-SRS Premium Sound - C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-05 21:14:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(652) C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL C:\WINDOWS\system32\WININET.dll C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll Completion time: 2011-08-05 21:17:29 ComboFix-quarantined-files.txt 2011-08-06 04:17:26 Pre-Run: 46,857,654,272 bytes free Post-Run: 47,132,536,832 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 0E144DA11FBB4987083E6937A897F8D5 |
#10
|
|||
|
|||
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-06 01:34:38 ----------------------------- 01:34:38.890 OS Version: Windows 5.1.2600 Service Pack 3 01:34:38.890 Number of processors: 2 586 0x1C02 01:34:38.890 ComputerName: NGNETBOOK UserName: John Ng 01:34:39.703 Initialize success 01:34:45.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 01:34:45.687 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3 01:34:45.718 Disk 0 MBR read successfully 01:34:45.718 Disk 0 MBR scan 01:34:45.734 Disk 0 Windows XP default MBR code 01:34:45.750 Disk 0 scanning sectors +312576705 01:34:45.828 Disk 0 scanning C:\WINDOWS\system32\drivers 01:34:58.687 Service scanning 01:35:00.421 Modules scanning 01:35:07.281 Disk 0 trace - called modules: 01:35:07.281 01:35:07.281 Scan finished successfully 01:36:09.890 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\John Ng\My Documents\MBR.dat" 01:36:09.890 The log file has been saved successfully to "C:\Documents and Settings\John Ng\My Documents\aswMBR.txt" |
#11
|
||||
|
||||
Would be positive, but aswMBR is being denied access to the kernel, so something is still involved. I now see you have both AVG and Ad-Aware. Ad-Aware is now an antivirus program, so would conflict and damage any other antivirus programs installed. You will need to temp disable all security programs, then one at a time, uninstall both antivirus programs. Rebooting between the uninstalls.
Since lately it hasn't done a complete uninstall, once you have done the uninstalls, go here and download and run the AVG uninstaller. Just select the 2011 uninstaller, which should remove any older versions as well. Then run and post new ComboFix, Gmer and aswMBR scan logs, in that order please. |
#12
|
|||
|
|||
ComboFix 11-08-06.02 - Administrator 08/06/2011 22:40:59.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1648 [GMT -7:00] Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . Infected copy of c:\windows\system32\Version.dll was found and disinfected Restored copy from - c:\windows\ERDNT\cache\version.dll . . ((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 ))))))))))))))))))))))))))))))) . . 2011-08-06 23:24 . 2011-08-06 18:02 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-08-06 17:56 . 2011-08-06 17:56 -------- d-----w- c:\program files\Lavasoft 2011-08-05 07:52 . 2011-08-05 07:52 -------- d-----w- c:\documents and settings\Administrator 2011-08-05 04:41 . 2011-08-05 04:41 64512 --sha-r- c:\windows\system32\mswsockj.dll 2011-08-04 09:00 . 2011-08-04 09:00 -------- d-----w- c:\documents and settings\All Users\Application DataMicrosoft 2011-08-04 08:56 . 2011-08-04 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Provisioning 2011-08-04 06:16 . 2011-08-04 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE 2011-08-04 06:16 . 2011-08-04 06:16 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-08-04 06:16 . 2011-08-04 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-08-03 06:27 . 2011-07-08 14:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-03 06:27 . 2011-08-03 06:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-03 06:27 . 2011-08-03 06:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-03 06:27 . 2011-07-08 14:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-02 13:19 . 2011-08-02 13:19 -------- d-----w- C:\Adobe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2011-07-21 21:59 . 2009-09-13 04:04 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-07-10 17:23 . 2009-11-09 08:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-17 05:59 . 2011-05-19 13:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-02 14:02 . 2009-04-29 10:54 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-06-25 16:25 . 2011-03-24 13:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-06_04.14.55 ))))))))))))))))))))))))))))))))))))))))) . + 2011-08-07 05:50 . 2011-08-07 05:50 16384 c:\windows\temp\Perflib_Perfdata_6d8.dat + 2011-08-06 17:56 . 2011-07-21 21:59 64512 c:\windows\system32\DRVSTORE\lbd_69523D0F7F903BDB4 77CD80CFD35086362532B23\Lbd.sys - 2009-05-08 14:05 . 2011-08-04 03:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-05-08 14:05 . 2011-08-06 18:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-05-08 14:05 . 2011-08-04 03:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-05-08 14:05 . 2011-08-06 18:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-05-08 14:05 . 2011-08-04 03:22 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat + 2011-08-06 17:42 . 2011-08-06 18:11 16384 c:\windows\system32\config\systemprofile\Cookies\i ndex.dat + 2009-07-12 07:02 . 2009-07-12 07:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll + 2009-07-12 07:02 . 2009-07-12 07:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll + 2009-07-12 07:05 . 2009-07-12 07:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a 1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll + 2009-07-12 05:11 . 2009-07-12 05:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b 9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll + 2009-07-12 05:11 . 2009-07-12 05:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b 9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll + 2009-07-12 05:14 . 2009-07-12 05:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b 9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll + 2009-07-12 05:11 . 2009-07-12 05:11 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b 9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll + 2011-08-06 17:57 . 2011-08-06 17:57 5157376 c:\windows\Installer\4a6746.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayIconExtension1] @="{fe25455d-b4c2-4e32-97d2-92632ec1c224}" [HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}] 2009-11-07 08:07 297808 ----a-w- c:\windows\system32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayIconExtension2] @="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}" [HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}] 2009-11-07 08:07 297808 ----a-w- c:\windows\system32\mscoree.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-03 102400] "Facebook Update"="c:\documents and settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2011-07-15 137536] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920] "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2008-04-14 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2008-04-14 455168] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744] "SbUsb AudCtrl"="sbusbdll.dll" [2005-05-27 128000] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQg BXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4 ADYARwA&inst=NwA3AC0ANgA3ADEAMAAwADgAMwAzADcALQBGA FAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0 ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsAN QAtAEYAOQBNADEAMABCACsAMgAtAEQARABUACsAMAAtAFgATwA 5ACsAMQA&prod=90&ver=9.0.894" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-7 376832] AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-13 548528] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-25 813584] . [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-07-04 17:22 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^John Ng^Start Menu^Programs^Startup^AOL Desktop.lnk] path=c:\documents and settings\John Ng\Start Menu\Programs\Startup\AOL Desktop.lnk backup=c:\windows\pss\AOL Desktop.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^John Ng^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk] path=c:\documents and settings\John Ng\Start Menu\Programs\Startup\Thoosje Vista Sidebar.lnk backup=c:\windows\pss\Thoosje Vista Sidebar.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim] 2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 19:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusACPIServer] 2009-04-16 23:46 630784 ----a-w- c:\program files\EeePC\ACPI\AsAcpiSvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusEPCMonitor] 2009-03-13 20:15 98304 ----a-w- c:\program files\EeePC\ACPI\AsEPCMon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusTray] 2009-04-16 22:58 118784 ----a-w- c:\program files\EeePC\ACPI\AsTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking] 2009-05-08 14:42 395776 ----a-w- c:\program files\ASUS\Eee Docking\Eee Docking.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-08-12 14:04 133104 ----atw- c:\documents and settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1249367258\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 09:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-06-08 00:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-07-08 14:55 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Parental Control] 2009-03-20 22:23 1104384 ----a-w- c:\program files\Parental Control\bin\pcontrol.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-12-19 15:07 131072 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-03-27 03:22 17567744 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-05-21 18:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-07-29 01:09 4599680 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-11-05 06:18 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOL ACS"=3 (0x3) "Lavasoft Ad-Aware Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1249367258\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1249367258\\ee\\AOLDesktop.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Documents and Settings\\John Ng\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octosh ape.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Bunky\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling .exe"= "c:\\Documents and Settings\\John Ng\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling .exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/12/2009 9:04 PM 64512] R1 policyappblockservice;Parental Control Application Filter;c:\program files\Parental Control\bin\policyappblock.sys [2/2/2009 1:22 PM 5120] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [8/25/2009 11:24 PM 10384] R2 privoxy;privoxy;c:\program files\Privoxy\privoxy.exe --service --> c:\program files\Privoxy\privoxy.exe --service [?] R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 2:16 PM 93960] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/3/2009 6:53 PM 24652] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sy s [4/9/2009 4:17 AM 38912] R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/1/2009 7:19 PM 39040] S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/18/2011 5:02 PM 123264] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [5/7/2009 6:19 PM 1684736] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/21/2011 2:59 PM 2151640] S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [8/2/2011 11:27 PM 22712] S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/2/2011 11:27 PM 366640] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232] S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [8/12/2010 10:43 PM 1694592] S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound _i386.sys [5/7/2009 7:35 PM 232872] . [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{efca04e8-00e7-11df-8910-002243deae35}] \Shell\AutoRun\command - E:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder . 2011-08-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 21:59] . 2011-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . 2011-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job - c:\documents and settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 13:00] . 2011-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job - c:\documents and settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 13:00] . 2011-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006Core.job - c:\documents and settings\Bunky\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 05:18] . 2011-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006UA.job - c:\documents and settings\Bunky\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 05:18] . 2011-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job - c:\documents and settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 14:04] . 2011-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job - c:\documents and settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 14:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com/?l=dis&o=1587&gct=hp uInternet Settings,ProxyOverride = *.local IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Free YouTube to Mp3 Converter - c:\documents and settings\John Ng\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3convert er.htm IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={s earchTerms} FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . ************************************************** ************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-06 22:50 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run Creative Detector = "c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R??????D~??A~??????A~???w????????|??????w???w????? ??????s?????????????b?????????????????????????s??? ?????m??? ???????C??s????|??s???wC??s ????????????b??????3$??@???4?A~??????????????????? w??????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(812) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . - - - - - - - > 'explorer.exe'(2104) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\program files\ASUS\Eee Storage\XPClient.dll c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll c:\program files\ASUS\Eee Storage\EcaremeDLL.dll c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390 .31024__0d0f4b69e50e559b\SqliteShared.dll c:\windows\assembly\GAC_32\System.Data.SQLite\1.0. 60.0__db937bc2d44ff139\System.Data.SQLite.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\CTsvcCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Privoxy\privoxy.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\SearchIndexer.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\system32\wscntfy.exe c:\windows\system32\RunDll32.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************** ************************ . Completion time: 2011-08-06 22:55:23 - machine was rebooted ComboFix-quarantined-files.txt 2011-08-07 05:55 ComboFix2.txt 2011-08-06 04:17 . Pre-Run: 49,601,286,144 bytes free Post-Run: 49,580,961,792 bytes free . - - End Of File - - 53AA094B1C113C783E0A5764C75D03A7 |
#13
|
|||
|
|||
trying again with AVG and Ad-Aware uninstalled.
ComboFix 11-08-06.02 - Administrator 08/07/2011 7:12.3.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1630 [GMT -7:00] Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\John Ng\Local Settings\Temp\CR_C1A93.tmp\setup.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\arb\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\arb\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\arb\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\chs\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\chs\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\chs\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\cht\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\cht\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\cht\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hpbmiapi.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \HPBOID.EXE c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hpboidps.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \HPBPRO.EXE c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hpbprops.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \HPJCMN2U.DLL c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \HPJIPX1U.DLL c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hpoism01.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hppapml0.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hpqip09.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\com_os \hpqish09.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\common\drivers\win9x_ me\atl.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\csy\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\csy\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\csy\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\dan\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\dan\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\dan\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\deu\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\deu\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\deu\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win2000\ hpzc3212.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win2000\ hpzid412.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win2000\ hpzipr12.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win2000\ hpzisc12.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win2000\ hpzius12.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win2000\ hpzs2k12.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp hpar98.vxd c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zbrx12.pdr c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zc3212.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zid412.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zimn12.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zipa12.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zipr12.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zisc12.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zius12.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zs9x12.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\win98\hp zuci12.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\winxp\hp paufd0.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\wrapper\ _isdel.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\wrapper\ _setup.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\wrapper\ setup.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\dot4\wrapper\ wrapper.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\fax\hpaiofax. dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\fax\hpzuifax. dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\h potiop2.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\h potpusd.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\h potscl2.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\h povst09.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\h powiax1.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\h powiax2.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\drivers\scanner\x32\u sbscan.sy_ c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\enu\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\enu\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\enu\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\esm\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\esm\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\esm\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\fin\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\fin\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\fin\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\fra\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\fra\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\fra\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\gdiplus.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\grk\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\grk\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\grk\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hbr\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hbr\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hbr\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzc3212.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzglu14.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\HPZidi01.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\HPZIDS01.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzjlog.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzjpp01.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzjut01.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzjvp01.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzpnp14.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzscr14.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzsetup.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hpzuci12.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hun\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hun\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\hun\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\ita\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\ita\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\ita\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\jpn\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\jpn\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\jpn\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\kor\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\kor\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\kor\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\msvcirt.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\msvcrt.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\nld\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\nld\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\nld\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\non\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\non\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\non\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\plk\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\plk\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\plk\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\ptb\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\ptb\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\ptb\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\rus\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\rus\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\rus\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\Setup.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\cfgtoip.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpbntkrs.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpbskutl.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPCommunication .dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPeDiag.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPeSupport.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpgeneric.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjmpr30.vxd c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjmpr40.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjmpr50.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjndis3.vxd c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjndis4.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjndis5.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjnds50.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjsiadp.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpjsira.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkexe.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_ar.dl l c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_en.dl l c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_es.dl l c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_fr.dl l c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_pt.dl l c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_zhcn. dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpntwkwiz_zhtw. dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpoapd01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hponac01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hponicifs01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hponiprint01.ex e c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hponiscan01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\Hponiscp01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hporfd01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpowfs01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPScripting.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZarp01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZcdl01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZchk01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZddv01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzdui01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzfwx01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZgat01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzjfw01.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzjpp01.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzjut02.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzmsi01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZnet01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZnfx01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZnop01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZopt01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzpnp01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzprl01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZpsc01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZpsl01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZrcn01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZrcv01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZrein01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzscr01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\hpzshl01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZsui01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZtim01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZwis01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZwrp01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\HPZwup01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\imagezoneexpres s\PhotobackPluginSetup.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\InstallMetrics. dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\InternetUtil.dl l c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\mdfix01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\mfc42.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\MFC71.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msvcirt.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msvcp60.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msvcp71.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msvcr71.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msxml3.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msxml3a.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\msxml3r.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\openssldll.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\rapiddiscovery. dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\redisco\hpzjfw0 1.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\redisco\hpzjrd0 1.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\redisco\hpzjsn0 1.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\redisco\wsnmp32 .dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\RulesEngine.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdicommunicatio ns.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdiencryption.d ll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdifirewall.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdifirewallnet. dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdiingredients. dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdiingredientsa gents.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdilog.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdinetware.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\sdisdk.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\snmp_pp.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\snmpnet_pp.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\tls704d.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\tls7712d.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\usbready.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\wis\win2k_xp\in stmsi.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\wis\win9x\instm si.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\setup\wsnmp32.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\svc\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\svc\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\svc\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\tls704d.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\tur\drivers\com_lang\ hpofax08.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\tur\drivers\win9x_me\ usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\tur\drivers\win9x_me\ usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\unicows.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\usbhub.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\usbmon.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\usbprint.sys c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\aio\hpopdi05.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\aio\hpopin05.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\240075.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\270615USAM.E XE c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\AccessDenied Utility.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\afsinst.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\enu\Q283787_ W2K_SP3_x86.EXE c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\enu\WindowsX P-KB822603-x86-enu.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\esn\Q283787_ W2K_SP3_x86.EXE c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\esn\WindowsX P-KB822603-x86-esn.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\FixErr1714.e xe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\fra\Q283787_ W2K_SP3_x86.EXE c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\fra\WindowsX P-KB822603-x86-fra.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\HPZlgc01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\HPZprs01.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\MediaSizeSet tings.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\ptb\Q283787_ W2K_SP3_x86.EXE c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\ptb\WindowsX P-KB822603-x86-ptb.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\Q256858_W2K_ SP1_x86.EXE c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\ccc\Q283787_W2K_ SP3_x86_en.EXE c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\cfgmgr32.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\common\hpfpdi14. exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\common\hpqisc09. exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\common\hpzghl14. exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\common\hpzpin14. exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\setupapi.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\support_tools\ms i_install_cleanup\win2000\msicuu.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\util\support_tools\ms i_install_cleanup\win9x\msicu.exe c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\xmlparse.dll c:\documents and settings\John Ng\Local Settings\Temp\hp_webrelease_\xmltok.dll c:\documents and settings\John Ng\Local Settings\Temp\ose00000.exe c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\h\explorer.exe c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\h\iexplore.exe c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\nircmd.exe c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\nircmdc.exe c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\nird\iexplore.exe c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\pev.exe c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\procs\explorer.exe c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\procs\iexplore.com c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\procs\iexplore.exe c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\proxycheck.exe c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\sed.exe c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\swreg.exe c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\userinit.exe c:\documents and settings\John Ng\Local Settings\Temp\RarSFX6\winlogon.exe c:\documents and settings\John Ng\Local Settings\Temp\SUPERSetup\setup.dll . . ((((((((((((((((((((((((( Files Created from 2011-07-07 to 2011-08-07 ))))))))))))))))))))))))))))))) . . 2011-08-07 14:05 . 2011-08-07 14:05 -------- d-----w- c:\windows\LastGood 2011-08-05 07:52 . 2011-08-05 07:52 -------- d-----w- c:\documents and settings\Administrator 2011-08-05 04:41 . 2011-08-05 04:41 64512 --sha-r- c:\windows\system32\mswsockj.dll 2011-08-04 09:00 . 2011-08-04 09:00 -------- d-----w- c:\documents and settings\All Users\Application DataMicrosoft 2011-08-04 08:56 . 2011-08-04 08:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Provisioning 2011-08-04 06:16 . 2011-08-04 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\!SASCORE 2011-08-04 06:16 . 2011-08-04 06:16 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-08-04 06:16 . 2011-08-04 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-08-03 06:27 . 2011-07-08 14:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-08-03 06:27 . 2011-08-03 06:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-08-03 06:27 . 2011-08-03 06:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-03 06:27 . 2011-07-08 14:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-02 13:19 . 2011-08-02 13:19 -------- d-----w- C:\Adobe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2011-07-10 17:23 . 2009-11-09 08:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-17 05:59 . 2011-05-19 13:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-02 14:02 . 2009-04-29 10:54 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-06-25 16:25 . 2011-03-24 13:02 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-06_04.14.55 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-08 14:05 . 2011-08-06 18:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-05-08 14:05 . 2011-08-04 03:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-05-08 14:05 . 2011-08-06 18:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-05-08 14:05 . 2011-08-04 03:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2011-08-07 14:05 . 2011-07-21 21:59 64512 c:\windows\LastGood\system32\DRIVERS\Lbd.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayIconExtension1] @="{fe25455d-b4c2-4e32-97d2-92632ec1c224}" [HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}] 2009-11-07 08:07 297808 ----a-w- c:\windows\system32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Ov erlayIconExtension2] @="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}" [HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}] 2009-11-07 08:07 297808 ----a-w- c:\windows\system32\mscoree.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-05-08 395776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920] "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2008-04-14 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2008-04-14 455168] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744] "SbUsb AudCtrl"="sbusbdll.dll" [2005-05-27 128000] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYASwBQAEMAQgAtADYAQg BXAEYATQAtAFQAUgBMAFEAUgAtAEIAUgBVAEgAUAAtAEMAUAA4 ADYARwA&inst=NwA3AC0ANgA3ADEAMAAwADgAMwAzADcALQBGA FAAOQArADYALQBCAEEAUgA5AEcAKwAxAC0AVABCADkAKwAyAC0 ARgBMACsAOQAtAFgATwAzADYAKwAxAC0ARgA5AE0ANwBDACsAN QAtAEYAOQBNADEAMABCACsAMgAtAEQARABUACsAMAAtAFgATwA 5ACsAMQA&prod=90&ver=9.0.894" [?] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-5-7 376832] AsusVibeLauncher.lnk - c:\program files\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-5-13 548528] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-8-25 813584] . [hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2010-07-04 17:22 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 19:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^John Ng^Start Menu^Programs^Startup^AOL Desktop.lnk] path=c:\documents and settings\John Ng\Start Menu\Programs\Startup\AOL Desktop.lnk backup=c:\windows\pss\AOL Desktop.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^John Ng^Start Menu^Programs^Startup^Thoosje Vista Sidebar.lnk] path=c:\documents and settings\John Ng\Start Menu\Programs\Startup\Thoosje Vista Sidebar.lnk backup=c:\windows\pss\Thoosje Vista Sidebar.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 19:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim] 2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-04-20 19:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusACPIServer] 2009-04-16 23:46 630784 ----a-w- c:\program files\EeePC\ACPI\AsAcpiSvr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusEPCMonitor] 2009-03-13 20:15 98304 ----a-w- c:\program files\EeePC\ACPI\AsEPCMon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusTray] 2009-04-16 22:58 118784 ----a-w- c:\program files\EeePC\ACPI\AsTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking] 2009-05-08 14:42 395776 ----a-w- c:\program files\ASUS\Eee Docking\Eee Docking.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-08-12 14:04 133104 ----atw- c:\documents and settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1249367258\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 09:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-06-08 00:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-07-08 14:55 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Parental Control] 2009-03-20 22:23 1104384 ----a-w- c:\program files\Parental Control\bin\pcontrol.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-12-19 15:07 131072 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2009-03-27 03:22 17567744 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-05-21 18:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2011-07-29 01:09 4599680 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-11-05 06:18 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "AOL ACS"=3 (0x3) "Lavasoft Ad-Aware Service"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1249367258\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1249367258\\ee\\AOLDesktop.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Documents and Settings\\John Ng\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octosh ape.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Documents and Settings\\Bunky\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling .exe"= "c:\\Documents and Settings\\John Ng\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling .exe"= . R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sy s [4/9/2009 4:17 AM 38912] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S1 policyappblockservice;Parental Control Application Filter;c:\program files\Parental Control\bin\policyappblock.sys [2/2/2009 1:22 PM 5120] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 9:27 AM 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 2:55 PM 67664] S2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepK E.sys [8/25/2009 11:24 PM 10384] S2 privoxy;privoxy;c:\program files\Privoxy\privoxy.exe --service --> c:\program files\Privoxy\privoxy.exe --service [?] S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 2:16 PM 93960] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/3/2009 6:53 PM 24652] S3 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/18/2011 5:02 PM 123264] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfil t.sys [5/7/2009 6:19 PM 1684736] S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [8/2/2011 11:27 PM 22712] S3 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/2/2011 11:27 PM 366640] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232] S3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\drivers\sbusb.sys [8/12/2010 10:43 PM 1694592] S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound _i386.sys [5/7/2009 7:35 PM 232872] S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/1/2009 7:19 PM 39040] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - LBEEPKE . Contents of the 'Scheduled Tasks' folder . 2011-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . 2011-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job - c:\documents and settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 13:00] . 2011-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job - c:\documents and settings\John Ng\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-08 13:00] . 2011-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006Core.job - c:\documents and settings\Bunky\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 05:18] . 2011-08-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1006UA.job - c:\documents and settings\Bunky\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-07-07 05:18] . 2011-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005Core.job - c:\documents and settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 14:04] . 2011-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2481989111-2461257284-2038209094-1005UA.job - c:\documents and settings\John Ng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 14:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://eeepc.asus.com/global IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\John Ng\Application Data\Mozilla\Firefox\Profiles\jc1ek5uy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={s earchTerms} FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . ************************************************** ************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-07 07:22 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************** ************************ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(640) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\program files\Citrix\GoToAssist\615\G2AWinLogon.dll c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Completion time: 2011-08-07 07:24:59 ComboFix-quarantined-files.txt 2011-08-07 14:24 ComboFix2.txt 2011-08-07 05:55 ComboFix3.txt 2011-08-06 04:17 . Pre-Run: 49,714,434,048 bytes free Post-Run: 49,691,598,848 bytes free . - - End Of File - - 6AC681D3639608897859D56B13629A44 |
#14
|
|||
|
|||
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-07 10:18:33 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB2O Running: 90fbbho3.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fwryypow.sys ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) Device \FileSystem\Fastfat \Fat B9649D20 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
#15
|
|||
|
|||
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-07 10:23:35 ----------------------------- 10:23:35.421 OS Version: Windows 5.1.2600 Service Pack 3 10:23:35.421 Number of processors: 2 586 0x1C02 10:23:35.421 ComputerName: NGNETBOOK UserName: 10:23:35.984 Initialize success 10:23:43.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 10:23:43.812 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3 10:23:43.843 Disk 0 MBR read successfully 10:23:43.859 Disk 0 MBR scan 10:23:43.875 Disk 0 Windows XP default MBR code 10:23:43.906 Disk 0 scanning sectors +312576705 10:23:44.000 Disk 0 scanning C:\WINDOWS\system32\drivers 10:23:51.359 Service scanning 10:23:55.031 Modules scanning 10:24:00.265 Disk 0 trace - called modules: 10:24:00.328 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys 10:24:00.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5db030] 10:24:00.375 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\00000070[0x8a626f18] 10:24:00.406 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a5e9028] 10:24:00.421 Scan finished successfully 10:24:44.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\MBR.dat" 10:24:44.890 The log file has been saved successfully to "C:\Documents and Settings\Administrator\My Documents\aswMBR log August 7.txt" |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Virus: Security Shield 2012--please help | ronlin | Malware Removal | 13 | March 21st, 2012 02:24 AM |
Virus: Security Shield 2012--need help | dmaksymyshyn | Malware Removal | 19 | March 1st, 2012 03:44 AM |
Vista internet security 2012 Virus... | mxmom | Malware Removal | 23 | February 11th, 2012 05:42 AM |
windows 7 antivirus 2012 app virus | redhawkwolf | Malware Removal | 1 | January 7th, 2012 03:48 AM |
Vista Home Security 2012 virus | Lowella | Malware Removal | 22 | December 27th, 2011 02:15 AM |
All times are GMT +1. The time now is 03:55 AM.