Computer Hope
Software => Computer viruses and spyware => Topic started by: helpnsupport on February 07, 2011, 05:09:52 PM
-
Here are the logs
[recovering disk space - old attachment deleted by admin]
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************
Please don't attach the logs unless absolutely necessary. Copy and paste is best.
What problems are you experiencing?
**************************************************
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and links posted for each one)
* Copy the file path in the below Code box:
C:\Program Files\Tudou\¡¤¨¦?¨´Tudou\TudouVa.exe
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
****************************************
I strongly recommend that you remove Ask from your computer because it;
•Promotes its toolbars on sites targeted to kids.
•Promotes its toolbars through ads that appear to be part of other companies' sites.
•Promotes its toolbars through other companies' spyware.
•Installs without any disclosure whatsoever and without any consent whatsoever.
•Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
•Makes confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
See Here (http://www.benedelman.org/spyware/ask-toolbars/) for more info.
If you choose to follow my recommendation then please go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.
•AskBarDis or anything related to Ask
Then please find and delete this folder in bold (if present):
C:\Program Files\AskBarDis. or anything related to Ask.
***********************************************
Open HijackThis and select Do a system scan only
Place a check mark next to the following entries: (if there)
O3 - Toolbar: Searchqu Toolbar - {7FF99715-3016-4381-84CE-E4E4C9673020} - C:\PROGRA~1\WI9130~1\ToolBar\SearchquDx.dll
O4 - Startup: ???¡¥¡¤¨¦?¨´¨ª¨¢?1.lnk
O4 - Startup: Æô¶¯·ÉËÙÍÁ¶¹.lnk = ?
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
O15 - ESC Trusted Zone: http://*.update.microsoft.com
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
***********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**************************************************
Please download ComboFix (http://img7.imageshack.us/img7/4930/combofix.gif) from BleepingComputer.com (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Alternate link: GeeksToGo.com (http://subs.geekstogo.com/ComboFix.exe)
and save it to your Desktop.
If you are using Firefox, make sure that your download settings are as follows:
* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
(http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif)
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif)
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
If you have problems with ComboFix usage, see How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
-
I can't paste the file path in the Jotti's Malware. it kept opening a file upload window. pls help. Thanks.
-
thank you for your prompt reply.
here are the required documents:
the link to the jotti malware is: http://virusscan.jotti.org/en/scanresult/ff25d901c861c2cfe
2d9beb8bc33d059c106e7fa/c6
da2bbc31bc8a2bb804dae7f4be9e2afa58b105
the combofix:
ComboFix 11-02-09.02 - Vivian 9/2011 Wed 17:37:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1983.1434 [GMT -8:00]
执行位置: c:\documents and settings\Vivian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Application Data\BITS
c:\documents and settings\Administrator\Application Data\BITS\BITS.ini
c:\documents and settings\Guest\Application Data\searchqutb
c:\documents and settings\Guest\Local Settings\Application Data\{A486B01D-82AE-4422-AD3B-E39AAD3E3A19}
c:\documents and settings\Guest\Local Settings\Application Data\{A486B01D-82AE-4422-AD3B-E39AAD3E3A19}\chrome.manifest
c:\documents and settings\Guest\Local Settings\Application Data\{A486B01D-82AE-4422-AD3B-E39AAD3E3A19}\chrome\content\_cfg.js
c:\documents and settings\Guest\Local Settings\Application Data\{A486B01D-82AE-4422-AD3B-E39AAD3E3A19}\chrome\content\overlay.xul
c:\documents and settings\Guest\Local Settings\Application Data\{A486B01D-82AE-4422-AD3B-E39AAD3E3A19}\install.rdf
c:\documents and settings\NetworkService\Application Data\adlLiqYG.exe
c:\documents and settings\NetworkService\Application Data\b6QoiXh7Q.exe
c:\documents and settings\NetworkService\Application Data\bFO2Zoi.exe
c:\documents and settings\NetworkService\Application Data\CyfcDLWjM.exe
c:\documents and settings\NetworkService\Application Data\download2
c:\documents and settings\NetworkService\Application Data\DtqYKLlS8.exe
c:\documents and settings\NetworkService\Application Data\E4FX3Cdk.exe
c:\documents and settings\NetworkService\Application Data\e772kDzUDL.exe
c:\documents and settings\NetworkService\Application Data\Ep5N5t.exe
c:\documents and settings\NetworkService\Application Data\Ffaz9.exe
c:\documents and settings\NetworkService\Application Data\h7pyL.exe
c:\documents and settings\NetworkService\Application Data\l8pEFK.exe
c:\documents and settings\NetworkService\Application Data\q08QKEW.exe
c:\documents and settings\NetworkService\Application Data\q67JNRUg6.exe
c:\documents and settings\NetworkService\Application Data\QjzXjXJ.exe
c:\documents and settings\NetworkService\Application Data\searchqutb
c:\documents and settings\NetworkService\Application Data\searchqutb\dtx.ini
c:\documents and settings\NetworkService\Application Data\searchqutb\guid.dat
c:\documents and settings\NetworkService\Application Data\searchqutb\setupCfg.xml
c:\documents and settings\NetworkService\Application Data\u5WQTB.exe
c:\documents and settings\NetworkService\Application Data\UBn8ksEj.exe
c:\documents and settings\NetworkService\Application Data\uF58FR0.exe
c:\documents and settings\NetworkService\Application Data\ul4VTLeSR.exe
c:\documents and settings\NetworkService\Application Data\Uldc8RgM.exe
c:\documents and settings\NetworkService\Application Data\UzPn7.exe
c:\documents and settings\NetworkService\Application Data\yOz9m.exe
c:\documents and settings\pso\Application Data\searchqutb
c:\documents and settings\pso\Local Settings\Application Data\{5B8CFC43-105A-4AD2-B5D3-DF05CC5CEBA6}
c:\documents and settings\pso\Local Settings\Application Data\{5B8CFC43-105A-4AD2-B5D3-DF05CC5CEBA6}\chrome.manifest
c:\documents and settings\pso\Local Settings\Application Data\{5B8CFC43-105A-4AD2-B5D3-DF05CC5CEBA6}\chrome\content\_cfg.js
c:\documents and settings\pso\Local Settings\Application Data\{5B8CFC43-105A-4AD2-B5D3-DF05CC5CEBA6}\chrome\content\overlay.xul
c:\documents and settings\pso\Local Settings\Application Data\{5B8CFC43-105A-4AD2-B5D3-DF05CC5CEBA6}\install.rdf
c:\documents and settings\tso\Application Data\searchqutb
c:\documents and settings\tso\Local Settings\Application Data\{EBC0B39A-AF71-45B7-9B9B-DFA730BAB169}
c:\documents and settings\tso\Local Settings\Application Data\{EBC0B39A-AF71-45B7-9B9B-DFA730BAB169}\chrome.manifest
c:\documents and settings\tso\Local Settings\Application Data\{EBC0B39A-AF71-45B7-9B9B-DFA730BAB169}\chrome\content\_cfg.js
c:\documents and settings\tso\Local Settings\Application Data\{EBC0B39A-AF71-45B7-9B9B-DFA730BAB169}\chrome\content\overlay.xul
c:\documents and settings\tso\Local Settings\Application Data\{EBC0B39A-AF71-45B7-9B9B-DFA730BAB169}\install.rdf
c:\documents and settings\Vivian\Application Data\download2
c:\documents and settings\Vivian\Application Data\inst.exe
c:\documents and settings\Vivian\Application Data\searchqutb
c:\documents and settings\Vivian\Local Settings\Application Data\{47234F27-27EE-4D1D-8FA1-94AA5C5C2487}
c:\documents and settings\Vivian\Local Settings\Application Data\{47234F27-27EE-4D1D-8FA1-94AA5C5C2487}\chrome.manifest
c:\documents and settings\Vivian\Local Settings\Application Data\{47234F27-27EE-4D1D-8FA1-94AA5C5C2487}\chrome\content\_cfg.js
c:\documents and settings\Vivian\Local Settings\Application Data\{47234F27-27EE-4D1D-8FA1-94AA5C5C2487}\chrome\content\overlay.xul
c:\documents and settings\Vivian\Local Settings\Application Data\{47234F27-27EE-4D1D-8FA1-94AA5C5C2487}\install.rdf
c:\program files\Maxthon2\Modules\MxKWS
c:\program files\Maxthon2\Modules\MxKWS\log\KSWebShield.exe.log
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\plug.xul
c:\program files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngr.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\chrome.manifest
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.js
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content\overlay.xul
c:\program files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\install.rdf
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\engines.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search\search.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\about.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxpanelwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxprefwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\dtxwin.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\neterror.xhtml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\wmpstreamer.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules\datastore.jsm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\preferences.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217.zip
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-mdl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tl.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\bg-scalable-tr.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-dragresize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-close.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-maximize.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-down.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize-over.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btn-wide-minimize.PNG
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\navico-home.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\panel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\powered-mystart.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\tb_icon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluelite.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\bluesky.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\btn_settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back-ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-down-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-drop-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back-ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\button-hover-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ca.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\dictionary.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\divider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\downloadcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\email_on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\games.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\graphred0_5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\grey.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\headsup.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\ico-shield.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\images.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\aol.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-dn.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-right.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\arrow-up.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btn-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-end.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\bg-btnover-start.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\blank.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\btnright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\button-splitter-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\checkmark.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\chevron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\comcast.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\dtx.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\edit-back.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\gmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_cyan.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_lime.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_magenta.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\highlight_yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\hotmail.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\imap.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\lock.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\mailcom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_bg-basic.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menu_separator_bar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitem-splitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemback-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\menuitemright-vista.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\move.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\movetarget.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\footer.htm
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameList.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gametype.xsl
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupGames.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\pop.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\manager.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css\slider.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\music-note.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-options.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slider.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\slideron.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images\track.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\managerpanel.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\volumeslider.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rename.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\resize-box.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsschannelback.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\RSSLogo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\rsstabdivider.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\scroll-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search-go.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\text-ellipsis.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\transparent_1px.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_02.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_03.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_04.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_06.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_07.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_08.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_09.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_10.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_11.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_12.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_13.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_14.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_15.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_16.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_18.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_19.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_20.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\border_21.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-hot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\close-normal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\proxy.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\template.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\templateFF.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\yahoo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lichen.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo-about.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\logo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\maps.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\menuseparatorback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify-save.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modify.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\modifyhot.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\music.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\news.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-main.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-weather.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options\options-widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\orange.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\pixsy.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\relatedlinks.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-collapse.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-delete.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-expand.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-feed.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-remove.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder-rename.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-folder.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-found.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-reload.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss-subscribe.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rss.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rssback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\rsstopback.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search-over.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\search.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchqutb.css
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\settings.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\shopping.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\siteinfo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluelite.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-bluesky.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-grey.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-lichen.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-orange.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\skin-yellow.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\technorati.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\throbber.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\toolbarsplitter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\video.bmp
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\weather.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\web.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_allocine.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_bliptv.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calcal.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_calculator.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_gservices.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_sudoku.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.jpg
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_todo.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_trio.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widget_uconverter.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets-square-16px.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\widgets.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\wikipedia.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yahoosearch.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\yellow.gif
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\youtube.png
c:\program files\Windows Searchqu Toolbar\ToolBar\chrome\skin\zoom.png
c:\program files\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\program files\Windows Searchqu Toolbar\ToolBar\manifest.xml
c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll
c:\program files\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\program files\Windows Searchqu Toolbar\uninstall.exe
c:\windows\d.exe
c:\windows\Readme.txt
c:\windows\system32\AutoRun.inf
c:\windows\system32\config\mcckmplayervod.ini
c:\windows\system32\Install.cmd
c:\windows\system32\muzapp.exe
c:\windows\system32\tmp.reg
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At121.job
c:\windows\Tasks\At122.job
c:\windows\Tasks\At123.job
c:\windows\Tasks\At124.job
c:\windows\Tasks\At125.job
c:\windows\Tasks\At126.job
c:\windows\Tasks\At127.job
c:\windows\Tasks\At128.job
c:\windows\Tasks\At129.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At130.job
c:\windows\Tasks\At131.job
c:\windows\Tasks\At132.job
c:\windows\Tasks\At133.job
c:\windows\Tasks\At134.job
c:\windows\Tasks\At135.job
c:\windows\Tasks\At136.job
c:\windows\Tasks\At137.job
c:\windows\Tasks\At138.job
c:\windows\Tasks\At139.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At140.job
c:\windows\Tasks\At141.job
c:\windows\Tasks\At142.job
c:\windows\Tasks\At143.job
c:\windows\Tasks\At144.job
c:\windows\Tasks\At145.job
c:\windows\Tasks\At146.job
c:\windows\Tasks\At147.job
c:\windows\Tasks\At148.job
c:\windows\Tasks\At149.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At150.job
c:\windows\Tasks\At151.job
c:\windows\Tasks\At152.job
c:\windows\Tasks\At153.job
c:\windows\Tasks\At154.job
c:\windows\Tasks\At155.job
c:\windows\Tasks\At156.job
c:\windows\Tasks\At157.job
c:\windows\Tasks\At158.job
c:\windows\Tasks\At159.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At160.job
c:\windows\Tasks\At161.job
c:\windows\Tasks\At162.job
c:\windows\Tasks\At163.job
c:\windows\Tasks\At164.job
c:\windows\Tasks\At165.job
c:\windows\Tasks\At166.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( 2011-01-10 至 2011-02-10 的新的档案 )))))))))))))))))))))))))))))))
.
2011-02-10 01:06 . 2011-02-10 01:06 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7109.bat
2011-02-10 00:06 . 2011-02-10 00:06 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6348.bat
2011-02-09 18:06 . 2011-02-09 18:06 183 ----a-w- c:\documents and settings\NetworkService\Application Data\1980.bat
2011-02-09 06:06 . 2011-02-09 06:06 189 ----a-w- c:\documents and settings\NetworkService\Application Data\849.bat
2011-02-09 05:08 . 2011-02-09 05:08 187 ----a-w- c:\documents and settings\NetworkService\Application Data\870.bat
2011-02-09 04:06 . 2011-02-09 04:06 183 ----a-w- c:\documents and settings\NetworkService\Application Data\1857.bat
2011-02-09 03:08 . 2011-02-09 03:08 187 ----a-w- c:\documents and settings\NetworkService\Application Data\5794.bat
2011-02-09 02:06 . 2011-02-09 02:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\4508.bat
2011-02-09 01:06 . 2011-02-09 01:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9649.bat
2011-02-09 00:06 . 2011-02-09 00:06 181 ----a-w- c:\documents and settings\NetworkService\Application Data\5825.bat
2011-02-08 23:06 . 2011-02-08 23:06 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8103.bat
2011-02-08 22:08 . 2011-02-08 22:08 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2915.bat
2011-02-08 20:06 . 2011-02-08 20:06 183 ----a-w- c:\documents and settings\NetworkService\Application Data\678.bat
2011-02-08 18:06 . 2011-02-08 18:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2727.bat
2011-02-08 07:06 . 2011-02-08 07:06 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2785.bat
2011-02-08 06:06 . 2011-02-08 06:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2932.bat
2011-02-08 05:10 . 2011-02-08 05:10 179 ----a-w- c:\documents and settings\NetworkService\Application Data\9124.bat
2011-02-08 03:06 . 2011-02-08 03:06 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2305.bat
2011-02-08 02:06 . 2011-02-08 02:06 187 ----a-w- c:\documents and settings\NetworkService\Application Data\992.bat
2011-02-08 01:06 . 2011-02-08 01:06 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3323.bat
2011-02-07 23:42 . 2011-02-07 23:42 388096 ----a-r- c:\documents and settings\Vivian\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-07 23:25 . 2011-02-07 23:25 -------- d-----w- c:\program files\Common Files\Java
2011-02-07 23:21 . 2010-11-13 02:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-07 23:21 . 2010-11-13 02:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-07 23:06 . 2011-02-07 23:06 183 ----a-w- c:\documents and settings\NetworkService\Application Data\5763.bat
2011-02-07 22:19 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-07 22:19 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-07 22:06 . 2011-02-07 22:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9986.bat
2011-02-07 21:20 . 2011-02-07 21:20 -------- d-----w- c:\documents and settings\Vivian\Application Data\SUPERAntiSpyware.com
2011-02-07 21:20 . 2011-02-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-07 21:20 . 2011-02-07 21:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-07 21:06 . 2011-02-07 21:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\173.bat
2011-02-07 20:06 . 2011-02-07 20:06 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5627.bat
2011-02-07 19:41 . 2011-02-07 23:30 -------- d-----w- c:\program files\CCleaner
2011-02-07 12:06 . 2011-02-07 12:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\7059.bat
2011-02-05 22:20 . 2011-02-05 22:20 -------- d-----w- c:\documents and settings\Vivian\Application Data\Sammsoft
2011-02-05 22:19 . 2011-02-07 23:38 -------- d-----w- c:\program files\Ask.com
2011-02-05 22:19 . 2011-02-07 23:38 -------- d-----w- c:\program files\Advanced Registry Optimizer
2011-02-05 04:02 . 2011-02-05 04:02 -------- d-----w- c:\windows\system32\Registry Patrol
2011-02-05 04:02 . 2011-02-05 22:24 -------- d-----w- c:\program files\Registry Patrol
2011-01-28 17:37 . 2011-01-28 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Fun4IM
2011-01-28 17:37 . 2011-01-28 17:37 -------- d-----w- c:\program files\Fun4IM
2011-01-24 05:55 . 2011-01-24 05:55 86 ----a-w- C:\asdfasfas.bat
2011-01-22 06:08 . 2005-05-03 17:33 299008 ----a-w- c:\windows\system32\LAME_MP3.dll
2011-01-22 06:08 . 2002-12-04 06:13 1048576 ----a-w- c:\windows\system32\lameACM.acm
2011-01-22 06:08 . 2011-02-07 23:38 -------- d-----w- c:\program files\Lame MP3 Codec
2011-01-22 06:08 . 2011-01-22 06:08 -------- d-----w- C:\My Video
2011-01-22 06:08 . 2011-01-22 06:08 65024 ----a-w- c:\windows\IFinst26.exe
2011-01-22 06:07 . 2011-01-22 06:07 -------- d-----w- c:\program files\XviD
2011-01-20 19:08 . 2011-01-20 19:08 -------- d-----w- c:\documents and settings\pso\Local Settings\Application Data\Apple
2011-01-14 22:18 . 2011-01-14 22:18 -------- d-----w- c:\documents and settings\pso\Local Settings\Application Data\HP
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-09-22 03:24 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-09-22 03:24 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-09-22 03:25 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-09-22 03:25 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-09-22 03:25 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-09-22 03:25 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-09-22 03:25 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-09-22 03:25 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-09-22 03:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-23 19:18 . 2010-11-17 05:57 0 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\Gxekotev.bin
2010-11-13 00:34 . 2009-04-28 01:31 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe
c:\program files\DAEMON Tools Lite\daemon .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\PeerGuardian2\pg2 .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
c:\windows\ime\imjp8_1\IMJPMIG .exe
c:\windows\system32\rundll32 .exe
</pre>
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 06:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [N/A]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [N/A]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [N/A]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-22 39408]
"AdobeBridge"="" [N/A]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 24
-
sori, I forget to attach the checkup note:
Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 23
Adobe Flash Player 10.2.152.26
Adobe Reader 9.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````
thank you very much for your assistance.
-
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.
Advanced Registry Optimizer and Registry Patrol
There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.
For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.
Further reading: XP Fixes Myth #1: Registry Cleaners (http://www.windowsbbs.com/showthread.php?t=61015)
***************************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com (http://www.adobe.com/products/acrobat/readstep2.html)
Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.
Once old versions are gone, please install the newest version.
****************************************************
Re-running ComboFix to remove infections:
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Open notepad and copy/paste the text in the quotebox below into it:
KillAll::
File::
C:\asdfasfas.bat
RenV::
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\AVG\AVG8\avgtray .exe
c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Common Files\Ahead\Lib\NMBgMonitor .exe
c:\program files\DAEMON Tools Lite\daemon .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\PeerGuardian2\pg2 .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\QuickTime\QTTask .exe
c:\program files\Windows Live\Messenger\msnmsgr .exe
c:\windows\ime\imjp8_1\IMJPMIG .exe
c:\windows\system32\rundll32 .exe
MBR::
- Save this as CFScript.txt, in the same location as ComboFix.exe
(http://img19.imageshack.us/img19/5660/cfscriptb4.gif)
- Referring to the picture above, drag CFScript into ComboFix.exe
- When finished, it shall produce a log for you at C:\ComboFix.txt
- Please post the contents of the log in your next reply.
-
Can re-run Combofix, it said I have a corrupted download. Please help.
-
here are the required info:
ComboFix 11-02-09.05 - Vivian 0/2011 Thu 18:17:42.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1983.1348 [GMT -8:00]
执行位置: c:\documents and settings\Vivian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Vivian\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"C:\asdfasfas.bat"
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\asdfasfas.bat
.
((((((((((((((((((((((((( 2011-01-11 至 2011-02-11 的新的档案 )))))))))))))))))))))))))))))))
.
2011-02-11 02:14 . 2011-02-11 02:15 -------- d-----w- C:\32788R22FWJFW
2011-02-11 00:40 . 2011-02-11 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-02-11 00:40 . 2011-02-11 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-02-11 00:39 . 2011-02-11 00:39 -------- d-----w- c:\program files\McAfee Security Scan
2011-02-11 00:29 . 2011-02-11 00:29 -------- d-----w- c:\documents and settings\Vivian\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-02-10 01:06 . 2011-02-10 01:06 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7109.bat
2011-02-10 00:06 . 2011-02-10 00:06 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6348.bat
2011-02-09 18:06 . 2011-02-09 18:06 183 ----a-w- c:\documents and settings\NetworkService\Application Data\1980.bat
2011-02-09 06:06 . 2011-02-09 06:06 189 ----a-w- c:\documents and settings\NetworkService\Application Data\849.bat
2011-02-09 05:08 . 2011-02-09 05:08 187 ----a-w- c:\documents and settings\NetworkService\Application Data\870.bat
2011-02-09 04:06 . 2011-02-09 04:06 183 ----a-w- c:\documents and settings\NetworkService\Application Data\1857.bat
2011-02-09 03:08 . 2011-02-09 03:08 187 ----a-w- c:\documents and settings\NetworkService\Application Data\5794.bat
2011-02-09 02:06 . 2011-02-09 02:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\4508.bat
2011-02-09 01:06 . 2011-02-09 01:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9649.bat
2011-02-09 00:06 . 2011-02-09 00:06 181 ----a-w- c:\documents and settings\NetworkService\Application Data\5825.bat
2011-02-08 23:06 . 2011-02-08 23:06 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8103.bat
2011-02-08 22:08 . 2011-02-08 22:08 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2915.bat
2011-02-08 20:06 . 2011-02-08 20:06 183 ----a-w- c:\documents and settings\NetworkService\Application Data\678.bat
2011-02-08 18:06 . 2011-02-08 18:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2727.bat
2011-02-08 07:06 . 2011-02-08 07:06 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2785.bat
2011-02-08 06:06 . 2011-02-08 06:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2932.bat
2011-02-08 05:10 . 2011-02-08 05:10 179 ----a-w- c:\documents and settings\NetworkService\Application Data\9124.bat
2011-02-08 03:06 . 2011-02-08 03:06 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2305.bat
2011-02-08 02:06 . 2011-02-08 02:06 187 ----a-w- c:\documents and settings\NetworkService\Application Data\992.bat
2011-02-08 01:06 . 2011-02-08 01:06 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3323.bat
2011-02-07 23:42 . 2011-02-07 23:42 388096 ----a-r- c:\documents and settings\Vivian\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-07 23:25 . 2011-02-07 23:25 -------- d-----w- c:\program files\Common Files\Java
2011-02-07 23:21 . 2010-11-13 02:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-07 23:21 . 2010-11-13 02:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-07 23:06 . 2011-02-07 23:06 183 ----a-w- c:\documents and settings\NetworkService\Application Data\5763.bat
2011-02-07 22:19 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-07 22:19 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-07 22:06 . 2011-02-07 22:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9986.bat
2011-02-07 21:20 . 2011-02-07 21:20 -------- d-----w- c:\documents and settings\Vivian\Application Data\SUPERAntiSpyware.com
2011-02-07 21:20 . 2011-02-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-07 21:20 . 2011-02-07 21:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-07 21:06 . 2011-02-07 21:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\173.bat
2011-02-07 20:06 . 2011-02-07 20:06 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5627.bat
2011-02-07 19:41 . 2011-02-07 23:30 -------- d-----w- c:\program files\CCleaner
2011-02-07 12:06 . 2011-02-07 12:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\7059.bat
2011-02-05 22:20 . 2011-02-05 22:20 -------- d-----w- c:\documents and settings\Vivian\Application Data\Sammsoft
2011-02-05 22:19 . 2011-02-07 23:38 -------- d-----w- c:\program files\Ask.com
2011-02-05 22:19 . 2011-02-07 23:38 -------- d-----w- c:\program files\Advanced Registry Optimizer
2011-02-05 04:02 . 2011-02-05 04:02 -------- d-----w- c:\windows\system32\Registry Patrol
2011-02-05 04:02 . 2011-02-05 22:24 -------- d-----w- c:\program files\Registry Patrol
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-28 17:37 . 2011-01-28 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Fun4IM
2011-01-28 17:37 . 2011-01-28 17:37 -------- d-----w- c:\program files\Fun4IM
2011-01-22 06:08 . 2005-05-03 17:33 299008 ----a-w- c:\windows\system32\LAME_MP3.dll
2011-01-22 06:08 . 2002-12-04 06:13 1048576 ----a-w- c:\windows\system32\lameACM.acm
2011-01-22 06:08 . 2011-02-07 23:38 -------- d-----w- c:\program files\Lame MP3 Codec
2011-01-22 06:08 . 2011-01-22 06:08 -------- d-----w- C:\My Video
2011-01-22 06:08 . 2011-01-22 06:08 65024 ----a-w- c:\windows\IFinst26.exe
2011-01-22 06:07 . 2011-01-22 06:07 -------- d-----w- c:\program files\XviD
2011-01-20 19:08 . 2011-01-20 19:08 -------- d-----w- c:\documents and settings\pso\Local Settings\Application Data\Apple
2011-01-14 22:18 . 2011-01-14 22:18 -------- d-----w- c:\documents and settings\pso\Local Settings\Application Data\HP
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-09-22 03:24 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-09-22 03:24 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-09-22 03:25 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-09-22 03:25 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-09-22 03:25 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-09-22 03:25 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-09-22 03:25 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-09-22 03:25 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-09-22 03:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-23 19:18 . 2010-11-17 05:57 0 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\Gxekotev.bin
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-02-10_02.02.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-11 02:25 . 2011-02-11 02:25 16384 c:\windows\temp\Perflib_Perfdata_4b0.dat
+ 2004-08-04 12:00 . 2011-02-11 00:26 68156 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2011-02-10 00:28 68156 c:\windows\system32\perfc009.dat
+ 2010-11-10 20:49 . 2010-11-10 20:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
+ 2004-08-04 12:00 . 2011-02-11 00:26 435260 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2011-02-10 00:28 435260 c:\windows\system32\perfh009.dat
+ 2010-11-10 20:49 . 2010-11-10 20:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
+ 2011-02-11 00:48 . 2011-02-11 00:48 2283008 c:\windows\Installer\18ec2d.msi
+ 2010-11-10 20:49 . 2010-11-10 20:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\18ec2e.msp
+ 2010-11-10 20:49 . 2010-11-10 20:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 06:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-08 39408]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2006-07-21 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2006-06-02 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
c:\documents and settings\tso\Start Menu\Programs\Startup\
???ˉiTudou.lnk - [N/A]
???ˉ·é?ùíá?1.lnk - [N/A]
启动iTudou.lnk - c:\documents and settings\Vivian\My Documents\iTudou\iTudou.exe [N/A]
启动飞速土豆.lnk - c:\program files\Tudou\·é?ùTudou\TudouVa.exe [N/A]
c:\documents and settings\Vivian\Start Menu\Programs\Startup\
???ˉ·é?ùíá?1.lnk - [N/A]
启动飞速土豆.lnk - c:\program files\Tudou\·é?ùTudou\TudouVa.exe [N/A]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
thank you.
-
I just discover a new program "PeerGuardian2" was installed yesterday when I turned off "Avast" while running Combofix. Should I disable it or simply remove it from the system? Thank you.
-
Please go to Jotti's malware scan (http://virusscan.jotti.org/)
(If more than one file needs scanned they must be done separately and links posted for each one)
* Copy the file path in the below Code box:
c:\windows\IFinst26.exe
* At the upload site, click once inside the window next to Browse.
* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
* Next click Submit file
* Your file will possibly be entered into a queue which normally takes less than a minute to clear.
* This will perform a scan across multiple different virus scanning engines.
* Important: Wait for all of the scanning engines to complete.
* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.
********************************************
I just discover a new program "PeerGuardian2" was installed yesterday when I turned off "Avast" while running Combofix. Should I disable it or simply remove it from the system?
No. It won't affect ComboFix but if you didn't install it, you should uninstall it.
*********************************************
For some reason, the ComboFix log doesn't appear complete. Are you sure that you're copying the whole thing?
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The
log will be saved automatically in the same folder Sysprot.exe was
extracted to. Open the text file and copy/paste the log here.
[/list]
-
This is the link from the Jotti"s Malware scan:
http://virusscan.jotti.org/en/scanresult/d47539e8c0936654a8341ad783e0d65adf9af016
log for the spysbot scan, not sure if I am doing it right:
MZ?� � ? @ ? ��? ???L?This program cannot be run in DOS mode. $ 抁"傊;L阎;L阎;L阎;L炎;L?4�艳;L裊'B淹;L?$F裖;L阎;M仰9L?4�焉;L?$G巡;L裯=J炎;L裄ich?L? PE L�� A�絀 ?��
�� � ? 愄� ? ? @ � � � � ? � � � � � � � � `� ? ? UPX0 ? � � € 郩PX1 � ? � � @ ?rsrc ? � $� @ ? 3.03 UPX!
� i9楏跉蝶惂� ?� `� &� +啐?U嬱jh?C d?Pd?�冹�奅菘?颯VW嬹3蹓e餳��(?塣�墳��o縶? u鑸??�ib?@�兡鞴lB?�笯?缻~�塢蟦螳嬑艵?Z �\� �?胻(��鬻B? ,>�嬈婱?
+_^[嬪]胘�h?D h?S� U?jK奙镟圡貕E??進噤繑^兩虍餮Ij�嬞?S??���E瑒纓"媫軏藡丫Q??灵�螗嬍冡�螭媱]嗥�� 縺?羔莶婾鄳0??+?嘻脀� �$咑v=<j 缻�2S考v?(嶭鄭<鑫蕗聋o?吚u�膏甈??v圦C%t!岺夽?<t
?胳衋孟�睹Q髬?� �艐 �(��i�6'#?刿?~$Q¤c$?h�邹�廌$(? Ym{?t�嬋柰?L$�臨�c�`喢,+唣皫郢?嫪�SU?瀭痟>韍(�zP2U塴$�?睇暏??劌\VU"狓;;xN汖摐WD,8�|I榯z峴�?斀 幣o +謯 �勆t�?@Mu箅�呿u�H>i洲=��
h��樒T鋽痟x凗?宼-媆$(呟t�?浚�紣0嵁�ZQvWV誈K/?韚颲`尭??�嬇??�?頬[��? <洅�?, d?g附�|�V3?�?塼?�踸?��,$唯Q��??P�W峊$�Rh0芕粺y? 7婦?VV<o臡
搝j\RVP|6?�?0�4� ?P?碢]Q?$?G衈^w,i?讬�厑?裯撰?Dh}詯)太U煨?\X?唟U崊元 �P炿pj礋?舭盶8尶禁?�t�H媵@筈+葋?w);藡v翇W恶崉E�;髏�?X責�BN腼 h? �? ?坟x.Z儍曽h~?顣a逿(扲j�兦� ^<柬�jWWl�%???
6u#?1�?=0c悧} u�YV��簽
譨�? V揿譅加��L�&??_O?蛳0�,B?Vu$Ei劾��pvni%?)n柢�?�揉噤D�㎜$囦滠vA?噤斔?p
�o囵�?t��J>??�8,巼郍?z芪???�;莡�巍竃??�Wj�魔W癶v纇|r墌�?蓅t?F暳塅�嬃yU9昀�鰣U�^`?寥矼�嘥\��d�?迊��*+??鎿淺E0M軏U?矙
蔰�s@�?����?�蜤{ �� �濸?x?歐?踻€0ㄠ局�7嫘]]}=��P袽�洄猄Q峮给疷WVZ?峵P蜼�4�糔�0��Q??�??t0竿?鱠牧?侜?n讹n辳
?R与?�'v�?_斤 #箓�6V??4纍嬷j20Z@G???2G�
粷,n臞.?h\?�萳?b~�軑?臯旇PQ塽淝^O�苘��?h@��?�E鷧?n郹?軓艈lhぬ�飳>册5\?"P'�繯苦�歗叭P<\�x婽��俐胯�葔j媦 媃$婭��??葸v窶渣?u?儉狄f?s??oP答�懾X袇蓆9~\凒�W撖�:竨R€zbuL奐�勆uE���u?鄌?�9 u3婻�I;裺'霔箭?c 0蛈�<
.u��僟韄x??蘵幵F�郁T夐落陕纳?M忍心Ks?热体H.悓烫
襖H娜虝)毸萌o /惾q��2��M竭垘|:S(葿叫=�
�枩R薊躉煢豊腞P軑嵦4頺|t�?hNQ崟#^p?�Rh ??��竒徲棑 叆妫癲zp?�|�b灩?K=?tiPG_>?� 嬔23? WPK\W�T?80
似噢鱱�?EQ??4<{]v?槿�Ev戽��掄滗慭 楄拌す愂栲滂騝5�曀w銨^ S錉�W??煚,TRQ?$�S2繴呉W?灢b?竧$,j��l?傐vv侞9snV�?柙檗鷒蚞X?扁堽鎩w:|嬄苦擗聥 檴�勔B?@ANu驢
p�aL逐D�.a?? ?鹳h虭8[;硍 咳W镁?H+鷬��?�ANvO?zI?p�膚H.� 皅XppQS??趣巅�?陭�& 癚諆?黾 F|杲84潱繻??W2赛�8}U��3踂;渔蝅]牋 瘘恈n憵W+R衣�}伝?4?琍V診纃???~+濌V鮒\E狿SSj_h閔O夸蜵h :R?L膽?P豱�▕E
圗嗳鱤ub�C$噟?B澡??栲鋴M?褌輸索2|�y?�嬛p�个�嬅�w???�?2��???迧�H菱�R?可s竛M H莅)鋳�葻婨?軳�疨?斡??�,x7R磼?彴竷?M娂;As銒青竐BM嗲Q?G伶�苿��??3茂岲��P痱荐m禕~^u�iGK�氚Or閛th�?��貚吶^嫶
!次�|卋�a
<*��G??9 祆
?@?� H韭?-?9?_?�y&*偌c 耶╬蛹Q婲+ ,?=#錉?纪歼.:�喝A岢髁婺?6鱤唵� p2?x?崒�i
?Q鲵BY岼 mS倎k#
?R*�*???
彣��P辢誆s�殜M?(鄓!���@����
r犚?e?埽.$k??-柮?�l呾�呉S
荂NxteVWA2v��K!楬 F*??網�4�.孼_/H婯\P獕吕 l綣'紘tT OPB唏凲I€媽$?y癳 镍挎谦锧?�氺C<]酜我浚蒳T*n�囘�`愸娔暼 RQ`H?�馊�梐�铥PQ?晗徯??|?�蠭聪籅.���碬怶wJ鶻�� 檺?创?��樤F鬺!A?氱�A?@^����?: �(?(VG(?yC�)層4?z?P妱S��`4贲��r褞TJ�?.J錇�$晻慱匋@J_h?�r裒躒P婥麄�9SG塽?F?MY��B�?`?}��?�q?琉鯰e�!?�孇J锌*�T�.,�ι蠢���?P拎�PVA猌�9,?A�婄?V9?�葁t�簥U
8� S@38*�J嗷+谆+?V蘕#�癅~焾-蟻f >�?鑚€]+鱘D�:焫
�>餡QG?R?�*Ru�P
腲乗@1�T� ?@T�Z蜞:[,峓,.��L癏仐S�$??é�]�瓸?葨M尊8p_?h軂];H涃?e8?�w??蔴s?9h怐�tuO柳d2 �湸靚翼+?��墏蘪'"际鄫?2鑃?癝u朕P錚
�1;?鶏渺0e��
l1���繖沫南 �?3J8螀?媃?d妏po ' _.�╧`U?熓?vv�竁 �€肧"n?豢丱r��[抿媩�??�峱?PQB?m翊景R|�;苭�u�f?2∑尾a�粃?@t$�-�^]w呺?k@塎衊?魓d�(=�a??`=�PR?聝C繠﨤R欙?戴LZ.U熘Qj�R捶傷j
?�Pj@TH@譢??
徶?勍N3异f婸�磜殶o� 溊Q??@p迊{&Dn�!軍M@^�3嚚�9 ???册~��h樁>@R�沗�?芉S�瑓??峳?-Cc餋崊?�Bd>禧坫崓?燻+駜?s�崒�?鹷%@?�?腱df糢D昉屝&j楤��?褝飓P�脓澟鳶�屉��?�+i懬�?W?$��?5>�QO4e�??4e�K^襂Q�4e&厴p醛E 婴m绛D�?囗?�?�茫はQ�葝旝ARTp脒-G牍奅叩? 臆撥???�4u<�_�.咝?�圧xA鯱o?W菿壜 遵駮$蹫�"槹
G?E紉u歖? ��
(€@,�€?峵�D Vx*説d�+鷔T侙秨?�暌4PP鋶�<Z?€??腘拤T?�j�莕c�
oq墥込婌V?�??'V偫磌(?鑖峏\鮪睶U默zuM�{?W摬兝
P�?�2r�+!)8俐?懅�*M|刿2瀢t幧f敎孄�?pi喞7S郤@F綰1?,o? c躷
尲猭`醽蓧F圼跟??纂�U 辁?���#?@ �谰:b8骮r霉
鉝�羨醂?瘼;��傿
?�犃P碪<.?D�@<h8诨?雉?悑T?RA\婳�禵4?魨叴齟闟�p�?� 喣8?|?驿h0�=]�x� ~M匿�neZ\
?Xv縮c蝀鵮���筄腼?頶T?v餲?渨>雲R挚啃m�v>丩�m?€鰏_裖喽v钙?誶鞹[���y?襁Hxl�U墧����箥?倌���?#nC畦览F?z8�*
萝游o邪B.;8财O 嬓�?�R蔖?x鳺y婯 QP軏C瀉 ?槴孖�?<x稭軑v�勪僤稲畿4??v秽屏呟偵脌KJ跴P?
?&袐D衊A悘�騍��黃?�LRM??(4�C>
~�
鸰嶡畎��芑?躀勅�e�?�陕?�羬�甔�??轗?褷��藙�垌?��L?痕乼�D酪溩<?�勠�J砸a撑]睪芑(状P�MH|g?x{頀隃鰂'?"?HS肌(?0�3鰄��俀?奙粔u袌M??�芌m�惏{効h??F?胹7�?{媫?�奊?�;捭鹵6VR?XD茧Q&
x檧y�A抙?鴑愚w�?/S卉▼帅 _N瘉承?鋹蔧贼詪绖粆<m郻润M袇葾?縲�秎S?M@&�L?S朐??9]豷 A|d枑V?<�7鬗rTapE宆3蠦朵�?��dJ?0逆SA|%鞃?喐?�'?yQ呚�1J0Z?簤}?�?O匩?觝�W?觀t?�n銅=漈苘b祖?蟬?� M鋣?楺�罔雀1奝?|�(EP
��.U勍YU��R�(?萮鑆�^T.�疯�AE�叙鵷?汤�?@�羚��饡��L��P
焕f�?^俐2��3@$$g瀅?銱*祆?",i?犱 硅?|�噼T澵�燼1炣?;�跋C儁豂<[R龞�Q,B�>婽� 菱l?7瓍T���PRA*�柟:�?h��?婰��??��?�黈7J饎%W刡笆����豑t鋫??Qi ? �貏?<9B俼"�L[�??U鋴 蔈瑢傞闁�$cL�?臷?壹d??(�劺�G?♀O?#/`婨?08B�勯�^€∏`虉M若妐?铋?x?烊O 訝S锾虊]僤悤袗�袥|B炐忍婱袛Q乕八�毁?忍ZA�`J嶢逪�
?8�呙计洘匨趬?tL籆 /?筞�廌
V�x?孲箘B{窤0�?�+粬x痼玍?寜��7渕鍷顲牍S傌Qv衼3?甔蓆B茒屌?/盲栔輁�緧_Q子斄��X)媯匑劺 讘 ?y????lC�怽� �邊-�K �?u�4>?閄�€?熀9抙儖??�L製��扈
��?: aA.��囲ks貗�&?���W锐p町?鲉?w8;?锌
遲~聥邮岹曆P�颥_(<K唝7<兛磘�V�u�h<?V(镯鸇??氘?:簊兗�u�FN[V��p砥�?`?y��W€?賸�R峌�R 0;??�@ O?圗?CT?0���d ?��<+漍??��T纑!?��?�G?G8篐*鑇� 聫?? __??�?�j垔�?鷒"P?BFOu驤^?? €;遷F`�J!^k��r?�?`雪?t�9�?�k?��5pw; 9箙�咠H??5恬;哕'@觓?C咞嫙柭⒅H?��C�Bb6 �淎??FO?€5峇�芭�稴
A逐偵!躵玛"0襈莨}?Rj=絉坊鬩�?硪P叞QR婬簈漤砲$蠶?��{訬}塙�筄`?p笩� 菂€�i?豏
兑;s��兘?f鏺�筆�衼?[�=6Spa?讇|�\u'J��0�?埧C圉?�肞魛�P?-\?l&嬹?埙M?xQW埍 銓钑軥V€QR=o肜��\Y鯿�t=鐇X?賱哘!���l卒C〈側S詥�?鹦8蜓義�瀐品@?|ad鏵'?@??斀.偄F膵籱嵆^加?W�RW隲塆�@?€廁7#兝�稧炝�X鑯�訽?餪�
珷�R�\働槱X#�翛跭!�D?�.蓍�2�9N啻(�糦呠€`詷藞
檴谹V>流貕]躄� y�捾茉n羘蜇婱軘?N G�缲镴鵍r@镴笭t繜+�f〃
?闱?Tf~圠$�半uギ鞙$(粶=嬭RX]?V��&7??鹃GtZ饠顃-TX�槀( €$?�t�崒/QS鳙崸檜�婒�鳋羴:?縺?r稽=Q&�氶&鼂h?P�-喡p瞮管�脍��蒺R�鈜?跾F
;饈�?�F圖<�SG�|饗JD苶�D?B??岏委???呉嬅t�嵓+髪 @晧?[J襳�W??斚Dl??�� ?淅_?pp"轇夿D榥釀?b"钐��u?�#^?葕??夜�裑�?}槈U攭e饁�'阄@溷?鳊B??冿???聇�h?j登du�V1擣る舿???€盧C%WF塃槵?h?癚\3爦?h?睵�y?虁>a袠銶?Iㄖ寪7欄I|帎I幇l碔帎IT笎I帎<?帎I帨�繧帎I 匿$C瑞�揉�Or?烫��呮0�? Q?崩鰡t?殎剜m?�d�载�銱.栽鄴憮�栽???琒�p鎪猰厥昄!脏?銛詜 n�乪H*dK^凉俁�珋?vRPRR婼
攋[��馌Qh(g�)q? ?檏??楷?M?榓X郹 窺R墣
G膤鋾?潔嵺设)XDT2W俲� 0G乓
顖�繻x??8-昄騆?芯皙€a?-愮 i栽??熜婱詳?�b�?T?�/�� 媳仔鏌�?�毘c+?浨F �^襏F ^攃VK嶛媉�?€'z6P?z'Z??躊�塓�镜?yOIF?u賸G�m?%?���_*l?搳^V刋T(E羣$/レ?爳�x�W?R��RE�&"Hp_?(ah淧a?haW甂?u�j��H�
筂皦刺堾
�d婍A:I�瀝苦C�F~騼?_矮鋠)??胻*奌:藅#e?€?;?呞二蒧?q?�l�� ^2繹?捋�?BuV\Ar,g勚腆:胻��f�e{郾1?_3€�"�?靾�!猐婲 凒T蟤濩辳^?!�W圓���枙;�b�{r覹C9~ s?�?:)?甫溲誑 / 江柗箹?斮凗齓啑z姼u飚)揀 F�i滸?瑌�?b�龌G?zJ兝�9�孅?xZW朒�?朄v";苬�抯Ru�湈p=峹�兙Q焰Q6{�亃荂X��弝@2f芌蓴hwxs w瑚??@?n1G?�{十
?�8�u
^_c硂p龏
=壓萿�
??m滦H,?[@腚鲬n唺Yg歌悦?j哜l? V?f??铚岞窽�瘴�wNA穠;K?愣_Y?
&xぜ桂c!L�*rm尚X??洅�x0�
U哮圎���?険j?结?Bc<?軇$,��m�蒶lF�窷鲿t?$3�??(3v?�
萢�???芛�€衟&?I炏!�aG渱&y?N^謄�?眱L?�?'僉2??pM2?�4
d恈嚽?' 紣I�?€
I�檇D �?r??�惁
?�?T'�9?脀��?薮A��?�O�?.? 申?w 葇媼�9?ó^!>忻剱S褵K\幥憒?Q.L��)?C?抧4R}XH�覌?_噷�=n塼8?憱鋶�Q�嫀�\?濭{o?�?旭��鰌規c�??湸嚀X�?��湝虨?��?殰湝h
,r2?��?
磖rrr
x <yrrr� �??9��?��窊踚(L?���再韉?_�?�?�\�軳\� 死?¦:撂跕^4?MGr懢鸔嬙�晰€�Ph*谝P�o o�崀l X �?劧?0il鲸滗b!q/?r!#/ ��\淭�r�th?~Em煃V\4詄�?@W谇F�R
悏J���4崘垗x逨?9N蘙2]惲堐�雡粤奼e?C(&瓦??PLN?�ㄇ@^,輑� ?�僂u�^��晶妠e岶l8)<W黉绱GQh'#栦Rh(yI3槅5j"\�C~>V!#伷榁h *<� ▉咐(�伞A縳2�F�? 婩\冭��t孬uT �fP褥?q$?U瑌偊鬆Qm鍠茯
▽�L��@��L�箚l蒒`�繕悊U�B葵罧鑱AC櫙搉p�,6�崬炛滃)焩Nj2薩�&?yNH�4��媶??��l=�U虘�Hu?V陭?j._炏?Q?j�RK貉w}h渜�K`癱)&w){`?w#7q !PlD鰝?“?暃)缺� j�薮?╚l�O玹f厾h '吱�'�)�@ �h?腻崴??h?鏊?豀t Hu�?Z\_ 2�嵒9W俬�桁脶Y芡?@&hh?r�'c�\EW?高�專�瓆�鍕G�雫?d?壼u�j�嘑`?00袱�?��?k ! 4�?S�9 趣�焏�怓x�啃婸?规?quC?鉣瀮苮�Ld}??�$?B_棹u?? 凐�u�-f?d ? s�跤*�=�?卾盨???RP伭槤_泤C迂嬟?QX�o8?�斆儻nVM?⒋F0?$X1^娜�??S�R57B��萓 藹N 2藤g?�?僊╬�軶.?)G?30?@?�?莯湍^?�??�?�?�(€d ?��~▔U訶薯卋?糛=�瑊璥��簇娤?~l{?�?;E�儫侎
轷 PX坏鯉?S�uc峽�
?>劎Wj治a?Y弔� 瓔�耯��?6 ? "m瓌/?椪襴?UW?|�褼鱃�?h�pN??�l魦dO2瀀Xvj�m �鄟??]��蔱Td} #臷 Wt��热"欎姨襖He棠忍萙?斔紑�埮Gi�??�(3卯嘇R镣膝�茡hD��螷吼島<�萞財?A�?
2�B9菂峹?MEPJ葊4嶲?K�UXU?厐<KW=J�?Cr滗??婾???q :k��@.娺H?rx�X鉂惢"��bq旲��r????€l�
W嗀hh3?A?jバ里?L?]孭????聽|慭L ?0酻?a�� 漪�餸s裳0y餸邜,肊] 9痮?圈栉?�哘���拝�鈛?x?務j^贍&�鑥l
r鹄G<a�e?夁��$6@繮WVh?�?.F:??p??槇�?鴴 ?h@�-�=Hon尓Y'噜*肋??��彷Q?艆�R��e�?B铵!@N����9 ?�?p崭亁�???lX葑j|k兴6_Q繰l-?葢� �l€连?�j浠�:��?�P薡夫o�@�9[??%?�遙淲b劀過謷駄d睦� 萸�圷�
?Xc 6k膒|?~�XB> K4$?<jf鵟??攆樤??詄�L/
�皭�珡b!��鸰\,L繩/<壬厹�x 蓞淺?饏
X?蹅p�?+怕�,{/�X壬?��媴�/k�B`憋籣锹�,
/P蜁憰g��� e?篱�淸牌�9�従湡4XZ}踹gz? 婡 h€_��%u_Y婤墕 灲_?`�?燎�
{�忧@泵
?��?��+??\LR欎Ph*?話f&?�j�┘をL��?�晽\.? ��yI?<��x�.筡R�??晽\�,��瑴d録�????/撪?��^RyI靀�陻�希�V?7?鐷~%?? 糉?5??鯻婩=�f"c璩��_a綟翵餵eⅡ�8侚瘪>婤7
E?睸? z��?e �育Bs�W燪j�p�[+,��B{??p?N�镻�
蓼垁3,R�睇塇€魊?{癗~
W�d輟gVx??=��RFz��辚??c喀戶P螳鑘?蘐�,€?_3OC?q?P>擷
J= 痣凎�
�叒 gSWw~M鍴�?
菃$?⒑*愯 [\+郩??
簚�鉆ir,~?阅+?K刍&??SW.�`匉燦(?�?�p_[^脸庎耚礹萡n珼�€?"捘瀂F利S%?p�.??u=?黚?@貨礀�?鱇-膍嵖?.×0豟^1緦d訷屆倂束T雥
��擵?n?
�
铻 Nt胤r疡�?莃'~�=黮.:vR�譲4佞?��銟f& p"鹧A帲Dt�?|+?謾+聅踆|?养?�+?(?訉??x?Xp刏d脡���?伝?訯�9X5?L#&kj?褜?耀讔?)l�G莡庫�'
�?9?$�w�$吥?-磋i!鑜?鮽P栥�
鰩贉QO?X�d�J?#?\K€c? }��怟�?@?VMh?�葊\L,6 ? �磝3\r@�<? � 偖綻Q� ?7,?痑k?晐?|伺登?hTY �?aX単�驒i鸔鲘�d 檪cH `?拂Dk龌e鋑侠� 螭�cQ2!@,妐��tらW�录h( 赩蓩*??�?i玆l�JH刪M.虐�砖�I?k*S葎糿? �
?%酺C?+7�?葊 ���€ 葊��獨 ?�-?HGH XtH��??侈 ??襃楍$幀uJ?e?凔齰+肬?譀賱4B?x咈薦齐S绵C婨斐.'�噜U陼<h助镨�括�|�唩窪V4��襨�<延?�o賣(MM熰{MMP&�LHQ3E岆6�S)?]靤 S蹭?豦?齦色▅�岻 倇?洴�?膢B}盓~`樛й{$€(8
?袼捠是蔷??蟽イ蜩 螼?,曍�畎�IsB�舭�7_�卪#?ZV)$f瀔�l?苢�w擝??�??塹�豺l?�?蕜tG?�?R檺�?渻!�*�'8k 晧a?+8F枚?#+#+$轴[旿?q秵?UwU閞X郯U閌檃;躳H颱P銳.�?悁J畉h4�*蟼%军�^ 郃}I)?沥嵋7(ZPKf'v疨{纐j2糼銹-$奎�
y!�?寍X赛�U昞蓵LD膊a蓯,柪?c?b��~i笉;#��q@�??-q 繦巇 览捤 淅?4 ??��x 悉�躧兢?_`p3��A���qmw�伽怽蓵いW?嗓#�hJ^蒐o�?w%Sr?扈O腍�C�7??�x1#21騾\[q�Fj�扖���?橐挏?閝7/?,�?檼�T??竏頷l�Q?[覝?Z"!т???n?y??=叆繶莊蘠/?_a紂m�'㎜靊冀'?2!??槃T&??R檺蕜�€�f?�?伾憸€5�Wr2唌?5�S?鞗7�?�絛崡B萖REQiIaC��n -�� j€恅7???r 怌?V宆]訹�唔5轻(€% 惻害>�3?Pq躐?}1刊c�裆3一x 塙h&铔糢缻嶈��膭?(€稼M紞E?P埑V?5TL�了�D躨?_AE?蟭j;莟f3踿;]躶S
€?菱 �?�刿(?G??C�aAC?S倕0f&��?�=珸c唐毹2歩 檧�
??岲 ��]�戞?�Kd滗?烃�?兞d銽�裇!E�€礔?`�^E?
� 疈�!�� ?!鷰G珕0y鷰哔�9?4?欃]能€ u>皝s��?憥??嵶/孃 €颣�Vh,�?�呫�FK紛_荅恦PF鸳bD9M?xn要V'甭鉖崑艁~}P�j�?窐l頴��劺�A麏z�姭l!Mπ??嘺嘅喒寙R?@pD��1?蹕髉梆盶 ~��*p�*-X?$�苴,饦?���訁諈CCO�憤U蘓R~��?豍-xm�1X爯瑩6VR?Gw?>?套Q5�/�NZ?E扨嬔_�翊嘨Y⑷嶋註�H2F?F
*�逊欣?藻q窬害?l?aT€ES� �S��> 鳮�j@�p<Q隯�#?婼"�Xa P)�W??瑤膃婬�Q聾�犂U吁�? ?!4!紑� 8?Γ�[%€:`控dP甛�聧僆|?羝v览�rA&?�uX庄創�H狁?R菦郞X�? 悳7�p 媩竴3€邸?�=鶮€S�w�??V�i
F%?q?峊�l9?;鼑j揊壉?�j鐅I�p快a噄蟁Q鮙齠zq0?�Qh�" 燡豅 轕鑱�xJGA壝~t凒j俪敭?????肔}頷(�罸�?諱� =�搁摚�应~HP盭巀�+r伴K揔R膄�?鼐s� ?蕨詇J侕g[錐脲�I?瞰?菂?驪~�?艶�+PV?2�rA妇57糌~籧�闰L?遃Q届�卧ru?�抪a菘]媿牉枞6]
拕奅�?l?u+[J峇V�?�鷤??P,\H鱯-h,��蘞L?嫔V惏?i?參?Kw^�膷�K忠PQad鯎憥膬?�徹○
?骵�0??x??dEx設淙纃�?U��p霶瓐凎'?3屔鞀�癭妵V�? p-r#伱9X?5R? 圏�伢s�彋 G"魽?&?葚! ? ?�蜄�|?荴敇&??繟慳�BV~包?纱Q�R ?翇 敘頛€}紥)d猍嘬A>R硅茑婨銬盶葦!?2緞 ?惇�颞_x6�$� 藛鞚劔&Z筵H\�w�#嫶詻脂?貎0G/樮淍N 洔}l?衋?"?€<��"d?�仛�d歖�漺{?u???7馎綱鋠>@
鈛)佄緐�?d4c?伷� x� V殹o鉞H^yC玠姛6坣鑡O�,A??4U4?r�o?�蒫た??�K崌�蠵滥墡牲�椣袎嘑SS� ??+9�賱?窆?繰;� +亨蠐��荔伶�迧峫輊郘?n?�異?E
瑣?BRh€�烱%楶M伹b潣}?Q3w!漃?!,犗壚5L��Q??�% 修|�'G
eET��RH厬\P?梇
e�MD� 檂$桺Q?�I+H0/(�???鶦x嶠?橬櫪P�9衒攒苼<d"蹠??�H"�€��H"l?(崯!l?緬?SU圲
)?m?姅 ��?耇?�F�顚喅翊I??€庁@SB??皌;=4?>?�\d|�藢垄?�y@<汶窼G�d�喟0!#ytk?�7ê鋻4垤k`?�乀?�窴]业;?�頂爋��j?蠧巷4Kj�?玡U′��?z岯� ?{�?@驥'G觾H��皲淙疉*�?銯踯�cEPU=朹�瘖聴狝 粄矯[櫓貐?� 笍�蹓�3g 儵菱i5鶶8?+;?'8?{K;�u溞6滫�6?翉挟颟4�M`P SI!�頝9??/颂嘚?纫X珋Q黪綢sI3N鯤?捞�_z晛/-崝�邈?!o�中浤Y锾*姚P乁?穀?ARP�K譒g�9?�|%≡館饙箚?4?�.S?圽a紎�圀嶀旾�硶� �?]V`]賷�绤?=}t?_h?Q孁)鵁f?冿�9}衭fW?/琉WSeOQ@郵貲垳u>�
fZ� ��Q尰hTe倯�劯咔?4宊�S皷)?荠~揫2?吙?≯薥~{??崉�@?P�v?\-樬q
�7J怉8z??a?/玙蔼;嵯�騐G訛?cW��AZ?潎|в�偍�@
楰C�鋼:Q?纲磊泦I�?鬩�?|O?;羢o膤?€.M廲R甩� 羢H�#崗+ 萟摇��剔??b脰憰K倞孒/滜??�E霿?梽E �U詅埆�@U�� +?5豅热�鵅SC
�r慤翄?�A??霡&悇?? ?鴆镉L?(I� �bAH'(??U車凚^A!��H?��?3庝P?7$谷�G`杌6?G軓XO顚3犙�爸鑻鍜�錀?�?路F晙 嵎dh# 溞 #zux洂}�S�g�姲)O 内H�-3?矱6纻沘兞 ?j鸥趪心?複0?腛礚桖??剾/匿鞇€r!??繞掀 险 �?�%坅R!~�鋺Y&!?>y汏刈;�?N`$袓�8*�蓄钂昃噸�孺R?t劣馅??ぴ;??$気愀.珳�幊築6鳫弍|;9~€]弳鋧wY€@�T訰4?萼?匩,9A.蠎?p70賸??�?寔
x鍼s媍�?齵??仕亼?疣h4吔饸???�v?箐p 扛瞌H@��?�?�嵒hLp?'媹�?��(�酭⊥[????窰^~D 叟bn�媭��???�嗦�
漝W”u*�??垁?鴖w伱?`�漽慲绽R�I?t�湐�鷋;?擡?|�酴冬Hu�岧 豔Ru^P泃豟€+崍H�+浓€貃??Ox宦錅4(G��鋞铦�Q?e嗲
2E曉b熖? *詏��M觢5矱娜绦-? �臓,P@Q?銪6U�#?ī矦U:r秡�)�力虛?�ゴW盽昄I热�W 踞?痀耈O珵崡晽$QHx8?ar@H鶀Zū佽&N?負睯頥V?6]?蛟 �?����?Z?馬V髖倛G�綳;}P%嘗3g?v?{?h?�岰Q?h??< �s�€�懡�3V旦⑽s�緮n逕?[?Dq秔':輧 ?怭繧i?RH鳹R鎖2瑭Z\�嫄�銹P�艮?,S扺j/彡hC閳斾ⅵ翂乬z)o p蜶昐��姾癥礢甀柙&4?*
鋻&F
?�, ?C篛�铿m墓衷uf幊XM鯌?O讬�儀凹d�g饎
�YT[+艉�篧嵃譗卨讃疶@PS3Tvh応J蚳笐h?亻�叒?HN��踏�鰛#���挀�軔b� ?Wz雴I>�]∴坽盭,VP\?rAVR啇eB?Hlq磖(莒C? �?_?�吥?�?瓆,&�#≦AP7K溲
?AC?)莘�@M啼%+廣IQ4ブ?岶l ?腮L +?噜�冧d��嚆�箳%?r��€崰%1挞U?�?�L�?蠶y ��!'?暝 �]
自?DGS眩缪拋�YX?悜十UR�?G袒�Q7 �81鮰濱?萊éh
檼�8�X ??�
菮萀 菮?
菮?� ??%� 9€湨稨� 9Q全 樮m衫�?� ?�h�寪?��pQ凛=�搏"皢l(I'�r?咪$W �?,?�98p�湤鷫睃?[?9 2??� ?�? €\?纑??袗?T猠垚$�?9�?€�B^Q[?���� p��@?�\$B?%瑢]@N醛珛卸 z5qi?悜閝MQ]
拥Yw?+5�O�板�D'?兇v旦?P0`%���緟????*� !&;<瞋?$o觻?搊
?鑵<�嵆i?悽b?L??MQ??�瑁LG�:�??屼 ?晷?q?c??
??曁€�痮�葋|?�?#ds@??^%�仍 �??,@e苜%=*眏謩刏莦??
€l?€: t�BH塍??芫~⑧餺��r f|�+入�3蓗O嗖<?.}緞???翇???>韙喫�愶�JX�?⒂@?�氙|銹R?柤�8毰h#熧?怰s�婫�銪c`IP� ?M�鬝毣q?p��`塽?覍L2 4?仑晾[;?3K閟 枒炞
|捍\L7^&J堊摅`��P�O雤€w?M?0*d漭
�N??
?繻�?R菻贝?祭"~鏑缐]腇縇#牴洄�虍媫南�丆,呭!E?Kc贵5!�?r%?臇Mo`q? LE�v 冟萻 Y?�+傋�?a???吼R[r�9??庝F"?8�FB-M鯡?V� �l?$?匘笄l7�y /?��?�9?臉?9恱XD9?90��???苋?忍礃�葋�€`L?葋@,d@�???銨�汤癅�銨爯銨�鋖P4�駺��??�r 苣r �r搐?r �|p\ �r <��?r ??9?皹?9恷hT9?9< ???苋?雀爠�葋�hP4?葋 銨�漪4嗵�銨�笢€@�銨hT銨�銬4$�銨�� ? �2 啬r �r瑯?r �pX@ �r ,�9?y?爨�9?贪?9悩€l9?9P<,�9?��葋 若1约�葋�€?葋hT葋�?(��d@�?愿@�銨榾銨�鋒L,�駺��??�r 笢r �r刲L�r �0�鼝��?柙9?9紲?9?pP?9?���葊<?源?葋渱葋�萪L<�鋪� ?銨�銨愿銨�錁|d�銨�H(� �駺?躵 �r劝?r �坧` �r L0y �r��?�9?写?9悩x`9?9<��???倘?痊攧�葋�pP0@�葋�?銨�d嗄?銨�宲TI�銨0��r?%努� 难h珽疯儲銭櫺'谸K),塜�殤!*??誀鎭���鑖d呉.�?撂丅o+O隲��j〗?*F?r2P控剀~嫟�_F卡'��
冞√a?p.?菋?戚A烺愜?a禕苄^#?椳萼?@+8W埼緥Q?�?��G驙�_苘? N 刃?�艻�刃??-?y?%弯瑜�4>d€??e?脇a2)&勸汧y��奙�?裛b喫此崝葘翙?作\b'鈍.晪骲A�j?�?茮鞘+櫂�a4L剱x)鬰�> 逹冷, @�?3报sa郙?a礍?雯囲�蹹�4��y4M�魧��%鐼??拭<姐j€n*#?獊�蟄o`;J
忷B�[??�橙!@^D;D;x�9 ~?�44K�8_鵄,G€馦吇壜韒
烮?w韙_?�?�踭蜺慃E�?蜼h窹A??8i�Rt悕?9?`SP驠霔s*(﹙?9 &冦+ē!�?9�葇;|;�j��U浊U咨?$?�9⒈婬y"<Ed鉸��$鰕M `
?KTo咳朵�$�Th��?穹ぐe劵搼?医?P<QB--;Y皮�嵢xdKQ7e[镂R$?"�%d€坹??掌喂gE懾F?:A錸nD]g�伮躤?q图鸓硱V�?KN� \!?
CO�9貏$���;? 9�湳?�/ �咆�p�Wr(�?曯?塬霻�?$�t5j�鰆c`?fVhp郯{诜乄?T餠?
?W�麸���#kC繪澰;言�r ?a跉F蝠�鳣鯱??�<W?厡噺�P?郕f1tp(PS?E0�銷�;L,u)S�鑰鶲?舥�茋Z��
N?[冃�2&�瘚?�n?-�`榥�W 0��
B`汥嘆憵簂V??抪腲?幚刲?:?;Q.=�
p:俿cc-6_MR觰w�?�?悿0?F8? 迁�c刂赦?1?婳S0<� N镴w蟤6碬Z��R胄F悙?翁X�<9
)0xU辽��h轸;!?Vf茉€?(e?銨? 辡 ??#?€騱屼?�q嫃?c 孡Q~�'?R'�仞
"5?,UP�K?蓸糺 _t< L<�?{ �ㄏ��蝋裍3I }燩�?(n膬 2桺< ?嚆P<�蜞8�?�???$遯 ??凕�塌H錧嘧�儣 8YG??臅d便M?}??杖"�?|8~��~満&椻錈�<�Y�忆9髸L汕鴕Q塌rHS嘏婥f彆# 措郴衟霷異嘈?Cru恍詸湟\载屫\He"匦訹?邑斔�粿辉v釷+鋪v鈺)抴?�l?蓱湮��???詫�?人鼆 ?�?$L=?€�L=溻4呋�溻??
?娪.�=鉛?剺?8�??8�8�怽 ?��W?y?峾凚Nr?澡?9�龋h=h=9 � 欐欐@堧"?竈嫐?NK#孔H�劆�HtS冭��叧�€�.鈳,�� 鼱�P崙羄??嫋?B�萊憒憒?葦哖k�E纼逳脘)@&埧?r�惣哥?�?:?E,煍�C€<=?r ?╆??愱8逿???€<�?> >??欖欖'�?X�?�r?4�$�? $�?9夘夘鈳B嗯:啉lN靿p%!孂�榝關 阌*註�<齒�TO@鹏釥乙:;D�刵?al殜?苘�斎��曍�)��:O4P脿盍
M谽�?u ?挈€樫?�R桑€湣F
�磀旑�X�箤\���鄀?r�?h'斔???9傘尥?@?�LL??桊�
詩?呤�p�乜??砜?��???w�3蓨?笾~??嶔?u箪_[?階�屉扥?
岆?�|肓?搢"滊??�芾€:呻? 冱8m
?,?醔騹8L賚>�@��l>飏 襢?f馴�{y炵y�墬コ翞譾缦O � ����&冂y������?� 鉲(酅a �€x?aG逰PJN?&^$厊�D8h @?矞佚$V暨厐<0\z鲘D0�^�K\ u?僔�y�;嘸BJ牺熒D由��UM??��咡?麮
繾$N腷倛�晿B�三�WQh�?�A瘆UJ.d?||銪�6鹟lB.d"``"銪&PP&B.d44�d"銪� !'B. 麬�;�9麬鋧\菮?纳匧劋り?�]藞�圓��癋緾耍鮻J?�TAv耭*�{�!圓\綛缷玛P螭嬎萌匧5Oll刓菵TT墣婱4??箰$$�悏?� 劀�?鐯\?滂@衹袟乧€臮�&/?粿?�'d�约@萉?�??n!�?�刓,�鹼D葏LhhM刓萒TH( 拫}H 唱鮢龃V繵階��躍??0%Sw焄�[た0
�=�G儱??粪?L%嗯覆2@卌?7 凊实�$�;>怈塎�鱷勠葘%轎染O&組渽K菴�??�?脨l絷珁炴??鮤ф?O?鰀b!黧4煣`?鳬堢y毾?鵈劽骟<?鷐*?眓渋� ;F? f?MZt�2蕾�刿嘑<�?x�?=峡?� ?�峆�螗$KB�B蝵+bB?(?騺鼖螺锣�$~�_??凧?0駨 綈�陭p<媥 欃�邳鼢��"�紭薪蘁�f婣�?� 4F襍U U嬭峑D
?垤縮怲hu��耠 �@l?l�?饍?Mu赸[榑?堿`崞�`�轴靃�??H儫w��汃羄?@侹�� r,&8�
蹾<}喲l鹐?q;H&P<Q�顚0|3瀝b4��雈儀榩儳Y?vE4峐惘$Q狵8v6?;葀o�鄫s ?�颥孆t0骱mh?饱鑄,H鷡仞83葽`J��;翂�|﹦$�
絔`?F3晨JW�蒟;?崊D覆�喰瑮�茉昆}?繰?�?O瓖昈�ìQ唑l;莬�綉薘PW/嵰迶�K!岴j?1去PQ�?壻0qRri��??��-J儭�獉P檱??�"?舫綏彦卹vVF腞A椪顓l�膵依垓}晙俆.讏萊?�抸?08$!
?�昆B忪?鞇饝y鰑t柙蕾dR衸$鄟=P襃鞮Y)撬訾N�卍�g菪2PZE忁?祈�Pj瘾i"i?t 琤峓俚MZU及叐RP瞵d€�鏳�V新t0憴W嬭衻E!???摵�羼w1�f�漴�H�﨎B?� U�A�a*?究JV?S?b��こK��BIu麟�(更黻?.�?磡�+駢2^?�L▄�馢?_x\�6槱恲蟛?搥�€?鬿堤萇滫潣�h�/�凐鯢P?
??嶈け��Q??糪耑V凐匾#岀h?觍屳篚j
h鞀嘷2&?叅??�筍?鉫胋杞i扠?闽岶
宫暧鉕Ⅶ豠t�7??7o獼K*=+atGY�縴vF-&Ab�?V義坰WZ ��覱N\鰖鸩怩�赤B?.�揤韾oA砯鑑丵市fd�G蠽l?佖U藣膑昄罵?�? 锈?^荙PR)饍�糀ワx�?�_%黾�6�卝Sk崬pC?鴂RkP�翂`BaV鍕5O?�匔謔'
嗏�lBCSiH�|実q硫})k汸5R��鄽V�?<ET2条p邮滺?秘馶庖坷U�9?q=尽?%c?�烿薥Z ▼譼�
瀾擌?�^+洲咎呺??F+矢鮈邷 |?:u
(e驉酗援�+鵚�3
8颕:z.@?镁?I�_;G?�繕;d R€??苪?.?敄祷vず?;�潗撔�;孝K灱;气PU缕Q?Pi僪vQ夃?囩?�刚?愋補? P/?d?K趴|??n)?鶔|�漒?蠷攘狤n�?�瓻o
?H羦�詈D� 倃q!绬郋衚?�虶\艛Y肰?tF??(秃砄甒V裇R[幝,庰�08~V饫F��C歖l*?A?q9�tl��P胻e`mW�R���3?�RF?("慄鹅汮]�h3甊W黫*住 �?h�C=鄽A;�,W峌凱?�纈��SK?釪 C苰?qj聛}畝�M�1籟r�??C莥��B贆
?z��佰箭��f?MZu�H<�罰E,?L`uD�??侜�4?�咼�$袇��?b
�u�?�鰊,��PK朹?
钚xi醳耊崰b�?P�霽�=XM�??鄜x媹?拀;8&��鍎B��厭��潍礋 R? @僘糈鑳脦央壘峇�塡竧P?_! 畦佸 饞?0鹬�:?l麮%�鹽羘?��z�0+]�.,;莅M?鈢0�t�X�G兟�6rm�ご?I�雲?�0�e⑩"PQ�]鳾�窯c0??r*�???q�?(�S�?L�:�A)?挀7 ?勁滗? '銼葿DB諉�H�� R???/�Q讏lo玊D銏,K躋芕罤+汽�cAc?���H?6X"喔2N�嬙bS�h禒弔 7.z�"^齨pz8;莝
pu�?柔H? ??� CC?堞C胗?€�
j玪Cy 怌lCG�A??�鉑7嗰_??t
?畡??<??涼護�亪\,@ �L鲘W襹c|?V位~�,?苭M�?-
]�莟CC��盁2_埁,?)�V筱�n蕊Z隤WHaV欼綍�念l貖
菗?|?VT駐路t?襾?'娮:
*$R岭�PSh磿罼飃�[Y脿�咑踾盥N��3嬘|佲嵣妦`v??娗RQ帊R佮v?�?`.-€轓p%=鈛a'隽扩 B�QC侚轳?坏雗�咦 :?酣?赘
薵e�Yl亰xkw�?玮碪 B秚�=隋悡$\R����h煁藐%奀�,濼?鳴R(��扨焧K�噜�y灎Z ?�2=Y�6b黹?BzT??�c孶V幼?B:=�?P?@??F勠uR� :鬠纠�勩S
促_�
?Qhx�?ヌ 黍?Z?閖嫤P 0鴟燼���娒�??�$脼/?瑞x?u�??颮��r*???s$� <牀_�崅?V嫶WCf 凉&?ο4?>��k-戛k�礈敫\p尢訓*?�u/�馛�e垑�?霢??-c(jYd?A 乞�澻?b2�f�u��\�崸?f籂�"?�?攆B圣﹖��(��櫓\?�� ??鍞�猬 輫!�.�4礡黭-情D+?墙@B�廝?唺M?�m嬤�佶骝?�;蝨&��?2娫5R"墏渶`?鲤瀁鹆?�ZD鴤 巡王螗譢萷]S+�?>J�
企婼z}��鶪�塢��晫眞? UM)� .??郈?A趗>w殾?5UUU夋??��蛈'v长??7��G0I薗纑`p嬃WJyn?�颎餩H^J
?yD)��K3B?%,?0�>検PUTL烫癃B€d碦�鑘悵恖皭
怪?F/��?�湺S?虌�?^�?[?膒珼丹7(T�?Rt易�&C美恺Yx?焪?�硧苾f 钤 ?�(攊�`bn,��k<?�僇;萟�V?N�葠 得檟欣?�x?q�叔?�\l��`)輅?��7d氈柙?���櫃�� 焗窄6鸧?I$OID妌i陹�啃凌�
缐A��??攏 馌T挶�Q&S蝫涝せP]<倊y臈lP??Pw?萉�鲩�髅h�跥�?A�龚gO�
��鰗�,仩�h�h?F??9?E0?�爬?�^5襍Vf乆�/襶�€��斅\F囑? 岮�?��Pj螎?^u�?@ |???旆叹Nz?媵���a?�u鲻聾t�髭�?諦i??1~�^$黐唂氖%�埼x@綿k(�靸繸u�?鉭��?d�x�疤栴�麻??锣鋶O�?哚�湼?Cg嶱QjT?F記b葔M?;椟(勶!?<��?C氞蒁l橞N1/籹%Z4黌F?嬞??s鼚G�*�しI篅兡呍Ps?|墣Y吚F�t~U岪�屗V���u�榕?僣�硓M)�D檝>駊?w�冴Ys??儜-�9嬝�F� ╰�甜+揿俬瓸V屏
"?\i凹岶�F僥鬠??餹靱8媕?韨兛儅黇N�uNN.兛??{u 荅魸� +?M鳲??瑄蠰~n癎jT��?
B劙�2�?SD谤�|>孇瑠??
兺!塅'?c@ x~媀�^?9h
?S刋魨e4O僀�C8�鲚w瑘b)+骎S胤��[肽p价fR碱?賰
磃聂uぴ*�~枂 ?肵�鈰?99]t1am?Sp }~?饐�劋?P郳(?爐?豴恐�?Xt�UH薟?-?P�{ 3�uAhM⊿??� ?bXP 鷠穇;骔u�*?媀NU鴭} J?P4寈撄BW:;??勱!I�饍j?P]�V駃畦f9�2菺G?�恙w�8?兦v=v�j穰i谯t��z�t�
w�{耰€?x倖鷉�n?態?u2?戃T<Q.l?�j���?峨� v0. ?TJ蚊酓:j? 载]娒兠獆8NV攡rW!��枀襸�L?t 6?千P2蛉E鵀?G�?�}5V�曍9膮,2鳲€>�t�碞4;藅�A雁?�埨?h勸脜(k礠Q逆%65G4?�@,D�`碶??Z宾KO4癙�P兞M�竓 n癛0:笇@?G搮狒刱搄r?7?R?p8;渋?uJ??肼"d€�钉粣$k7:€8??|惏/F8铒Qwn墎U�猝BP ??网R^樂"8�塼/伬曨€鴫 u裚洧?o量�?<L�?*�謉 ~@>媁nd?覮?覡�Wv�<%?�?�泔低E狦�?$?瑣}渕U除?縒
�G�O⒙V w倎昆�t<?#??侮f?�K 霓�韄T,6 �?鈘!?僲�?L
┢爒�舸S 顉l�郇8)] LM^鍰��}戶R?z�]?Y濞鸧躷 '{~?幫盉0�諬鬡?x??唨+j^�?�F誒K�F^€u瑊?9!<�s/
J╒<蹿�頵\詊颵撒??悕F]???j�?阳2�� 係4鰄�渦??m隷4F]剙偆}��? w呮€)E 丒�? 7O�c职QPTN(駇�?褿j
'&汖?蛥Jz��:�椩��u�I阮�TF鎓鬓�?�#??�z紝7?;€��N?�?-你
呺 $稧�防怙^??7S/rH4n鰤谘�\Pc?��4s2<膵j��掹p 帪頣^�(鈮識8枳傪|�崍姧�隮��f篺>惂�W?斳樲^?^�^騳�S?�?X a�?$鏖莾MR a嘛?嬅_[懧? せ駘`宎? 餴帓?呀 ?VE湁S諫?鴢tWXT魪餴�??�閔鋗CZ?BP鹴v?�.J坠??d时苦Zt_h?銷h?嘰9?h橃,h�r鍚勽�ht瘅��?辏1??湾r?
滂祓�#u粊?W�嘲儬�蜺���輖?_�t至S?
tu*蜞?q鸉�~�� ~�C�溄 f9�} ?磌?€|.?窧 4�_�??=,?QgP]iJ鯡戈Y�柡镫=/鵂Z篪|誅P!�?C?藉 ?E?VX烧D兖Z?Unz�製2] 傯﨓炥tZ?(rU孷峪H氍0?CW塻pvR:^�黅f�?–愔峽Bu馥 l叼侄H$(�J$_r�尷B=ph靘骽�裍_?飲A窪黰�aq�+:堊脕6?�H�躠d'F??$@�k昴"菢p�擭<h?k�y ??鑠�饄攒 O?q??�=Op挽?�L?��'?B?R?忯�€兤�Vu^�n僇鸚崀�WN琋%f噸, 蝧???�厤0Mz?a?�峖�薮?w^~u16yF獅1,v�P梘`EnCI嬔�?吷妟�?&釧媀@> +�Iu髬啿+€l?�?dH?爨?疸?濼羾?橌?卛?h�S�婩槈~SX?[甥�pC�?綥K売P烉鬨kR?�喾R覰 蘥PT豖?�鲜8d蒙< A4僪W8伽e?^漉G|醆WR?�賸鹳鑼�b騯�??�"� ,??;鷟�僤0?�~
��u
婲�?N?K_??P�j嬃e蹖jhv韶$?U??X?聹tYF??6H�卌恦��仸�黀;?w ㈧��*?t?F蛛�
d媃踍?隚\�T;fYw�塀锟滵?��霵憈b霣[楠▇纞;屝5�硷|?t\j喰
�P醲溣傖拎V�穫VH?伭�SR‖�^\哑V谠1[@?F枪B^?`�f轻��&rD�?餤G�歞?\Bf€?�3颼x�� �?�8?蜵h??孈�~
躂撪?�B
�A+)椚 �€俯'蕉箈職}}�?Z
+m,�匦�?簇@誈�垍�兣X?4仩刪瑅@衛?<:�垍褼tM?H�DJ儀�?n圜w=y�9x�u'f9H�0 蹾$腖H ?????9X V賤倎J鈃(uu藡�鸲枸糩]韪
�{? �墊?4 攫囔%噵?��?\|4?觇笜(蒽臎vF補t?聥鱰9癠?蛥^$u/? �D#`
椎��滝?餚.粤酳x蔃t ?頞�c捌9�[^(D挡檙
鴔 A�觾吘獀^鑰j
鰈晬鱢潈N<�@罱?<DHY荈L鼣€?P鄍Lr�颞B1?~?L?_�﹗鋰彪F, 嶐t@崀 �黢h蚕妈�??5媆笀軧Ft鯦?+旚*� op苆z却k�|?猫?菰�o賀玤%岶D?�FO?'hK?)搗x? ?萚 V粗擛~?$畦�趗,权?6�(+N�?0筑鶿Z 慗?誓?�霜?���~b^?|Lv?KZ五c��揟嬲=��2越T卒<敃#�+u鑄f=僀猉9??�辑?Q黷X@磈澚苞鷏;ˋ$怘夃E0D? ?Z婨趿P�妺??8??A,VM<?�)峲"鴭昔黷酢?:�;l
泧
-A邙抵?︶龈h �簋�?攪?z��嚀�~ 秱�?豅f冏:@�Vh
?^翏縮#`� ?@�讲a遼9=鼊D周鷵)?t6 倀&jOtI>F擾儈?岗$uA(峲蜶��~Q€?`鋒8�-?�?�凱簐??�€d�@k?▍��?C"?|u�媣<瀡@塸阆?l磣D4N�N>嵾;P�,?�劚
靑鹒}�r� lD6翾�B?t�P?彀�S�
M0佱佪-�攤雟2,??uf黁%co银p4憅��
(鳬丑QH&N6 h礼頠崃?c瘪v
�]?o ?繾zB唡Wi蜼lv�,B?�?�gd?'|-�<-��耥紻.?��笖AC���g|鰳A???s
蠦詘��b9X�u5??j�?|�VP>u.
��塣Dh萢�迸B�?$S€?lj俻€秄:蝨(擣?咞XNS�鸽5$*€W
&癋?6\$炶?顪虌麫:jX�輸.S��预�RH}竱埀谨?膄�禘???雀Ux殟處"媴鵤?J孁}�?裨?FzjZ跃??MMP汝i纮? 欦鶅?€�Ti]繰紋�?~$磆袌???@寜�惼�???駆鉎榕云萖b崶h=P鉗`?_?r@�ˋ萢衟甼\K��V^C$??谧瘬??亹CF>鴗B=\匶N**,?黽?'柏A.,QQ8M[寢豏�缠谜�M謒欻J皏M鑃P?R?齤l�胠H;�僡H 鸱#?�螾p`-婬8��o�^�Q$ Uo淜)???`X?Plua�`霴b;€髂"2�?�A?8?螶d袆0槩韫�吇翗V倄
?﹁�]�W��8p�?衲8??弖�?%*PE��怛?�?^搧煲笗V纫穲飞x?準囙k�5堒;X{�緟Iご稻丰?$?=柏YL�V咿?訦�P1"Yu韸��業?+t�孯9晧Y_E&�JH^?�缏�xt艨利+苆?J欆? 沺0糉F`?烊剓
逗=+?\�E�Тv�輟埙ò'&茆捡:軪溼濉Kd嗑?紼?惔^薪�
�
澣鶕?と掝碤�.頥鱴Vち?浡?98�<h? TX��€�~?Q澅En纮B歌?r羺?k鸼P?Y潽戋2u7z�@�岺粹�臻Z42[J娓P瑜來燔s ? ?爔t,靔衟 鵛鵋D S媆C黊#:aM═弟�呖��(V?塸T^ �Ww�?歘^謜堿z飧嗷萐帬€y灭�?涌?zu��,媈$v�??[�?G<;&r锂qU境��蘙]?橵r#a?A`聆��1R# �?x;;吧?/��Y?�??@ €?�菟 j�C*j
蹗坘T??筻?/Q�躷枖�芈F堞??侻"鳼??N��2M1�8?N歇茕.A?6Lu�w�?�??筦G胧R?纉8�YGt VD;蟓�赼瓏�椅啜罒q央�3鲭�?倴嘎T跟4豚d羏��魂|
宺�*駜?b�梡?dZ ;鹶�s���q�轔u蛲eKu?j�1?UHZt阈1爐耩光崞盢(鼚NXM宇贫墌$�LPT棣?n�.�`�dp壘筡.唾
垖悢鱹坰?啘!??皆喐HvC�糘錽y�冷u哪藄y.痊虒漣|炐x崬?蟠鏸"訪W�?初`肧緇t菒蝅A焷t?╗� ??}�B臕棜7鉊`��
Ot椮~.E.W?k>�v`岶<?1bd�?紈h�墽�秠"皫嬸餚?嬯Q�錳Oq�綁^P0T {陀?TL�S �妙�幋?iL=?銔啫�S�jt免_S�=m9?0啢G郰S??~�袀��J崕[俢?+�?t耩騎?H称?B��b泪Y蚋i 閣
+N,+F0鈄劂H`峭災鄫海?$刻"L衛€�$?�肈�|1)囱?纜�fd嶀M殅??F,<?�?8wp;�?r�澙M誗`馬勿錙D 喥$,?��/$萻*�》*R4襒u忐9?鞃5.烬《$炷??挛*辷?z倁,
?K€?融??�?巔h??>]&绒V
>鍕C?�O��牂萂�?�?謠,嵗�0�v
�绿#�bB勃�x
繡�鰂タ[?畴'k纏�ni�袀q抓�>鑶|蓌{?n`ヴp荂h?_嗹??��t�€e�"佽凤<h#E�儅黮窮w书+崈虭岰<ov允??`(
Py4?襫+dT詤*l?m�墐?'╃{P徕:ij??崈蠮鎨鯡���x�~�?Vj麡PT,氅尞掩R,?壨a睑,`諦孍筣螨f�|?#?`} 9耖���p�QH?h??uF
g3:隲??鶫�暁摝?sBC藄藗%桲乘⑺L��P鴖5?龌萋"L|.???��寔婮J悁 ?鎐�簚�V
睦╕鹭V8x媉8%囄+�( 凴i�A^�擠?匂B姞塭?N�Z(Q樌馰瓆�u8溵�巹nT�爊WE?R?鑅穦Y^.貾腂V<M麀塮m??ns�@6`??曎J��Ww�袏�Щv�nXB
墫】p嗉��璜饚Rh罋` -斆?:宆?$<嚨J?凨覰?愄敗荅凘�]?ù?�@x[|�K|枳鷛
樆鋜�?@CE蟶惤f��滀 f� E槂?侞$毿?j|譗h@礢彷`\U`(錅R�@?2C?@*?�縤?
嚖�?AU??a忙?�_}6cA奂?鹉R�勪?喑a癔RC讶碫?〓p�?`?\釉dh?C奆?�o
\懞銚C?�筶da\*,�燞碻 � 狧�,?<镺?�???溊厭虚k�??蜵鄒.碞pQ:??<X鯢r�?伷€?c婹 ?A(勩F寪c儩�剕*BR4�鰫M� 墊K牟�$P`"�;��lk匓Q��?S*炸�g?頟h?D�??�P?涱?崮uj金饒?�賄?r?T``碨?*f惵踙匾倶慄檆�M訰c�甍?�Np6觀蒇骽襱屿`?�
N稼^尙胕���罓�孉{h?�?奐�� @嬃觸目舩饐b�?)沿檥qv梽?P0榁? 驇HR&!P�x�
�鱰�腄T4瓢焩?l?歉�宂?�楶tY?渀躛Dc|C??袑P:�SX隋B氫歌�A譧愯銶�瓢6�甔€Ly]h%�俦I鑲�Alu�桔L辶Q頡 奌}?<⒉�9�n�o?�?抰!�鸷 ??鱏??,婣L€&d?q�訆v蝒?謱�C罥�4,?qtk?�殑Alu,?锲m則�$�鯠$饍纜
瑒 ^�5C4???;U�?$.靸??I d%⑹0瘟肓%?vh7H棜FM褃]aLI6?励rp?禗}蔈鴬饯€嵈4�
9畭|f�???刟�yh�魭?奼QQ儅 tO貶v?96??m)��?�?A骄饚?�?%L繤?iv墋鬞訞#衾�阮娝��桰 ?�{4T磁?~?鰙[Lx?ИJ}霦??胼葪盍�糝G /键鍆^!?烉3鰂9x0q??唭G銻Vs$4
{?�?<�toF�稝0;餽仉{抻綴S嗍鳹X D)炏 ?p?0IuH屿|�頳�肦.�0h�l�ULK拣)�B?届%�砽4Rd???0Q篜郧�鷯wtV
Lky?`��鮍#W0?w�蝅隳�>肒?A?||f?9^ ?鈞t~"W?@燕m6蘊K鳼"F vx(�^v6琓]鴮b?):�蠇r�侢�:﨨"
-
paste here the Combofix log again:
ComboFix 11-02-09.05 - Vivian 0/2011 Thu 18:17:42.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1983.1348 [GMT -8:00]
执行位置: c:\documents and settings\Vivian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Vivian\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"C:\asdfasfas.bat"
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\asdfasfas.bat
.
((((((((((((((((((((((((( 2011-01-11 至 2011-02-11 的新的档案 )))))))))))))))))))))))))))))))
.
2011-02-11 02:14 . 2011-02-11 02:15 -------- d-----w- C:\32788R22FWJFW
2011-02-11 00:40 . 2011-02-11 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-02-11 00:40 . 2011-02-11 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-02-11 00:39 . 2011-02-11 00:39 -------- d-----w- c:\program files\McAfee Security Scan
2011-02-11 00:29 . 2011-02-11 00:29 -------- d-----w- c:\documents and settings\Vivian\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-02-10 01:06 . 2011-02-10 01:06 187 ----a-w- c:\documents and settings\NetworkService\Application Data\7109.bat
2011-02-10 00:06 . 2011-02-10 00:06 187 ----a-w- c:\documents and settings\NetworkService\Application Data\6348.bat
2011-02-09 18:06 . 2011-02-09 18:06 183 ----a-w- c:\documents and settings\NetworkService\Application Data\1980.bat
2011-02-09 06:06 . 2011-02-09 06:06 189 ----a-w- c:\documents and settings\NetworkService\Application Data\849.bat
2011-02-09 05:08 . 2011-02-09 05:08 187 ----a-w- c:\documents and settings\NetworkService\Application Data\870.bat
2011-02-09 04:06 . 2011-02-09 04:06 183 ----a-w- c:\documents and settings\NetworkService\Application Data\1857.bat
2011-02-09 03:08 . 2011-02-09 03:08 187 ----a-w- c:\documents and settings\NetworkService\Application Data\5794.bat
2011-02-09 02:06 . 2011-02-09 02:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\4508.bat
2011-02-09 01:06 . 2011-02-09 01:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9649.bat
2011-02-09 00:06 . 2011-02-09 00:06 181 ----a-w- c:\documents and settings\NetworkService\Application Data\5825.bat
2011-02-08 23:06 . 2011-02-08 23:06 179 ----a-w- c:\documents and settings\NetworkService\Application Data\8103.bat
2011-02-08 22:08 . 2011-02-08 22:08 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2915.bat
2011-02-08 20:06 . 2011-02-08 20:06 183 ----a-w- c:\documents and settings\NetworkService\Application Data\678.bat
2011-02-08 18:06 . 2011-02-08 18:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2727.bat
2011-02-08 07:06 . 2011-02-08 07:06 179 ----a-w- c:\documents and settings\NetworkService\Application Data\2785.bat
2011-02-08 06:06 . 2011-02-08 06:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\2932.bat
2011-02-08 05:10 . 2011-02-08 05:10 179 ----a-w- c:\documents and settings\NetworkService\Application Data\9124.bat
2011-02-08 03:06 . 2011-02-08 03:06 181 ----a-w- c:\documents and settings\NetworkService\Application Data\2305.bat
2011-02-08 02:06 . 2011-02-08 02:06 187 ----a-w- c:\documents and settings\NetworkService\Application Data\992.bat
2011-02-08 01:06 . 2011-02-08 01:06 179 ----a-w- c:\documents and settings\NetworkService\Application Data\3323.bat
2011-02-07 23:42 . 2011-02-07 23:42 388096 ----a-r- c:\documents and settings\Vivian\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-07 23:25 . 2011-02-07 23:25 -------- d-----w- c:\program files\Common Files\Java
2011-02-07 23:21 . 2010-11-13 02:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-07 23:21 . 2010-11-13 02:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-07 23:06 . 2011-02-07 23:06 183 ----a-w- c:\documents and settings\NetworkService\Application Data\5763.bat
2011-02-07 22:19 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-07 22:19 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-07 22:06 . 2011-02-07 22:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\9986.bat
2011-02-07 21:20 . 2011-02-07 21:20 -------- d-----w- c:\documents and settings\Vivian\Application Data\SUPERAntiSpyware.com
2011-02-07 21:20 . 2011-02-07 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-02-07 21:20 . 2011-02-07 21:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-02-07 21:06 . 2011-02-07 21:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\173.bat
2011-02-07 20:06 . 2011-02-07 20:06 189 ----a-w- c:\documents and settings\NetworkService\Application Data\5627.bat
2011-02-07 19:41 . 2011-02-07 23:30 -------- d-----w- c:\program files\CCleaner
2011-02-07 12:06 . 2011-02-07 12:06 185 ----a-w- c:\documents and settings\NetworkService\Application Data\7059.bat
2011-02-05 22:20 . 2011-02-05 22:20 -------- d-----w- c:\documents and settings\Vivian\Application Data\Sammsoft
2011-02-05 22:19 . 2011-02-07 23:38 -------- d-----w- c:\program files\Ask.com
2011-02-05 22:19 . 2011-02-07 23:38 -------- d-----w- c:\program files\Advanced Registry Optimizer
2011-02-05 04:02 . 2011-02-05 04:02 -------- d-----w- c:\windows\system32\Registry Patrol
2011-02-05 04:02 . 2011-02-05 22:24 -------- d-----w- c:\program files\Registry Patrol
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 15:45 . 2011-01-30 15:45 135568 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-01-28 17:37 . 2011-01-28 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Fun4IM
2011-01-28 17:37 . 2011-01-28 17:37 -------- d-----w- c:\program files\Fun4IM
2011-01-22 06:08 . 2005-05-03 17:33 299008 ----a-w- c:\windows\system32\LAME_MP3.dll
2011-01-22 06:08 . 2002-12-04 06:13 1048576 ----a-w- c:\windows\system32\lameACM.acm
2011-01-22 06:08 . 2011-02-07 23:38 -------- d-----w- c:\program files\Lame MP3 Codec
2011-01-22 06:08 . 2011-01-22 06:08 -------- d-----w- C:\My Video
2011-01-22 06:08 . 2011-01-22 06:08 65024 ----a-w- c:\windows\IFinst26.exe
2011-01-22 06:07 . 2011-01-22 06:07 -------- d-----w- c:\program files\XviD
2011-01-20 19:08 . 2011-01-20 19:08 -------- d-----w- c:\documents and settings\pso\Local Settings\Application Data\Apple
2011-01-14 22:18 . 2011-01-14 22:18 -------- d-----w- c:\documents and settings\pso\Local Settings\Application Data\HP
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-09-22 03:24 38848 ----a-w- c:\windows\avastSS.scr
2011-01-13 08:47 . 2010-09-22 03:24 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-09-22 03:25 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-09-22 03:25 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-09-22 03:25 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-09-22 03:25 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-09-22 03:25 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-09-22 03:25 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-09-22 03:25 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-23 19:18 . 2010-11-17 05:57 0 -c--a-w- c:\documents and settings\Guest\Local Settings\Application Data\Gxekotev.bin
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2011-02-10_02.02.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-11 02:25 . 2011-02-11 02:25 16384 c:\windows\temp\Perflib_Perfdata_4b0.dat
+ 2004-08-04 12:00 . 2011-02-11 00:26 68156 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2011-02-10 00:28 68156 c:\windows\system32\perfc009.dat
+ 2010-11-10 20:49 . 2010-11-10 20:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
+ 2004-08-04 12:00 . 2011-02-11 00:26 435260 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2011-02-10 00:28 435260 c:\windows\system32\perfh009.dat
+ 2010-11-10 20:49 . 2010-11-10 20:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
+ 2011-02-11 00:48 . 2011-02-11 00:48 2283008 c:\windows\Installer\18ec2d.msi
+ 2010-11-10 20:49 . 2010-11-10 20:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 20:49 . 2010-11-10 20:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 20:49 . 2010-11-10 20:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\18ec2e.msp
+ 2010-11-10 20:49 . 2010-11-10 20:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 06:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-08 39408]
"AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2006-07-21 126976]
"MAAgent"="c:\program files\MarkAny\ContentSafer\MAAgent.exe" [2006-06-02 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
c:\documents and settings\tso\Start Menu\Programs\Startup\
???ˉiTudou.lnk - [N/A]
???ˉ·é?ùíá?1.lnk - [N/A]
启动iTudou.lnk - c:\documents and settings\Vivian\My Documents\iTudou\iTudou.exe [N/A]
启动飞速土豆.lnk - c:\program files\Tudou\·é?ùTudou\TudouVa.exe [N/A]
c:\documents and settings\Vivian\Start Menu\Programs\Startup\
???ˉ·é?ùíá?1.lnk - [N/A]
启动飞速土豆.lnk - c:\program files\Tudou\·é?ùTudou\TudouVa.exe [N/A]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Tudou\\·é?ùTudou\\TudouVa.exe"=
"c:\\Documents and Settings\\tso\\My Documents\\·é?ùTudou\\TudouVa.exe"=
"c:\\Documents and Settings\\tso\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\tso\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/21/2010 7:25 PM 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/21/2010 7:25 PM 17744]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [9/29/2009 7:11 AM 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [9/29/2009 7:11 AM 10496]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [9/29/2009 7:11 AM 12928]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/8/2010 2:18 PM 135664]
S2 KAVSafe;KAVSafe;\??\c:\windows\system32\Drivers\KAVSafe.sys --> c:\windows\system32\Drivers\KAVSafe.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/21/2009 2:10 PM 717296]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PGFILTER
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
‘计划任务’ 文件夹 里的内容
2011-02-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
2011-01-04 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 12:42]
2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 22:18]
2011-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-08 22:18]
2011-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1788223648-725345543-1007Core.job
- c:\documents and settings\tso\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 13:36]
2011-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-1788223648-725345543-1007UA.job
- c:\documents and settings\tso\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-31 13:36]
2011-02-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-09-29 06:44]
.
.
------- 而外的扫描 -------
.
uInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Vivian\Application Data\Mozilla\Firefox\Profiles\ig45u6wy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1296281471&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-us&cbcxt=mai&snsc=1
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=
FF - prefs.js: network.proxy.type - 2
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Sammsoft Toolbar: [email protected] - %profile%\extensions\[email protected]
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-DATAMNGR - c:\progra~1\WI9130~1\Datamngr\DATAMN~1.EXE
AddRemove-·é?ùíá?1 - c:\program files\Tudou\·é?ùTudou\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-10 18:27
Windows 5.1.2600 Service Pack 3 NTFS
扫描被隐藏的进程 。。。
扫描被隐藏的启动组 。。。
扫描被隐藏的文件 。。。
扫描完成
被隐藏的档案: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST350041 rev.CC34 -> Harddisk0\DR0 -> \Device\Scsi\nvgts1
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A579EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x889cc872; SUB DWORD [EBP-0x4], 0x889cc12e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A6D5030]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000069[0x8A6FC9E8]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A710030]
[0x8A5FE630] -> IRP_MJ_CREATE -> 0x8A579EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Scsi\nvgts1Port2Path0Target0Lun0 -> \??\SCSI#Disk&Ven_ST350041&Prod_0AS&Rev_CC34#4&6727837&0&000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1454471165-1788223648-725345543-1003_Classes\O*v*e*r*t*u*r*e* *�j\媇
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1454471165-1788223648-725345543-1003_Classes\O*v*e*r*t*u*r*e* *�j\媆DefaultIcon]
@=expand:"%APPDATA%\\Microsoft\\Installer\\{64C3D5BE-47B3-4085-B6D5-585D2677145A}\\_294823.exe,0"
[HKEY_USERS\S-1-5-21-1454471165-1788223648-725345543-1003_Classes\O*v*e*r*t*u*r*e* *�j\媆shell]
@="open"
[HKEY_USERS\S-1-5-21-1454471165-1788223648-725345543-1003_Classes\O*v*e*r*t*u*r*e* *�j\媆shell\open]
@="開啟(&O)"
[HKEY_USERS\S-1-5-21-1454471165-1788223648-725345543-1003_Classes\O*v*e*r*t*u*r*e* *�j\媆shell\open\command]
@="\"c:\\Program Files\\Overture 4.0 繁體中文版\\Overture.exe\" \"%1\""
"command"=multi:"6{kHH=g^g8k`.!F03tyD>?%)duR)D9Xu~OSIW`PT- \"%1\"\00\00"
.
--------------------- 运行进程下的动态链接库 ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(1692)
c:\windows\system32\WININET.dll
c:\program files\MarkAny\ContentSafer\MaCSProHook.DLL
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\conime.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
完成时间: 2011-02-10 18:31:02 - 电脑已重新启动
ComboFix-quarantined-files.txt 2011-02-11 02:30
ComboFix2.txt 2011-02-11 02:10
ComboFix3.txt 2011-02-10 02:09
Pre-Run: 433,890,078,720 bytes free
Post-Run: 433,873,272,832 bytes free
- - End Of File - - AB139A4069DAB74B3BF6D62CB6132BD9
-
Hi,
Sori I don't think the last Spypot log was done properly. I try to work on it again and paste a fresh copy here:
Module End: A6361000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: AA567728
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwClose
Address: AA56E7EA
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwCreateKey
Address: AA56E6A2
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwDeleteKey
Address: AA56ECA8
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwDeleteValueKey
Address: AA56EBBE
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwDuplicateObject
Address: AA56E276
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwFreeVirtualMemory
Address: AA5677D8
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwOpenKey
Address: AA56E77E
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwOpenProcess
Address: AA56E1B2
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwOpenThread
Address: AA56E218
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwProtectVirtualMemory
Address: AA567870
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwQueryValueKey
Address: AA56E8C2
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwRenameKey
Address: AA56ED76
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwRestoreKey
Address: AA56E880
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwSetValueKey
Address: AA56EA04
Driver Base: AA55E000
Driver End: AA5A5000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwLoadDriver
At Address: 8058413A
Jump To: AA57B790
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ZwCreateSection
At Address: 805AB38E
Jump To: AA57B656
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ZwCreateProcessEx
At Address: 805D1134
Jump To: AA57B832
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ZwClose
At Address: 805BC502
Jump To: AA5771EE
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: PsCreateSystemThread
At Address: 805D1134
Jump To: AA57B832
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ObMakeTemporaryObject
At Address: 805BC502
Jump To: AA5771EE
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ObInsertObject
At Address: 805C2F86
Jump To: AA578C88
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ObCloseHandle
At Address: 805BC502
Jump To: AA5771EE
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
******************************************************************************************
******************************************************************************************
No hidden files/folders found
Thank you very much for your help. Have a nice weekend. :)
-
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
here is the TDDSkiller log:
2011/02/12 11:01:05.0421 2916 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/12 11:01:05.0640 2916 ================================================================================
2011/02/12 11:01:05.0640 2916 SystemInfo:
2011/02/12 11:01:05.0640 2916
2011/02/12 11:01:05.0640 2916 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/12 11:01:05.0640 2916 Product type: Workstation
2011/02/12 11:01:05.0640 2916 ComputerName: VIVIANSCOMPUTER
2011/02/12 11:01:05.0640 2916 UserName: Vivian
2011/02/12 11:01:05.0640 2916 Windows directory: C:\WINDOWS
2011/02/12 11:01:05.0640 2916 System windows directory: C:\WINDOWS
2011/02/12 11:01:05.0640 2916 Processor architecture: Intel x86
2011/02/12 11:01:05.0640 2916 Number of processors: 2
2011/02/12 11:01:05.0640 2916 Page size: 0x1000
2011/02/12 11:01:05.0640 2916 Boot type: Normal boot
2011/02/12 11:01:05.0640 2916 ================================================================================
2011/02/12 11:01:05.0890 2916 Initialize success
2011/02/12 11:01:37.0218 4048 ================================================================================
2011/02/12 11:01:37.0218 4048 Scan started
2011/02/12 11:01:37.0218 4048 Mode: Manual;
2011/02/12 11:01:37.0218 4048 ================================================================================
2011/02/12 11:01:37.0453 4048 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/02/12 11:01:37.0531 4048 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/12 11:01:37.0562 4048 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/12 11:01:37.0609 4048 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2011/02/12 11:01:37.0687 4048 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/12 11:01:37.0734 4048 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/12 11:01:37.0875 4048 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/02/12 11:01:38.0000 4048 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/02/12 11:01:38.0062 4048 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/02/12 11:01:38.0109 4048 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/02/12 11:01:38.0125 4048 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/02/12 11:01:38.0140 4048 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/02/12 11:01:38.0156 4048 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/02/12 11:01:38.0203 4048 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/12 11:01:38.0218 4048 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/12 11:01:38.0250 4048 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/12 11:01:38.0296 4048 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/12 11:01:38.0375 4048 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/12 11:01:38.0437 4048 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/12 11:01:38.0468 4048 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/12 11:01:38.0500 4048 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/12 11:01:38.0546 4048 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/12 11:01:38.0562 4048 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/12 11:01:38.0703 4048 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/12 11:01:38.0750 4048 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/12 11:01:38.0781 4048 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/12 11:01:38.0796 4048 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/12 11:01:38.0843 4048 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/12 11:01:38.0890 4048 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/12 11:01:38.0921 4048 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/12 11:01:38.0953 4048 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/12 11:01:38.0968 4048 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/12 11:01:39.0000 4048 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/12 11:01:39.0046 4048 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/12 11:01:39.0109 4048 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
2011/02/12 11:01:39.0125 4048 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/12 11:01:39.0140 4048 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/12 11:01:39.0203 4048 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/12 11:01:39.0250 4048 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/12 11:01:39.0281 4048 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/12 11:01:39.0328 4048 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/12 11:01:39.0406 4048 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/12 11:01:39.0453 4048 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/12 11:01:39.0468 4048 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/12 11:01:39.0515 4048 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/12 11:01:39.0578 4048 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/12 11:01:39.0625 4048 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/12 11:01:39.0796 4048 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/12 11:01:39.0875 4048 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/12 11:01:39.0906 4048 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/12 11:01:39.0937 4048 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/12 11:01:39.0953 4048 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/12 11:01:39.0984 4048 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/12 11:01:40.0000 4048 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/12 11:01:40.0031 4048 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/12 11:01:40.0078 4048 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/12 11:01:40.0109 4048 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/12 11:01:40.0140 4048 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/12 11:01:40.0187 4048 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/12 11:01:40.0250 4048 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
2011/02/12 11:01:40.0312 4048 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
2011/02/12 11:01:40.0312 4048 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
2011/02/12 11:01:40.0390 4048 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/02/12 11:01:40.0453 4048 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/12 11:01:40.0468 4048 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/12 11:01:40.0484 4048 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/12 11:01:40.0531 4048 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/12 11:01:40.0546 4048 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/12 11:01:40.0593 4048 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/12 11:01:40.0656 4048 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/12 11:01:40.0687 4048 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/12 11:01:40.0718 4048 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/12 11:01:40.0734 4048 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/12 11:01:40.0750 4048 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/12 11:01:40.0796 4048 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/12 11:01:40.0859 4048 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/12 11:01:40.0859 4048 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/12 11:01:40.0906 4048 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/12 11:01:40.0937 4048 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/12 11:01:41.0000 4048 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/12 11:01:41.0031 4048 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/12 11:01:41.0046 4048 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/12 11:01:41.0062 4048 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/12 11:01:41.0078 4048 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/12 11:01:41.0109 4048 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/12 11:01:41.0140 4048 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/12 11:01:41.0187 4048 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/12 11:01:41.0218 4048 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/12 11:01:41.0250 4048 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/12 11:01:41.0421 4048 nv (8e6c08918dd6af8403cc24969582761a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/12 11:01:41.0546 4048 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/02/12 11:01:41.0562 4048 nvgts (a117466b0acb13288deee4f2e936e67f) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/02/12 11:01:41.0578 4048 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/02/12 11:01:41.0609 4048 nvsmu (03dbb885deae94f06c06ec06acdb8b47) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2011/02/12 11:01:41.0640 4048 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/12 11:01:41.0656 4048 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/12 11:01:41.0703 4048 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/12 11:01:41.0718 4048 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/12 11:01:41.0750 4048 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/12 11:01:41.0765 4048 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/12 11:01:41.0812 4048 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/12 11:01:41.0843 4048 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/12 11:01:41.0890 4048 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/02/12 11:01:42.0000 4048 pepifilter (16bc447de474a9e125db39806714f1e1) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/02/12 11:01:42.0093 4048 PID_08A0 (7a31b09c7f037a1217b658465f19bbce) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
2011/02/12 11:01:42.0171 4048 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/12 11:01:42.0187 4048 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/12 11:01:42.0203 4048 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/12 11:01:42.0218 4048 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/12 11:01:42.0343 4048 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/12 11:01:42.0375 4048 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/12 11:01:42.0390 4048 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/12 11:01:42.0406 4048 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/12 11:01:42.0437 4048 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/12 11:01:42.0453 4048 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/12 11:01:42.0468 4048 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/12 11:01:42.0515 4048 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/12 11:01:42.0546 4048 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/12 11:01:42.0640 4048 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/12 11:01:42.0656 4048 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/12 11:01:42.0718 4048 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/12 11:01:42.0765 4048 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/12 11:01:42.0812 4048 Serial (01ba925dc6e31ba9cba16c5b452ac341) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/12 11:01:42.0812 4048 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: 01ba925dc6e31ba9cba16c5b452ac341, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7
2011/02/12 11:01:42.0828 4048 Serial - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/02/12 11:01:42.0875 4048 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/12 11:01:42.0953 4048 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/12 11:01:43.0000 4048 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/12 11:01:43.0062 4048 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/12 11:01:43.0093 4048 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/12 11:01:43.0140 4048 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/12 11:01:43.0187 4048 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/12 11:01:43.0218 4048 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/12 11:01:43.0234 4048 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/12 11:01:43.0312 4048 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/12 11:01:43.0390 4048 Tcpip (4afb3b0919649f95c1964aa1fad27d73) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/12 11:01:43.0421 4048 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/12 11:01:43.0437 4048 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/12 11:01:43.0453 4048 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/12 11:01:43.0515 4048 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/12 11:01:43.0562 4048 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/12 11:01:43.0625 4048 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/12 11:01:43.0671 4048 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/02/12 11:01:43.0703 4048 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/12 11:01:43.0765 4048 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/02/12 11:01:43.0796 4048 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/12 11:01:43.0828 4048 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/12 11:01:43.0859 4048 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/02/12 11:01:43.0875 4048 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/12 11:01:43.0937 4048 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/12 11:01:43.0953 4048 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/12 11:01:44.0031 4048 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/12 11:01:44.0046 4048 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/12 11:01:44.0093 4048 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/12 11:01:44.0125 4048 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/12 11:01:44.0187 4048 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/12 11:01:44.0296 4048 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/02/12 11:01:44.0328 4048 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/12 11:01:44.0468 4048 ================================================================================
2011/02/12 11:01:44.0468 4048 Scan finished
2011/02/12 11:01:44.0468 4048 ================================================================================
2011/02/12 11:01:44.0484 1240 Detected object count: 1
2011/02/12 11:02:17.0312 1240 Serial (01ba925dc6e31ba9cba16c5b452ac341) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/12 11:02:17.0312 1240 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: 01ba925dc6e31ba9cba16c5b452ac341, Fake md5: cca207a8896d4c6a0c9ce29a4ae411a7
2011/02/12 11:02:18.0437 1240 Backup copy found, using it..
2011/02/12 11:02:18.0484 1240 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured after reboot
2011/02/12 11:02:18.0484 1240 Rootkit.Win32.TDSS.tdl3(Serial) - User select action: Cure
2011/02/12 11:02:32.0140 3704 Deinitialize success
-
I have to log in as the administrator to do all the download etc. If the problem is fixed, will all the other users' be clean as well. Thank you for your reply.
-
If the problem is fixed, will all the other users' be clean as well. Thank you for your reply.
It's possible that the other accounts may not be infected.
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
-
paste below the sysProtLog:
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: klmdb.sys
Service Name: ---
Module Base: B9F95000
Module End: B9FA7000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_diskdump.sys
Service Name: ---
Module Base: BA574000
Module End: BA578000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_nvgts.sys
Service Name: ---
Module Base: A9648000
Module End: A966C000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: A9AC5728
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwClose
Address: A9ACC7EA
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwCreateKey
Address: A9ACC6A2
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwDeleteKey
Address: A9ACCCA8
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwDeleteValueKey
Address: A9ACCBBE
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwDuplicateObject
Address: A9ACC276
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwFreeVirtualMemory
Address: A9AC57D8
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwOpenKey
Address: A9ACC77E
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwOpenProcess
Address: A9ACC1B2
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwOpenThread
Address: A9ACC218
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwProtectVirtualMemory
Address: A9AC5870
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwQueryValueKey
Address: A9ACC8C2
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwRenameKey
Address: A9ACCD76
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwRestoreKey
Address: A9ACC880
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
Function Name: ZwSetValueKey
Address: A9ACCA04
Driver Base: A9ABC000
Driver End: A9B03000
Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS
******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwLoadDriver
At Address: 8058413A
Jump To: A9AD9790
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ZwCreateSection
At Address: 805AB38E
Jump To: A9AD9656
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ZwCreateProcessEx
At Address: 805D1134
Jump To: A9AD9832
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ZwClose
At Address: 805BC502
Jump To: A9AD51EE
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: PsCreateSystemThread
At Address: 805D1134
Jump To: A9AD9832
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ObMakeTemporaryObject
At Address: 805BC502
Jump To: A9AD51EE
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ObInsertObject
At Address: 805C2F86
Jump To: A9AD6C88
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
Hooked Function: ObCloseHandle
At Address: 805BC502
Jump To: A9AD51EE
Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS
******************************************************************************************
******************************************************************************************
No hidden files/folders found
-
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png) icon on your desktop.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png)
•Click the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png) button.
•Accept any security warnings from your browser.
•Check (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png)
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png) button.
•Push (http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Hi,
Here is the esetscan log:
C:\Documents and Settings\LocalService\Application Data\Dg315.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\LocalService\Application Data\gIUmaH.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\ABpPVHn.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\agnJfGUm.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\bU4jKBT5s.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\BW6Zb1w.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\cEgsKwLv.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\cmpMAccOW.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\d9DdCnI.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\DClrZf.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\dTTAVm7w.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\eATjtUMMlq.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\EbAWYz4KL.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\eBsTQCa.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Ec84Y.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\elyDEy.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\eXXkT.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\FDbuIe8.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\gADFxe.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\h4EGktfYTC.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\hv121J.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\IIRl8C.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Ixfie7In.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\j6FjOi.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\JKzGpiA4.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\jRZQkb.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\jwjOOHS.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\kkf2SHGE.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Knagaa.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\kydWOJp8Bn.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\L9xvszl4Z0.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Lny1dk7HB.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\lt12Hxw.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Mt7i3.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\OBeRFtUn.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\pKvCiY9a1.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\q3nnNE.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\qa3zHER7.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\qrxACl5Qww.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\R2prVW2cDh.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\RxQTIZ.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\sBSb7K4.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\sjClyspBNI.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\t7KP33.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\tJuiNKuAYT.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\tUFlNx3.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\U5L8RAP.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\u8ryUul.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Umv0RD.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\usByFMzyvJ.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\uwos0Hzl9.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\wnxmvkKDLz.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\xcoRwV0Cy5.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\XMwpWPtB.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\xnggzL.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\y2oLayx.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\zeQFRhwB.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\extensions\[email protected]\components\FFPlugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Documents and Settings\pso\Application Data\HIOuTNg8m.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\Documents and Settings\Vivian\Application Data\Sun\Java\Deployment\cache\6.0\10\7335bc8a-28c6fec4 Java/TrojanDownloader.Agent.NBU trojan deleted - quarantined
C:\Documents and Settings\Vivian\Application Data\Sun\Java\Deployment\cache\6.0\52\7b96b734-7a77cd19 multiple threats deleted - quarantined
C:\Documents and Settings\Vivian\Application Data\Sun\Java\Deployment\cache\6.0\63\3b4b16ff-2d417149 multiple threats deleted - quarantined
C:\Documents and Settings\Vivian\My Documents\Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Program Files\Fun4IM\Bandoo.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Fun4IM\BandooGo.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Fun4IM\BandooUI.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Fun4IM\BndCore.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Fun4IM\ExtensionsManager.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Fun4IM\InstallerHelper.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Fun4IM\Plugins\IE\ieplugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Fun4IM\Plugins\MSN\msnplugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Fun4IM\Plugins\OE\OEPlugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Program Files\Fun4IM\Plugins\Yahoo\YahooPlugin.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\adlLiqYG.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\b6QoiXh7Q.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\bFO2Zoi.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\CyfcDLWjM.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\DtqYKLlS8.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\E4FX3Cdk.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\e772kDzUDL.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Ep5N5t.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Ffaz9.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\h7pyL.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\l8pEFK.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\q08QKEW.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\q67JNRUg6.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\QjzXjXJ.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\u5WQTB.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\UBn8ksEj.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\uF58FR0.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\ul4VTLeSR.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Uldc8RgM.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\UzPn7.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\yOz9m.exe.vir Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\.#searchqutb.js.1.3.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.htm.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\toolbar.xul.vir Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP12\A0042069.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP12\A0042070.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP12\A0042071.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP12\A0042072.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP12\A0042073.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP12\A0042074.exe a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP12\A0042075.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP12\A0042076.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP12\A0042077.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP12\A0042078.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP12\A0042079.dll a variant of Win32/Adware.Bandoo.AA application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP2\A0017049.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028210.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028211.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028212.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028213.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028214.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028215.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028216.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028217.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028218.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028219.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028220.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028221.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028222.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028223.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028225.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028226.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028227.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028228.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028229.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028230.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028231.exe Win32/Delf.PWW trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028241.dll Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP5\A0028242.dll Win32/Adware.Bandoo application cleaned by deleting - quarantined
C:\WINDOWS\system32\123.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\12543.js JS/TrojanDownloader.Agent.NWG trojan cleaned by deleting - quarantined
Thank you.
-
Wow! Your computer should be running much better now. Please let me know.
-
thank you for all your work.
The error msg is appear when I log in as the other users. Does it matter? If I click OK I still can log in my e-mail etc.
Thank you again for your time.
-
thank you for all your work.
The error msg is appear when I log in as the other users. Does it matter? If I click OK I still can log in my e-mail etc.
Thank you again for your time.
Can you tell me the error message?
-
Hi,
The error msg is different for each user:
1) Error loading C:\WINDOWS\oteqageteyojomunc.dll
The specified module could not be found
2) Error loading C:\WINDOWS\LTWMG1ws.dll
The specified module could not be found
3) Error loading C:\WINDOWS\ojexiyayidad
Thank you,
-
Ok. Make sure you log into that account before running these scans.
SUPERAntiSpyware
If you already have SUPERAntiSpyware be sure to check for updates before scanning!
Download SuperAntispyware Free Edition (SAS) (http://www.superantispyware.com/download.html)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.
•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:
•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked
•Click the Close button to leave the control center screen.
* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes
•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.
•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...
* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
******************************************
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Please download Malwarebytes Anti-Malware from here. (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe)
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy and paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
Hi,
I have trouble in initializing/loading TDSSkiller. Is it because I have used it once before (log in as the Administrator)?
Please help.
Thanks
-
Hi,
Here are the logs for 3 different users:
1)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/16/2011 at 10:09 PM
Application Version : 4.48.1000
Core Rules Database Version : 6419
Trace Rules Database Version: 4231
Scan type : Complete Scan
Total Scan Time : 00:44:01
Memory items scanned : 355
Memory threats detected : 0
Registry items scanned : 8436
Registry threats detected : 2
File items scanned : 69329
File threats detected : 3
Malware.Trace
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
Adware.Tracking Cookie
.adinterax.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
alwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5781
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2/17/2011 10:20:58 AM
mbam-log-2011-02-17 (10-20-58).txt
Scan type: Full scan (C:\|)
Objects scanned: 201150
Time elapsed: 19 minute(s), 7 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
2)
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/16/2011 at 07:50 PM
Application Version : 4.48.1000
Core Rules Database Version : 6418
Trace Rules Database Version: 4230
Scan type : Complete Scan
Total Scan Time : 01:05:08
Memory items scanned : 543
Memory threats detected : 0
Registry items scanned : 8558
Registry threats detected : 4
File items scanned : 100374
File threats detected : 175
Adware.Tracking Cookie
C:\Documents and Settings\pso\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\pso\Cookies\pso@doubleclick[1].txt
C:\Documents and Settings\pso\Cookies\system@fastclick[2].txt
C:\Documents and Settings\pso\Cookies\system@networldmedia[2].txt
C:\Documents and Settings\pso\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\pso\Cookies\pso@interclick[1].txt
C:\Documents and Settings\pso\Cookies\system@pointroll[2].txt
C:\Documents and Settings\pso\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\pso\Cookies\[email protected][1].txt
C:\Documents and Settings\pso\Cookies\[email protected][2].txt
C:\Documents and Settings\pso\Cookies\pso@imrworldwide[2].txt
C:\Documents and Settings\pso\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\pso\Cookies\system@atdmt[1].txt
C:\Documents and Settings\pso\Cookies\system@adcentriconline[1].txt
C:\Documents and Settings\pso\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\pso\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\pso\Cookies\pso@fastclick[1].txt
C:\Documents and Settings\pso\Cookies\[email protected][2].txt
C:\Documents and Settings\pso\Cookies\[email protected][1].txt
C:\Documents and Settings\pso\Cookies\pso@atdmt[1].txt
C:\Documents and Settings\pso\Cookies\[email protected][2].txt
C:\Documents and Settings\pso\Cookies\[email protected][1].txt
C:\Documents and Settings\pso\Cookies\[email protected][1].txt
C:\Documents and Settings\pso\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\pso\Cookies\system@apmebf[2].txt
C:\Documents and Settings\pso\Cookies\system@advertise[2].txt
C:\Documents and Settings\pso\Cookies\[email protected][2].txt
C:\Documents and Settings\pso\Cookies\[email protected][1].txt
C:\Documents and Settings\pso\Cookies\system@pro-market[1].txt
C:\Documents and Settings\pso\Cookies\[email protected][1].txt
C:\Documents and Settings\pso\Cookies\[email protected][2].txt
C:\Documents and Settings\pso\Cookies\[email protected][1].txt
C:\Documents and Settings\pso\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\pso\Cookies\[email protected][3].txt
C:\Documents and Settings\pso\Cookies\[email protected][1].txt
C:\Documents and Settings\pso\Cookies\[email protected][2].txt
C:\Documents and Settings\pso\Cookies\system@advertising[2].txt
C:\Documents and Settings\pso\Cookies\[email protected][2].txt
.adinterax.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\jl9ui532.default\cookies.sqlite ]
vitamine.networldmedia.net [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\X8S2GHZW ]
C:\Documents and Settings\LocalService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\LocalService\Cookies\system@mediabrandsww[1].txt
media.wholesite.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\9W29EWAD ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\9W29EWAD ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\9W29EWAD ]
vitamine.networldmedia.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\9W29EWAD ]
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\system@kantarmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@onlinesocialmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][4].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
.adinterax.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.adcentriconline.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.richmedia.yahoo.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
rbc.bridgetrack.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.www.burstnet.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
www.burstnet.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
www.adftrack.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\pso\Application Data\Mozilla\Firefox\Profiles\9mp1r9r5.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\tso\Application Data\Mozilla\Firefox\Profiles\z2u6jnhh.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\tso\Application Data\Mozilla\Firefox\Profiles\z2u6jnhh.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\tso\Application Data\Mozilla\Firefox\Profiles\z2u6jnhh.default\cookies.sqlite ]
.kaspersky.122.2o7.net [ C:\Documents and Settings\tso\Application Data\Mozilla\Firefox\Profiles\z2u6jnhh.default\cookies.sqlite ]
C:\Documents and Settings\tso\Cookies\tso@2o7[1].txt
C:\Documents and Settings\tso\Cookies\tso@adinterax[2].txt
C:\Documents and Settings\tso\Cookies\[email protected][1].txt
C:\Documents and Settings\tso\Cookies\[email protected][2].txt
C:\Documents and Settings\tso\Cookies\tso@atdmt[2].txt
C:\Documents and Settings\tso\Cookies\[email protected][2].txt
C:\Documents and Settings\tso\Cookies\tso@doubleclick[2].txt
C:\Documents and Settings\tso\Cookies\tso@imrworldwide[2].txt
C:\Documents and Settings\tso\Cookies\tso@serving-sys[1].txt
Backdoor.Bot[ZBot]
HKU\S-1-5-21-1454471165-1788223648-725345543-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7}
Malware.Trace
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
HKU\S-1-5-21-1454471165-1788223648-725345543-1011\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP2\A0017065.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP2\A0017066.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6B8AF62-5D30-432E-B286-E52F1C27AF8B}\RP2\A0017067.EXE
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5781
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2/16/2011 9:00:40 PM
mbam-log-2011-02-16 (21-00-40).txt
Scan type: Full scan (C:\|)
Objects scanned: 343581
Time elapsed: 48 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\adShotHlpr.adShotHlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adShotHlpr.adShotHlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Agent) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Value: bk -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
2011/02/16 21:05:09.0812 1176 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/16 21:05:10.0140 1176 ================================================================================
2011/02/16 21:05:10.0140 1176 SystemInfo:
2011/02/16 21:05:10.0140 1176
2011/02/16 21:05:10.0140 1176 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/16 21:05:10.0140 1176 Product type: Workstation
2011/02/16 21:05:10.0140 1176 ComputerName: VIVIANSCOMPUTER
2011/02/16 21:05:10.0140 1176 UserName: pso
2011/02/16 21:05:10.0140 1176 Windows directory: C:\WINDOWS
2011/02/16 21:05:10.0140 1176 System windows directory: C:\WINDOWS
2011/02/16 21:05:10.0140 1176 Processor architecture: Intel x86
2011/02/16 21:05:10.0140 1176 Number of processors: 2
2011/02/16 21:05:10.0140 1176 Page size: 0x1000
2011/02/16 21:05:10.0140 1176 Boot type: Normal boot
2011/02/16 21:05:10.0140 1176 ================================================================================
2011/02/16 21:05:10.0281 1176 Initialize success
2011/02/16 21:05:15.0171 2992 ================================================================================
2011/02/16 21:05:15.0171 2992 Scan started
2011/02/16 21:05:15.0171 2992 Mode: Manual;
2011/02/16 21:05:15.0171 2992 ================================================================================
2011/02/16 21:05:16.0687 2992 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/02/16 21:05:16.0781 2992 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/16 21:05:16.0812 2992 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/16 21:05:16.0859 2992 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2011/02/16 21:05:16.0906 2992 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/16 21:05:16.0968 2992 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/16 21:05:17.0093 2992 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/02/16 21:05:17.0234 2992 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/02/16 21:05:17.0281 2992 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/02/16 21:05:17.0328 2992 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/02/16 21:05:17.0359 2992 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/02/16 21:05:17.0390 2992 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/02/16 21:05:17.0406 2992 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/02/16 21:05:17.0421 2992 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/16 21:05:17.0437 2992 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/16 21:05:17.0484 2992 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/16 21:05:17.0531 2992 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/16 21:05:17.0593 2992 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/16 21:05:17.0671 2992 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/16 21:05:17.0687 2992 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/16 21:05:17.0718 2992 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/16 21:05:17.0750 2992 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/16 21:05:17.0781 2992 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/16 21:05:17.0921 2992 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/16 21:05:17.0968 2992 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/16 21:05:17.0984 2992 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/16 21:05:18.0015 2992 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/16 21:05:18.0046 2992 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/16 21:05:18.0093 2992 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/16 21:05:18.0156 2992 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/16 21:05:18.0187 2992 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/16 21:05:18.0203 2992 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/16 21:05:18.0265 2992 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/16 21:05:18.0312 2992 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/16 21:05:18.0359 2992 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
2011/02/16 21:05:18.0375 2992 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/16 21:05:18.0390 2992 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/16 21:05:18.0453 2992 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/16 21:05:18.0515 2992 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/16 21:05:18.0546 2992 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/16 21:05:18.0625 2992 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/16 21:05:18.0687 2992 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/16 21:05:18.0718 2992 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/16 21:05:18.0734 2992 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/16 21:05:18.0781 2992 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/16 21:05:18.0859 2992 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/16 21:05:18.0875 2992 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/16 21:05:19.0062 2992 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/16 21:05:19.0250 2992 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/16 21:05:19.0281 2992 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/16 21:05:19.0312 2992 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/16 21:05:19.0328 2992 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/16 21:05:19.0343 2992 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/16 21:05:19.0359 2992 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/16 21:05:19.0406 2992 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/16 21:05:19.0453 2992 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/16 21:05:19.0484 2992 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/16 21:05:19.0531 2992 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/16 21:05:19.0562 2992 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/16 21:05:19.0640 2992 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
2011/02/16 21:05:19.0687 2992 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
2011/02/16 21:05:19.0718 2992 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
2011/02/16 21:05:19.0781 2992 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/02/16 21:05:19.0843 2992 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/16 21:05:19.0859 2992 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/16 21:05:19.0890 2992 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/16 21:05:19.0937 2992 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/16 21:05:19.0953 2992 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/16 21:05:19.0984 2992 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/16 21:05:20.0031 2992 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/16 21:05:20.0062 2992 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/16 21:05:20.0109 2992 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/16 21:05:20.0125 2992 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/16 21:05:20.0140 2992 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/16 21:05:20.0156 2992 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/16 21:05:20.0187 2992 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/16 21:05:20.0203 2992 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/16 21:05:20.0234 2992 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/16 21:05:20.0281 2992 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/16 21:05:20.0312 2992 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/16 21:05:20.0359 2992 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/16 21:05:20.0375 2992 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/16 21:05:20.0390 2992 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/16 21:05:20.0421 2992 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/16 21:05:20.0453 2992 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/16 21:05:20.0484 2992 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/16 21:05:20.0531 2992 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/16 21:05:20.0562 2992 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/16 21:05:20.0625 2992 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/16 21:05:20.0796 2992 nv (8e6c08918dd6af8403cc24969582761a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/16 21:05:20.0921 2992 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/02/16 21:05:20.0937 2992 nvgts (a117466b0acb13288deee4f2e936e67f) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/02/16 21:05:20.0953 2992 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/02/16 21:05:20.0984 2992 nvsmu (03dbb885deae94f06c06ec06acdb8b47) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2011/02/16 21:05:21.0015 2992 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/16 21:05:21.0031 2992 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/16 21:05:21.0093 2992 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/16 21:05:21.0109 2992 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/16 21:05:21.0125 2992 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/16 21:05:21.0140 2992 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/16 21:05:21.0203 2992 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/16 21:05:21.0250 2992 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/16 21:05:21.0281 2992 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/02/16 21:05:21.0406 2992 pepifilter (16bc447de474a9e125db39806714f1e1) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/02/16 21:05:21.0500 2992 PID_08A0 (7a31b09c7f037a1217b658465f19bbce) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
2011/02/16 21:05:21.0578 2992 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/16 21:05:21.0625 2992 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/16 21:05:21.0640 2992 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/16 21:05:21.0656 2992 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/16 21:05:21.0750 2992 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/16 21:05:21.0781 2992 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/16 21:05:21.0796 2992 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/16 21:05:21.0812 2992 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/16 21:05:21.0859 2992 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/16 21:05:21.0875 2992 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/16 21:05:21.0906 2992 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/16 21:05:21.0953 2992 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/16 21:05:22.0000 2992 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/16 21:05:22.0109 2992 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/16 21:05:22.0125 2992 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/16 21:05:22.0171 2992 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/16 21:05:22.0218 2992 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/16 21:05:22.0250 2992 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/16 21:05:22.0296 2992 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/16 21:05:22.0359 2992 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/16 21:05:22.0421 2992 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/16 21:05:22.0484 2992 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
2011/02/16 21:05:22.0515 2992 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/16 21:05:22.0546 2992 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/16 21:05:22.0609 2992 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/16 21:05:22.0656 2992 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/16 21:05:22.0671 2992 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/16 21:05:22.0765 2992 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/16 21:05:22.0828 2992 Tcpip (4afb3b0919649f95c1964aa1fad27d73) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/16 21:05:22.0859 2992 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/16 21:05:22.0890 2992 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/16 21:05:22.0890 2992 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/16 21:05:22.0968 2992 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/16 21:05:23.0046 2992 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/16 21:05:23.0125 2992 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/16 21:05:23.0156 2992 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2011/02/16 21:05:23.0203 2992 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/16 21:05:23.0250 2992 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2011/02/16 21:05:23.0281 2992 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/16 21:05:23.0312 2992 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/16 21:05:23.0343 2992 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2011/02/16 21:05:23.0375 2992 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/16 21:05:23.0437 2992 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/16 21:05:23.0453 2992 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/16 21:05:23.0515 2992 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/16 21:05:23.0546 2992 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/16 21:05:23.0625 2992 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/16 21:05:23.0671 2992 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/16 21:05:23.0734 2992 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/16 21:05:23.0828 2992 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/02/16 21:05:23.0859 2992 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/16 21:05:23.0968 2992 ================================================================================
2011/02/16 21:05:23.0968 2992 Scan finished
2011/02/16 21:05:23.0968 2992 ================================================================================
2011/02/16 21:05:39.0234 2132 ================================================================================
2011/02/16 21:05:39.0234 2132 Scan started
2011/02/16 21:05:39.0234 2132 Mode: Manual;
2011/02/16 21:05:39.0234 2132 ================================================================================
2011/02/16 21:05:39.0546 2132 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/02/16 21:05:39.0609 2132 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/16 21:05:39.0656 2132 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/16 21:05:39.0687 2132 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2011/02/16 21:05:39.0734 2132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/16 21:05:39.0796 2132 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/16 21:05:39.0890 2132 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/02/16 21:05:40.0031 2132 ASPI32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\ASPI32.sys
2011/02/16 21:05:40.0078 2132 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/02/16 21:05:40.0109 2132 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/02/16 21:05:40.0156 2132 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/02/16 21:05:40.0171 2132 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
2011/02/16 21:05:40.0203 2132 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/02/16 21:05:40.0234 2132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/16 21:05:40.0250 2132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/16 21:05:40.0281 2132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/16 21:05:40.0328 2132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/16 21:05:40.0390 2132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/16 21:05:40.0468 2132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/16 21:05:40.0500 2132 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/16 21:05:40.0531 2132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/16 21:05:40.0546 2132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/16 21:05:40.0593 2132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/16 21:05:40.0718 2132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/16 21:05:40.0781 2132 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/16 21:05:40.0796 2132 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/16 21:05:40.0812 2132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/16 21:05:40.0843 2132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/16 21:05:40.0890 2132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/16 21:05:40.0937 2132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/16 21:05:40.0968 2132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/16 21:05:40.0984 2132 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/16 21:05:41.0015 2132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/16 21:05:41.0062 2132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/16 21:05:41.0109 2132 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
2011/02/16 21:05:41.0125 2132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/16 21:05:41.0140 2132 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/16 21:05:41.0203 2132 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/16 21:05:41.0250 2132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/16 21:05:41.0281 2132 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/16 21:05:41.0328 2132 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/16 21:05:41.0406 2132 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/02/16 21:05:41.0437 2132 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/02/16 21:05:41.0468 2132 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/02/16 21:05:41.0515 2132 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/16 21:05:41.0562 2132 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/16 21:05:41.0609 2132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/16 21:05:41.0781 2132 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/16 21:05:41.0859 2132 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/16 21:05:41.0890 2132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/16 21:05:41.0921 2132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/16 21:05:41.0937 2132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/16 21:05:41.0953 2132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/16 21:05:41.0968 2132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/16 21:05:42.0000 2132 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/16 21:05:42.0062 2132 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/16 21:05:42.0078 2132 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/16 21:05:42.0125 2132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/16 21:05:42.0156 2132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/16 21:05:42.0234 2132 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
2011/02/16 21:05:42.0265 2132 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
2011/02/16 21:05:42.0296 2132 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
2011/02/16 21:05:42.0359 2132 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/02/16 21:05:42.0421 2132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/16 21:05:42.0437 2132 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/16 21:05:42.0453 2132 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/16 21:05:42.0500 2132 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/16 21:05:42.0515 2132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/16 21:05:42.0546 2132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/16 21:05:42.0609 2132 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/16 21:05:42.0625 2132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/16 21:05:42.0671 2132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/16 21:05:42.0687 2132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/16 21:05:42.0703 2132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/16 21:05:42.0734 2132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/16 21:05:42.0781 2132 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/16 21:05:42.0796 2132 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/16 21:05:42.0812 2132 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/16 21:05:42.0859 2132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/16 21:05:42.0890 2132 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/16 21:05:42.0921 2132 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/16 21:05:42.0953 2132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/16 21:05:42.0953 2132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/16 21:05:43.0000 2132 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/16 21:05:43.0015 2132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/16 21:05:43.0062 2132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/16 21:05:43.0109 2132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/16 21:05:43.0156 2132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/16 21:05:43.0218 2132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/16 21:05:43.0390 2132 nv (8e6c08918dd6af8403cc24969582761a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/16 21:05:43.0437 2132 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/02/16 21:05:43.0453 2132 nvgts (a117466b0acb13288deee4f2e936e67f) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/02/16 21:05:43.0468 2132 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/02/16 21:05:43.0500 2132 nvsmu (03dbb885deae94f06c06ec06acdb8b47) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2011/02/16 21:05:43.0546 2132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/16 21:05:43.0562 2132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/16 21:05:43.0609 2132 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/16 21:05:43.0625 2132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/16 21:05:43.0640 2132 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/16 21:05:43.0656 2132 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/16 21:05:43.0718 2132 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/16 21:05:43.0750 2132 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/16 21:05:43.0796 2132 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/02/16 21:05:43.0906 2132 pepifilter (16bc447de474a9e125db39806714f1e1) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/02/16 21:05:44.0000 2132 PID_08A0 (7a31b09c7f037a1217b658465f19bbce) C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
2011/02/16 21:05:44.0078 2132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/16 21:05:44.0093 2132 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/16 21:05:44.0109 2132 PSched&n
-
How many other accounts are there on this computer?
-
there are 6 in total but only 3 are frequently active.
-
there are 6 in total but only 3 are frequently active.
It would be too confusing to try to clean each account in this thread. We should cleanup what we have done on this account and you can post a new thread for each account that is experiencing trouble.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i582.photobucket.com/albums/ss269/Cat_Byte/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
************************************************
Clean out your temporary internet files and temp files.
Download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Double-click TFC.exe to run it.
Note: If you are running on Vista, right-click on the file and choose Run As Administrator
TFC will close all programs when run, so make sure you have saved all your work before you begin.
* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.
Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.
Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.
Remember only install ONE firewall
1) Comodo Personal Firewall (http://www.majorgeeks.com/Comodo_Personal_Firewall_d5033.html) (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor (http://www.majorgeeks.com/Online_Armor_Free_d4872.html)
3) Agnitum Outpost (http://www.majorgeeks.com/Outpost_Firewall_Free_d1056.html)
4) PC Tools Firewall Plus (http://www.majorgeeks.com/PC_Tools_Firewall_Plus_d5470.html)
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
**********************************************
Use the Secunia Software Inspector (http://secunia.com/software_inspector) to check for out of date software.
•Click Start Now
•Check the box next to Enable thorough system inspection.
•Click Start
•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
----------
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
-
Hi,
Thank you for all your help. I will start a new thread for the other users.
-
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.