Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect virus?


  • Please log in to reply
11 replies to this topic

#1 psychedzephyr

psychedzephyr

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 27 April 2009 - 09:27 PM

Hi,

I have been encountering this problem since yesterday when I unfortunately downloaded some dodgy file. These problems include:
a) Redirecting me to other websites than what's specified in the link when I use Mozilla.
:thumbsup: Inability to system restore. Whenever I've selected the checkpoint, and click Next, it doesn't proceed.
c) After I restart, this error message comes up from AcereSecurity: "Personal secure disk mount error; please reboot the computer and try again.", followed by another message "encryption and decryption processing failed! "

My friend said that my system files could have been infected but unfortunately he doesn't know how to solve it. I'm using an Acer Aspire 5584WXMi that's running under Windows XP Media Center Edition Version 2002 Service Pack 3. Can anyone here give me a step by step solution to this problem? I'm quite inept when it comes to anything computer-related, so simple explanations would definitely help! Thanks!

Edited by psychedzephyr, 27 April 2009 - 09:32 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 28 April 2009 - 02:20 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 psychedzephyr

psychedzephyr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 28 April 2009 - 04:08 AM

I've installed Malwarebytes but it doesn't open when I double-click on the icon. And I've downloaded Spybot into my computer but when i want to commence the installation, this error message pops up:

Error sending request. The server name or address could not be resolved.


Please tell me this is not serious.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 28 April 2009 - 03:57 PM

Rename this file:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

To something else such as:

abcde.bat

Then double-click the file and see if Malwarebytes will run.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 psychedzephyr

psychedzephyr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 30 April 2009 - 03:04 AM

Thanks for the tip, Budapest. I was able to run the scan. Here's the log.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

30/04/2009 15:00:05
mbam-log-2009-04-30 (15-00-05).txt

Scan type: Quick Scan
Objects scanned: 83306
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 11
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3c59a5e9-85d0-4d3d-9677-18a8894f4e6e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{53981fe8-ba36-4fde-82f1-e038b3c6f96d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3c59a5e9-85d0-4d3d-9677-18a8894f4e6e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{53981fe8-ba36-4fde-82f1-e038b3c6f96d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{3c59a5e9-85d0-4d3d-9677-18a8894f4e6e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{53981fe8-ba36-4fde-82f1-e038b3c6f96d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.83,85.255.112.20 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I have also been encountering other problems despite the ones I mentioned before. For example, everytime when I try to open Microsoft Word by double clickng on the icon, the whole screen turns blue stating that Windows has encountered a serious error, hence forcing me to restart my computer. Also, I have no idea what has happened to my Search page. As you can see, it's now completely blank.

http://www.flickr.com/photos/37903943@N05/?saved=1

Hope to hear a response as soon as possible. Thanks again.

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 30 April 2009 - 04:13 PM

Reboot your computer, run the Malwarebytes full-scan and post the new log.

When you get the blue screen error message copy down the error numbers and post them back here.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 psychedzephyr

psychedzephyr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 01 May 2009 - 08:20 AM

Thanks for your prompt response, Budapest. Here's the error message that appears everytime I try to open Microsoft Word.

http://www.flickr.com/photos/37903943@N05/3491358728/

These are also three of the error messages that appear after restarting:

http://www.flickr.com/photos/37903943@N05/3491351364/
http://www.flickr.com/photos/37903943@N05/3490540571/
http://www.flickr.com/photos/37903943@N05/3491358674/

And here's the log after performing a full scan:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

01/05/2009 21:11:55
mbam-log-2009-05-01 (21-11-55).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 173254
Time elapsed: 30 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Will wait to see what your thoughts are about this. Once again, thanks for helping!

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 01 May 2009 - 03:44 PM

Try this scan:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

Also, check your devices in Device Manager (Start > Run > type "devmgmt.msc" (without the quotes) and press Enter). Look for any "!", "?" or "X" symbols.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 psychedzephyr

psychedzephyr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 11 May 2009 - 02:29 AM

Hi Budapest, sorry for taking so long to get back to you. Have been swamped with uni assignments.

Anyway, I've managed to install SDFix with no fuss and tried to follow the instructions on the link you sent me. But I've hit a brick wall. I couldn't get my laptop into safe mode. I pressed F8 to get to the screen, but everytime I select Safe Mode, 2 things happen:
a) The blue screen pops up again and the computer restarts itself, the next time with this screen:

"We apologize for the inconvenience, but Windows did not start successfully. A recent hardware or software change might have caused this.

If your computer stopped responding, restarted unexpectedly, or was automatically shut down to protect your files and folders, choose Last Known Good Configuration to revert to the most recent settings that worked.

If a previous startup attempt was interrupted due to a power failure or because the Power or Reset button was pressed, or if you aren’t sure what caused the problem, choose Start Windows Normally."

And it gives me the options again, ie Safe Mode, Safe Mode with command prompt etc.

b ) It loads and then this list pops up:

Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\dpti20.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\q11080.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\q11280.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\q112160.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\perc2.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\perc2hib.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\hpn.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\cbidf2k.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\dac2w2k.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\Disk.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\CLASSPNP.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\Drivers\fltmgr.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\sr.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\Drivers\PxHelp20.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\Drivers\Fastfat.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\Drivers\KSecDD.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\Drivers\NDIS.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\sisagp.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\viaagp.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\Drivers\Mup.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\agp440.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\alim1541.sysAlim1541
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\amdagp.sys
Multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\system32\DRIVERS\agpCPQ.sys

After that I have to wait a long while before the same thing happens where it restarts again.


Hope you can help! How do I get into Safe Mode? I can get into Normal Mode just fine.

Edited by psychedzephyr, 11 May 2009 - 02:31 AM.


#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:13 PM

Posted 11 May 2009 - 05:10 AM

For now, try running SDFix in Normal Mode.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 psychedzephyr

psychedzephyr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 28 June 2009 - 11:11 AM

Hi Budapest, sorry for the long delay. Just finished with my exams.

I've run a-squared from EMSI software, Sophos and Kaspersky, all in Normal Mode as I couldn't get into Safe Mode. Couldn't run Norman Malware Cleaner though as it was "not a valid Win32 application".

A) Report for a-squared from EMSI software

a-squared Command Line Scanner - Version 4.5
Last update: 05/06/2009 22:12:21

Scan settings:

Objects: Memory, Traces, Cookies, C:
Scan archives: On
Heuristics: On
ADS Scan: On

Scan start: 05/06/2009 22:13:01

c:\documents and settings\leang zhi xiang\local settings\temp\perflib_perfdata_288.dat detected: Trace.File.StarwareToolbar!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@com[1].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@google.com[1].txt detected: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@atdmt[2].txt detected: Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@serving-sys[2].txt detected: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@tribalfusion[1].txt detected: Trace.TrackingCookie.tribalfusion!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@hitbox[2].txt detected: Trace.TrackingCookie.hitbox!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@doubleclick[2].txt detected: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@ehg-techtarget.hitbox[2].txt detected: Trace.TrackingCookie.ehg-techtarget.hitbox!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@2o7[2].txt detected: Trace.TrackingCookie.2o7!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@adtech[2].txt detected: Trace.TrackingCookie.adtech!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@questionmarket[2].txt detected: Trace.TrackingCookie.questionmarket!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@com[2].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@bs.serving-sys[4].txt detected: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@news.com[1].txt detected: Trace.TrackingCookie.news.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@adtech[3].txt detected: Trace.TrackingCookie.adtech!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@media.zoominfo[2].txt detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@mediaplex[1].txt detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@mediaplex[1].txt detected: Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@stat.dealtime[2].txt detected: Trace.TrackingCookie.stat.dealtime!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@commongate[1].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@dealtime[2].txt detected: Trace.TrackingCookie.dealtime!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@pro-market[1].txt detected: Trace.TrackingCookie.pro-market!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@adserver.adreactor[1].txt detected: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@adserver.adreactor[1].txt detected: Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@fl01.ct2.comclick[1].txt detected: Trace.TrackingCookie.fl01.ct2.comclick!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@247realmedia[2].txt detected: Trace.TrackingCookie.247realmedia!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@angelfire[1].txt detected: Trace.TrackingCookie.angelfire!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@completealbumlyrics[1].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@paycounter[2].txt detected: Trace.TrackingCookie.paycounter!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@doubleclick[1].txt detected: Trace.TrackingCookie.doubleclick!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@tripod[2].txt detected: Trace.TrackingCookie.tripod!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@valueclick[1].txt detected: Trace.TrackingCookie.valueclick!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@indextools[2].txt detected: Trace.TrackingCookie.indextools!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@pop.sing8[1].txt detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@community.channel4[2].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@tribalfusion[3].txt detected: Trace.TrackingCookie.tribalfusion!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@media.sensis.com[2].txt detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@community.tvguide[1].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@rubiconproject[2].txt detected: Trace.TrackingCookie.rub!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@rubyling91.spaces.live[2].txt detected: Trace.TrackingCookie.rub!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@ebay.com[1].txt detected: Trace.TrackingCookie.ebay.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@mediaonenetwork[1].txt detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@popblog.diaryland[2].txt detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@popjustice[2].txt detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@adserver1.w00tmedia[2].txt detected: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@adserver1.w00tmedia[2].txt detected: Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@google.com[2].txt detected: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@server.iad.liveperson[2].txt detected: Trace.TrackingCookie.server.iad.livepers!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@about.commbank.com[1].txt detected: Trace.TrackingCookie.about!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@serving-sys[1].txt detected: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@google.com[8].txt detected: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@smartadserver[2].txt detected: Trace.TrackingCookie.smartadserver!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@specificclick[1].txt detected: Trace.TrackingCookie.specificclick!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@adsremote.scripps[1].txt detected: Trace.TrackingCookie.adsremote!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@google.com[6].txt detected: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@community.slide[2].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@questionmarket[3].txt detected: Trace.TrackingCookie.questionmarket!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@realmedia[2].txt detected: Trace.TrackingCookie.realmedia!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@bs.serving-sys[1].txt detected: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@mediaplex[2].txt detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@mediaplex[2].txt detected: Trace.TrackingCookie.mediaplex!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@google.com[7].txt detected: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@stat.onestat[2].txt detected: Trace.TrackingCookie.stat.onestat!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@comcast[2].txt detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@advertising[1].txt detected: Trace.TrackingCookie.advertising!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@google.com[9].txt detected: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@popmusic.suite101[2].txt detected: Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@rubiconproject[3].txt detected: Trace.TrackingCookie.rub!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@adserver.easyad[1].txt detected: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@adserver.easyad[1].txt detected: Trace.TrackingCookie.adserver!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@trafficmp[2].txt detected: Trace.TrackingCookie.trafficmp!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@revenue[2].txt detected: Trace.TrackingCookie.revenue!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@hypertracker[1].txt detected: Trace.TrackingCookie.hypertracker!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@adserving.contextualmarketplace[2].txt detected: Trace.TrackingCookie.adserv!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@media6degrees[1].txt detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@landing.domainsponsor[2].txt detected: Trace.TrackingCookie.landing.domainsponsor!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@webtrends.telegraph.co[2].txt detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@serving-sys[3].txt detected: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@media.photobucket[1].txt detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@about[1].txt detected: Trace.TrackingCookie.about!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@statse.webtrendslive[1].txt detected: Trace.TrackingCookie.statse.webtrendslive!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@atdmt[1].txt detected: Trace.TrackingCookie.atdmt!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@google.com[3].txt detected: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@google.com[4].txt detected: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@serving-sys[4].txt detected: Trace.TrackingCookie.serving-sys!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@bs.serving-sys[2].txt detected: Trace.TrackingCookie.bs.serving-sys!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@google.com[5].txt detected: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Cookies\leang_zhi_xiang@google.com[10].txt detected: Trace.TrackingCookie.google.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1231084389156252 detected: Trace.TrackingCookie.cms!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1235801487609375 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1235906299995404 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1235906302370389 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1236702333714984 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1236782931690137 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1237125293955662 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1237304147418007 detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1237560848640625 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1237986923125000 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1238000847609375 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1238153200576206 detected: Trace.TrackingCookie.com!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1238849687218751 detected: Trace.TrackingCookie.zedo!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1238919358859378 detected: Trace.TrackingCookie.cms!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1238934715562500 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1238934716281250 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1239175750921875 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1239859345578125 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1240413596247749 detected: Trace.TrackingCookie.webtrends!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1240490805281250 detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1240490805281251 detected: Trace.TrackingCookie.media!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1240532631953125 detected: Trace.TrackingCookie.humanclick!A2
C:\Documents and Settings\Leang Zhi Xiang\Application Data\Mozilla\Firefox\Profiles\6j8r09mh.default\cookies.sqlite:1240801729718750 detected: Trace.TrackingCookie.com!A2
C:\WINDOWS\Temp\tempo-926190218.tmp detected: Trojan.Alureon!IK
C:\WINDOWS\Temp\tempo-13787296.tmp detected: Trojan.Alureon!IK
C:\Documents and Settings\Leang Zhi Xiang\Local Settings\Temp\tmp28.tmp detected: Trojan.Win32.Alureon!IK
C:\Documents and Settings\Leang Zhi Xiang\Local Settings\Temp\tmp84F.tmp detected: Trojan.Win32.Alureon!IK
C:\Documents and Settings\Leang Zhi Xiang\Desktop\King Of Fighters\Neo.exe detected: Virus.Win32.Trojan!IK
C:\System Volume Information\_restore{B70253F9-5B43-47D0-B5A4-776D3A785FE9}\RP560\A0150561.exe detected: Trojan.Packed!IK

Scanned

Files: 159885
Traces: 402907
Cookies: 4700
Processes: 84

Found

Files: 6
Traces: 1
Cookies: 111
Processes: 0

Quarantined

Files: 6
Traces: 1
Cookies: 106
Processes: 0

Scan end: 05/06/2009 23:30:06
Scan time: 1:17:05

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

B ) Report for Sophos Anti-Virus

Sophos Anti-Virus
Version 4.42.0 [Win32/Intel]
Virus data version 4.42E, June 2009
Includes detection for 785167 viruses, trojans and worms
Copyright © 1989-2009 Sophos Plc, www.sophos.com

System time 00:02:48, System date 06 June 2009
Command line qualifiers are: -f -remove -nc -nb -dn --stop-scan -idedir=C:\SDFix\IDE -p=C:\SDFix\SophosReport.txt

Full Scanning

Could not open LOGICAL:0002:00000000
Could not check C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk (virus scan failed)
Password protected file C:\Documents and Settings\Leang Zhi Xiang\My Documents\My Skype Received Files\Logo Game.xls
Could not check C:\Documents and Settings\Leang Zhi Xiang\Desktop\MOMENTARY FILE\Medicine\Year 1\MGC\sem 1\2.cellular division.doc (corrupt)
>>> Virus 'Troj/Iffy-B' found in file C:\Documents and Settings\Leang Zhi Xiang\Application Data\Sun\Java\Deployment\cache\6.0\17\66cff311-49c216c0
Removal successful
Could not open C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun0.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun1.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun2.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun3.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun4.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun5.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun6.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun7.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun8.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun9.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun10.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun11.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun12.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun13.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun14.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun15.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun16.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun17.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun18.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun19.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun20.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun21.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun22.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun23.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun24.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun25.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun26.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun27.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun28.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun29.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun30.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun31.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun32.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun33.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun34.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun35.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun36.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun37.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun38.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun39.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun40.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun41.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun42.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun43.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun44.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun45.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun46.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun47.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun48.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun49.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun50.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun51.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun52.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun53.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun54.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun55.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun56.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun57.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun58.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun59.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun60.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun61.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun62.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun63.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun64.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun65.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun66.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun67.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun68.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun69.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun70.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun71.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun72.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun73.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun74.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun75.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun76.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun77.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun78.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun79.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun80.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun81.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun82.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun83.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun84.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun85.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun86.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun87.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun88.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun89.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun90.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun91.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun92.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun93.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun94.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun95.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun96.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun97.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun98.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun99.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun100.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun101.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun102.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun103.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun104.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun105.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun106.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun107.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun108.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun109.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun110.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun111.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun112.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun113.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun114.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun115.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun116.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun117.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun118.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun119.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun120.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun121.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun122.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun123.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun124.inf
Removal successful
>>> Virus 'Mal/AutoInf-A' found in file C:\Program Files\Autorun Eater\Autorun Backup\autorun125.inf
Removal successful
Could not check C:\hiberfil.sys (virus scan failed)
Could not open LOGICAL:0003:00000000
Could not check D:\Pendrive\Foundation\New Folder (corrupt)

2 boot sectors swept.
41119 files swept in 39 minutes and 49 seconds.
8 errors were encountered.
127 viruses were discovered.
127 files out of 41119 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
1 encrypted file was not checked.
Ending Sophos Anti-Virus.

#12 psychedzephyr

psychedzephyr
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:13 PM

Posted 28 June 2009 - 12:49 PM

And below is the Systems Report

System Report
*************

Run on 06/06/2009 at 09:25

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [840]
\??\C:\WINDOWS\system32\csrss.exe [896]
\??\C:\WINDOWS\system32\winlogon.exe [920]
C:\WINDOWS\system32\services.exe [964]
C:\WINDOWS\system32\lsass.exe [976]
C:\WINDOWS\system32\svchost.exe [1144]
C:\WINDOWS\system32\svchost.exe [1192]
C:\WINDOWS\System32\svchost.exe [1232]
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [1292]
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1324]
C:\WINDOWS\system32\svchost.exe [1364]
C:\WINDOWS\system32\svchost.exe [1512]
C:\WINDOWS\system32\spoolsv.exe [1912]
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [1960]
C:\WINDOWS\system32\svchost.exe [160]
C:\WINDOWS\system32\WgaTray.exe [252]
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [332]
C:\WINDOWS\Explorer.EXE [400]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [548]
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [584]
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe [656]
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe [672]
C:\Program Files\Bonjour\mDNSResponder.exe [684]
C:\WINDOWS\system32\svchost.exe [736]
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [772]
C:\WINDOWS\eHome\ehRecvr.exe [832]
C:\WINDOWS\eHome\ehSched.exe [888]
C:\Program Files\Java\jre6\bin\jqs.exe [1268]
C:\Program Files\Common Files\LightScribe\LSSrvc.exe [1452]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [1556]
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [1704]
C:\WINDOWS\system32\svchost.exe [1860]
C:\WINDOWS\system32\svchost.exe [2096]
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2284]
C:\WINDOWS\ehome\mcrdsvc.exe [2564]
C:\WINDOWS\system32\wscntfy.exe [2792]
C:\WINDOWS\system32\rundll32.exe [2812]
C:\WINDOWS\ehome\ehtray.exe [2820]
C:\WINDOWS\AGRSMMSG.exe [2916]
C:\WINDOWS\RTHDCPL.EXE [2996]
C:\WINDOWS\eHome\ehmsas.exe [3080]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3112]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [3212]
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe [3248]
C:\WINDOWS\system32\igfxtray.exe [3272]
C:\WINDOWS\system32\hkcmd.exe [3312]
C:\WINDOWS\system32\igfxpers.exe [3336]
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [3396]
C:\WINDOWS\system32\wbem\wmiprvse.exe [3436]
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [3604]
C:\WINDOWS\system32\LVCOMSX.EXE [3656]
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe [3904]
C:\WINDOWS\system32\ElkCtrl.exe [3996]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [4048]
C:\WINDOWS\system32\wbem\wmiprvse.exe [4060]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe [1692]
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2296]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2924]
C:\Program Files\DU Meter\DUMeter.exe [2580]
C:\WINDOWS\system32\wbem\unsecapp.exe [2988]
C:\Program Files\iTunes\iTunesHelper.exe [3308]
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe [2992]
C:\Program Files\Java\jre6\bin\jusched.exe [3508]
C:\Program Files\Autorun Eater\oldmcdonald.exe [3704]
C:\WINDOWS\system32\igfxext.exe [3768]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [3756]
C:\WINDOWS\system32\igfxsrvc.exe [3820]
C:\WINDOWS\system32\ctfmon.exe [3852]
C:\Program Files\Skype\Phone\Skype.exe [3864]
C:\Program Files\Microsoft ActiveSync\wcescomm.exe [1988]
C:\Program Files\Autorun Eater\billy.exe [456]
C:\PROGRA~1\MI3AA1~1\rapimgr.exe [596]
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2388]
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2508]
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2944]
C:\WINDOWS\system32\dllhost.exe [3120]
C:\WINDOWS\system32\wbem\wmiapsrv.exe [3888]
C:\Program Files\iPod\bin\iPodService.exe [4004]
C:\WINDOWS\System32\alg.exe [2720]
C:\Program Files\Skype\Plugin Manager\skypePM.exe [4464]
C:\DOCUME~1\LEANGZ~1\LOCALS~1\Temp\RtkBtMnt.exe [4516]
C:\WINDOWS\system32\NOTEPAD.EXE [4268]
C:\Program Files\Acer\OrbiCam\VideoEffectsWatcher.exe [4020]
C:\Program Files\Mozilla Firefox\firefox.exe [2084]


Drivers - Running:

abp480n5
ACPI
ACPIEC
adpu160m
AegisP
AFD
AgereSoftModem
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
AliIde
alim1541
amdagp
amsint
asc
asc3350p
asc3550
atapi
audstub
Avg7Core
Avg7RsW
Avg7RsXP
AvgClean
Beep
btaudio
BTKRNL
BTSERIAL
cbidf
cd20xrnt
Cdfs
Cdrom
CmBatt
CmdIde
Compbatt
Cpqarray
dac2w2k
dac960nt
Disk
DKbFltr
dpti2o
eeCtrl
EpmPsd
EpmShd
Fastfat
Fips
FltMgr
Ftdisk
GEARAspiWDM
Gpc
HDAudBus
hpn
HTTP
i2omgmt
i2omp
i8042prt
ialm
Imapi
ini910u
int15
IntcAzAudAddService
IntelIde
intelppm
IpNat
IPSec
irda
isapnp
Kbdclass
kmixer
KSecDD
LVPrcMon
mnmdd
Modem
Mouclass
MountMgr
mraid35x
MRxDAV
MRxSmb
Msfs
mssmbios
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBIOS
NetBT
Npfs
NTIDrvr
Null
ohci1394
PartMgr
PCI
PCIIde
Pcmcia
perc2
perc2hib
PptpMiniport
PSched
psdfilter
psdvdisk
Ptilink
PxHelp20
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rasirda
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
rdpdr
redbook
s24trans
sisagp
Sparrow
sr
Srv
swenum
symc810
symc8xx
symlcbrd
sym_hi
sym_u3
SynTP
sysaudio
Tcpip
TermDD
tifm21
TosIde
tvicport
UBHelper
ultra
Update
usbehci
usbhub
usbuhci
VgaSave
viaagp
ViaIde
VolSnap
w39n51
Wanarp
wdmaud
WmiAcpi
yukonwxp
zntport


Drivers - Stopped:

Abiosdsk
aec
Arp1394
AsyncMac
Atdisk
Atmarpc
bfturboh
BTDriver
BthEnum
BthPan
BTHPORT
BTHUSB
BTWDNDIS
BTWUSB
cbidf2k
CCDECODE
Cdaudio
Changer
DgiVecp
dmboot
dmio
dmload
DMusic
drmkaud
Fdc
Flpydisk
HidUsb
Ip6Fw
IpFilterDriver
IpInIp
IRENUM
kbdhid
lbrtfdc
lv321av
lvmvdrv
LVUSBSta
MHNDRV
mouhid
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
n558
NABTSFEC
NdisIP
NIC1394
NPF
NSCIRDA
Ntfs
NwlnkFlt
NwlnkFwd
Parport
ParVdm
PCIDump
PDCOMP
PDFRAME
PDRELI
PDRFRAME
RDPWD
RFCOMM
Secdrv
serenum
Serial
Sfloppy
Simbad
SLIP
splitter
streamip
swmidi
TDPIPE
TDTCP
Udfs
usbccgp
usbprint
USBSTOR
usb_rndisx
wceusbsh
WDICA
WSTCODEC
WudfPf
WudfRd


Services - Running:

AcerMemUsageCheckService
ALG
Apple
AudioSrv
Automatic
Avg7Alrt
Avg7UpdSvc
Bonjour
Browser
BthServ
btwdins
COMSysApp
CryptSvc
DcomLaunch
Dhcp
Dnscache
ehRecvr
ehSched
ERSvc
Eventlog
EventSystem
EvtEng
FastUserSwitchingCompatibility
helpsvc
HidServ
iPod
Irmon
JavaQuickStarterService
lanmanserver
lanmanworkstation
LightScribeService
LiveUpdate
LmHosts
LVPrcSrv
McrdSvc
Netman
Nla
PlugPlay
PolicyAgent
ProtectedStorage
RasMan
RegSrvc
RemoteRegistry
RpcSs
S24EventMonitor
SamSs
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
Spooler
srservice
SSDPSRV
stisvc
Symantec
TapiSrv
TermService
Themes
TrkWks
W32Time
WebClient
winmgmt
WmiApSrv
wscsvc
wuauserv
WZCSVC


Services - Stopped:

Adobe
Alerter
AppMgmt
aspnet_state
BITS
CiSvc
ClipSrv
dmadmin
dmserver
Dot3svc
EapHost
Fax
hkmsvc
HTTPFilter
IDriverT
ImapiService
LiveUpdate
Messenger
MHN
Microsoft
mnmsrvc
MSDTC
MSIServer
napagent
navapsvc
NetDDE
NetDDEdsdm
Netlogon
NtLmSsp
NtmsSvc
odserv
ose
RasAuto
RDSessMgr
RemoteAccess
RpcLocator
RSVP
SCardSvr
SM_ml1600_FUService
SwPrv
SysmonLog
TlntSvr
upnphost
UPS
usnjsvc
VSS
WLSetupSvc
WmdmPmSN
Wmi
WMPNetworkSvc
WSearch
WudfSvc
xmlprov


Files Created/Modified - 60 Days:


C:\

5 Jun 2009 21:12:06 1,598,029,824 A.SH. "C:\pagefile.sys"
11 May 2009 15:52:54 1,063,436,288 A.SH. "C:\hiberfil.sys"


C:\WINDOWS\

5 Jun 2009 21:12:14 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
5 Jun 2009 20:53:44 12 A.... "C:\WINDOWS\bthservsdp.dat"
27 Apr 2009 18:24:22 753,664 A.... "C:\WINDOWS\~DF425D.tmp"
27 Apr 2009 18:24:22 512 A.... "C:\WINDOWS\~DF4272.tmp"
27 Apr 2009 18:24:26 704,512 A.... "C:\WINDOWS\~DF5161.tmp"
27 Apr 2009 18:24:28 512 A.... "C:\WINDOWS\~DF518B.tmp"
1 May 2009 20:14:56 90,112 A.... "C:\WINDOWS\DUMP3827.tmp"
11 May 2009 14:37:06 90,112 A.... "C:\WINDOWS\DUMP3884.tmp"
11 May 2009 15:31:12 90,112 A.... "C:\WINDOWS\DUMP3828.tmp"
6 Apr 2009 13:27:54 144,792 A.... "C:\WINDOWS\system32\java.exe"
6 Apr 2009 13:27:54 144,792 A.... "C:\WINDOWS\system32\javaw.exe"
6 Apr 2009 13:27:54 148,888 A.... "C:\WINDOWS\system32\javaws.exe"
6 Apr 2009 13:27:54 410,984 A.... "C:\WINDOWS\system32\deploytk.dll"
7 May 2009 15:16:30 24,699,336 A.... "C:\WINDOWS\system32\MRT.exe"
27 Apr 2009 1:18:48 33,792 A.SHR "C:\WINDOWS\Temp\13783671.tmp"
6 Jun 2009 9:24:56 0 A.... "C:\WINDOWS\Temp\scsB.tmp"
5 Jun 2009 21:12:16 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
6 Apr 2009 15:32:54 38,496 A.... "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"
6 Apr 2009 15:32:46 15,504 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
21 Apr 2009 9:43:04 16,384 A.... "C:\WINDOWS\Temp\Cookies\index.dat"
21 Apr 2009 9:43:04 49,152 A.... "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat"
21 Apr 2009 9:43:04 16,384 A.... "C:\WINDOWS\Temp\History\History.IE5\index.dat"


C:\Program Files\

29 Apr 2009 18:11:44 9,756,664 A.... "C:\Program Files\Mozilla Firefox\xul.dll"
29 Apr 2009 18:11:42 17,912 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"
29 Apr 2009 18:11:42 242,168 A.... "C:\Program Files\Mozilla Firefox\updater.exe"
29 Apr 2009 18:11:42 136,696 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"
29 Apr 2009 18:11:42 395,768 A.... "C:\Program Files\Mozilla Firefox\sqlite3.dll"
29 Apr 2009 18:11:42 151,552 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"
29 Apr 2009 18:11:42 103,928 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"
29 Apr 2009 18:11:42 17,400 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"
29 Apr 2009 18:11:42 20,472 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"
29 Apr 2009 18:11:42 87,544 A.... "C:\Program Files\Mozilla Firefox\nssutil3.dll"
29 Apr 2009 18:11:42 103,928 A.... "C:\Program Files\Mozilla Firefox\nssdbm3.dll"
29 Apr 2009 18:11:42 292,344 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"
29 Apr 2009 18:11:42 718,328 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"
29 Apr 2009 18:11:42 198,136 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"
29 Apr 2009 18:11:42 710,136 A.... "C:\Program Files\Mozilla Firefox\mozcrt19.dll"
29 Apr 2009 18:11:42 697,336 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"
29 Apr 2009 18:11:42 233,472 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"
29 Apr 2009 18:11:42 307,704 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"
29 Apr 2009 18:11:42 185,848 A.... "C:\Program Files\Mozilla Firefox\crashreporter.exe"
29 Apr 2009 18:11:42 17,400 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
28 Apr 2009 1:21:56 2,403 A.... "C:\Program Files\Autorun Eater\unins000.dat"
28 Apr 2009 1:21:46 712,473 A.... "C:\Program Files\Autorun Eater\unins000.exe"
28 Apr 2009 11:32:52 9,110 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat"
28 Apr 2009 11:32:12 690,832 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
6 Apr 2009 15:32:44 73,360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"
6 Apr 2009 15:32:46 380,048 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe"
6 Apr 2009 15:32:44 1,277,584 A.... "C:\Program Files\Malwarebytes' Anti-Malware\abcde.bat"
6 Apr 2009 15:32:46 73,360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
6 Apr 2009 15:32:50 77,968 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"
6 Apr 2009 15:32:48 44,688 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
6 Apr 2009 15:32:48 401,040 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"
6 Apr 2009 15:32:48 179,856 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
6 Jun 2009 8:33:52 72 A.... "C:\Program Files\Symantec\LiveUpdate\ludirloc.dat"
17 Apr 2009 3:42:00 8,041,848 A.... "C:\Program Files\Microsoft Office\Office12\PPCORE.DLL"
6 Apr 2009 13:27:54 994 A.... "C:\Program Files\Java\jre6\Welcome.html"
28 Apr 2009 0:15:38 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"
29 Apr 2009 18:11:42 23,032 A.... "C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll"
29 Apr 2009 18:11:42 134,648 A.... "C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll"
29 Apr 2009 18:11:42 509,544 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
6 Apr 2009 13:27:54 410,984 A.... "C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll"
29 Apr 2009 18:11:42 65,528 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"
6 Apr 2009 13:27:54 1,208,320 A.... "C:\Program Files\Java\jre6\bin\awt.dll"
6 Apr 2009 13:27:54 114,688 A.... "C:\Program Files\Java\jre6\bin\axbridge.dll"
6 Apr 2009 13:27:54 192,512 A.... "C:\Program Files\Java\jre6\bin\cmm.dll"
6 Apr 2009 13:27:54 143,360 A.... "C:\Program Files\Java\jre6\bin\dcpr.dll"
6 Apr 2009 13:27:54 77,824 A.... "C:\Program Files\Java\jre6\bin\deploy.dll"
6 Apr 2009 13:27:54 410,984 A.... "C:\Program Files\Java\jre6\bin\deploytk.dll"
6 Apr 2009 13:27:54 16,896 A.... "C:\Program Files\Java\jre6\bin\dt_shmem.dll"
6 Apr 2009 13:27:54 13,312 A.... "C:\Program Files\Java\jre6\bin\dt_socket.dll"
6 Apr 2009 13:27:54 339,968 A.... "C:\Program Files\Java\jre6\bin\fontmanager.dll"
6 Apr 2009 13:27:54 15,872 A.... "C:\Program Files\Java\jre6\bin\hpi.dll"
6 Apr 2009 13:27:54 139,264 A.... "C:\Program Files\Java\jre6\bin\hprof.dll"
6 Apr 2009 13:27:54 98,304 A.... "C:\Program Files\Java\jre6\bin\instrument.dll"
6 Apr 2009 13:27:54 12,800 A.... "C:\Program Files\Java\jre6\bin\ioser12.dll"
6 Apr 2009 13:27:54 7,680 A.... "C:\Program Files\Java\jre6\bin\j2pcsc.dll"
6 Apr 2009 13:27:54 41,472 A.... "C:\Program Files\Java\jre6\bin\j2pkcs11.dll"
6 Apr 2009 13:27:54 10,240 A.... "C:\Program Files\Java\jre6\bin\jaas_nt.dll"
6 Apr 2009 13:27:54 32,664 A.... "C:\Program Files\Java\jre6\bin\java-rmi.exe"
6 Apr 2009 13:27:54 126,976 A.... "C:\Program Files\Java\jre6\bin\java.dll"
6 Apr 2009 13:27:54 144,792 A.... "C:\Program Files\Java\jre6\bin\java.exe"
6 Apr 2009 13:27:54 58,776 A.... "C:\Program Files\Java\jre6\bin\javacpl.exe"
6 Apr 2009 13:27:54 144,792 A.... "C:\Program Files\Java\jre6\bin\javaw.exe"
6 Apr 2009 13:27:54 148,888 A.... "C:\Program Files\Java\jre6\bin\javaws.exe"
6 Apr 2009 13:27:54 14,336 A.... "C:\Program Files\Java\jre6\bin\java_crw_demo.dll"
6 Apr 2009 13:27:54 5,120 A.... "C:\Program Files\Java\jre6\bin\jawt.dll"
6 Apr 2009 13:27:54 79,256 A.... "C:\Program Files\Java\jre6\bin\jbroker.exe"
6 Apr 2009 13:27:54 36,352 A.... "C:\Program Files\Java\jre6\bin\JdbcOdbc.dll"
6 Apr 2009 13:27:54 167,936 A.... "C:\Program Files\Java\jre6\bin\jdwp.dll"
6 Apr 2009 13:27:54 208,896 A.... "C:\Program Files\Java\jre6\bin\jkernel.dll"
6 Apr 2009 13:27:54 77,824 A.... "C:\Program Files\Java\jre6\bin\jli.dll"
6 Apr 2009 13:27:54 94,208 A.... "C:\Program Files\Java\jre6\bin\jp2iexp.dll"
6 Apr 2009 13:27:54 22,424 A.... "C:\Program Files\Java\jre6\bin\jp2launcher.exe"
6 Apr 2009 13:27:54 8,192 A.... "C:\Program Files\Java\jre6\bin\jp2native.dll"
6 Apr 2009 13:27:54 35,840 A.... "C:\Program Files\Java\jre6\bin\jp2ssv.dll"
6 Apr 2009 13:27:54 147,456 A.... "C:\Program Files\Java\jre6\bin\jpeg.dll"
6 Apr 2009 13:27:54 98,304 A.... "C:\Program Files\Java\jre6\bin\jpicom.dll"
6 Apr 2009 13:27:54 110,592 A.... "C:\Program Files\Java\jre6\bin\jpiexp.dll"
6 Apr 2009 13:27:54 98,304 A.... "C:\Program Files\Java\jre6\bin\jpinscp.dll"
6 Apr 2009 13:27:54 65,536 A.... "C:\Program Files\Java\jre6\bin\jpioji.dll"
6 Apr 2009 13:27:54 126,976 A.... "C:\Program Files\Java\jre6\bin\jpishare.dll"
6 Apr 2009 13:27:54 152,984 A.... "C:\Program Files\Java\jre6\bin\jqs.exe"
6 Apr 2009 13:27:54 54,680 A.... "C:\Program Files\Java\jre6\bin\jqsnotify.exe"
6 Apr 2009 13:27:54 147,456 A.... "C:\Program Files\Java\jre6\bin\jsound.dll"
6 Apr 2009 13:27:54 18,432 A.... "C:\Program Files\Java\jre6\bin\jsoundds.dll"
6 Apr 2009 13:27:54 386,480 A.... "C:\Program Files\Java\jre6\bin\jucheck.exe"
6 Apr 2009 13:27:54 54,680 A.... "C:\Program Files\Java\jre6\bin\jureg.exe"
6 Apr 2009 13:27:54 148,888 A.... "C:\Program Files\Java\jre6\bin\jusched.exe"
6 Apr 2009 13:27:54 33,176 A.... "C:\Program Files\Java\jre6\bin\keytool.exe"
6 Apr 2009 13:27:54 33,176 A.... "C:\Program Files\Java\jre6\bin\kinit.exe"
6 Apr 2009 13:27:54 33,176 A.... "C:\Program Files\Java\jre6\bin\klist.exe"
6 Apr 2009 13:27:54 33,176 A.... "C:\Program Files\Java\jre6\bin\ktab.exe"
6 Apr 2009 13:27:54 18,432 A.... "C:\Program Files\Java\jre6\bin\management.dll"
6 Apr 2009 13:27:54 602,112 A.... "C:\Program Files\Java\jre6\bin\mlib_image.dll"
6 Apr 2009 13:27:54 348,160 A.... "C:\Program Files\Java\jre6\bin\msvcr71.dll"
6 Apr 2009 13:27:54 266,293 A.... "C:\Program Files\Java\jre6\bin\msvcrt.dll"
6 Apr 2009 13:27:54 77,824 A.... "C:\Program Files\Java\jre6\bin\net.dll"
6 Apr 2009 13:27:54 20,480 A.... "C:\Program Files\Java\jre6\bin\nio.dll"
6 Apr 2009 13:27:54 410,984 A.... "C:\Program Files\Java\jre6\bin\npdeploytk.dll"
6 Apr 2009 13:27:54 136,600 A.... "C:\Program Files\Java\jre6\bin\npjpi160_13.dll"
6 Apr 2009 13:27:54 131,072 A.... "C:\Program Files\Java\jre6\bin\npoji610.dll"
6 Apr 2009 13:27:54 8,192 A.... "C:\Program Files\Java\jre6\bin\npt.dll"
6 Apr 2009 13:27:54 33,176 A.... "C:\Program Files\Java\jre6\bin\orbd.exe"
6 Apr 2009 13:27:54 33,176 A.... "C:\Program Files\Java\jre6\bin\pack200.exe"
6 Apr 2009 13:27:54 33,176 A.... "C:\Program Files\Java\jre6\bin\policytool.exe"
6 Apr 2009 13:27:54 5,120 A.... "C:\Program Files\Java\jre6\bin\rmi.dll"
6 Apr 2009 13:27:54 33,176 A.... "C:\Program Files\Java\jre6\bin\rmid.exe"
6 Apr 2009 13:27:54 33,176 A.... "C:\Program Files\Java\jre6\bin\rmiregistry.exe"
6 Apr 2009 13:27:54 33,176 A.... "C:\Program Files\Java\jre6\bin\servertool.exe"
6 Apr 2009 13:27:54 131,072 A.... "C:\Program Files\Java\jre6\bin\splashscreen.dll"
6 Apr 2009 13:27:54 320,920 A.... "C:\Program Files\Java\jre6\bin\ssv.dll"
6 Apr 2009 13:27:54 17,816 A.... "C:\Program Files\Java\jre6\bin\ssvagent.exe"
6 Apr 2009 13:27:54 16,384 A.... "C:\Program Files\Java\jre6\bin\sunmscapi.dll"
6 Apr 2009 13:27:54 33,176 A.... "C:\Program Files\Java\jre6\bin\tnameserv.exe"
6 Apr 2009 13:27:54 245,400 A.... "C:\Program Files\Java\jre6\bin\unicows.dll"
6 Apr 2009 13:27:54 61,440 A.... "C:\Program Files\Java\jre6\bin\unpack.dll"
6 Apr 2009 13:27:54 132,504 A.... "C:\Program Files\Java\jre6\bin\unpack200.exe"
6 Apr 2009 13:27:54 31,744 A.... "C:\Program Files\Java\jre6\bin\verify.dll"
6 Apr 2009 13:27:54 24,701 A.... "C:\Program Files\Java\jre6\bin\w2k_lsa_auth.dll"
6 Apr 2009 13:27:54 110,592 A.... "C:\Program Files\Java\jre6\bin\wsdetect.dll"
6 Apr 2009 13:27:54 47,104 A.... "C:\Program Files\Java\jre6\bin\zip.dll"
6 Apr 2009 13:27:54 2,359,296 A.... "C:\Program Files\Java\jre6\bin\client\jvm.dll"
6 Apr 2009 13:27:54 65,536 A.... "C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll"
6 Apr 2009 13:27:54 348,160 A.... "C:\Program Files\Java\jre6\bin\new_plugin\msvcr71.dll"
6 Apr 2009 13:27:54 410,984 A.... "C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll"
6 Apr 2009 13:27:56 16,801 A.... "C:\Program Files\Java\jre6\lib\deploy\ffjcext.zip"
6 Apr 2009 13:27:56 152,576 A.... "C:\Program Files\Java\jre6\lib\deploy\lzma.dll"
6 Apr 2009 13:27:56 73,728 A.... "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"


Files with hidden attributes:

Thu 3 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Thu 3 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Thu 3 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Thu 3 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Thu 3 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Mon 27 Apr 2009 33,792 A.SHR --- "C:\WINDOWS\Temp\13783671.tmp"
Fri 9 Nov 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 14 Apr 2007 13,555 ...H. --- "C:\Documents and Settings\Leang Zhi Xiang\My Documents\~WRL0003.tmp"
Sun 20 Apr 2008 11,502 ...H. --- "C:\Documents and Settings\Leang Zhi Xiang\Desktop\~WRL1960.tmp"
Thu 5 Mar 2009 2,260,480 A.SH. --- "C:\System Volume Information\_restore{B70253F9-5B43-47D0-B5A4-776D3A785FE9}\RP576\A0153993.exe"
Mon 26 Jan 2009 5,365,592 A.SH. --- "C:\System Volume Information\_restore{B70253F9-5B43-47D0-B5A4-776D3A785FE9}\RP576\A0154017.exe"
Mon 26 Jan 2009 1,740,632 A.SH. --- "C:\System Volume Information\_restore{B70253F9-5B43-47D0-B5A4-776D3A785FE9}\RP576\A0154019.exe"
Tue 16 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 27 Jan 2004 40,544,898 A..H. --- "C:\Documents and Settings\Leang Zhi Xiang\Desktop\King Of Fighter 2003\roms\kof2003.zip"
Wed 11 Mar 2009 387,584 ...H. --- "C:\Documents and Settings\Leang Zhi Xiang\Application Data\Microsoft\Word\~WRL1767.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Leang Zhi Xiang\Application Data\U3\temp\Launchpad Removal.exe"


Program Folders:

C:\Program Files\

Acer
Acer Inc
Adobe
Apple Software Update
Autorun Eater
Bonjour
BUFFALO
Common Files
ComPlus Applications
CyberLink
DU Meter
EnglishOtto
EPSON
GemMaster
Grisoft
InstallShield Installation Information
Intel
Internet Explorer
iPod
iTunes
Java
K-Lite Codec Pack
Launch Manager
Lavasoft
Malwarebytes' Anti-Malware
Messenger
Messenger Plus! Live
Microsoft ActiveSync
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Visual Studio
Microsoft Works
Microsoft.NET
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
NetMeeting
NewTech Infosystems
NJStar Communicator
Online Services
Outlook Express
QuickTime
Real
Realtek
Safari
Samsung ML-2010 Series
Sibelius Software
Skype
Symantec
Synaptics
Trend Micro
Uninstall Information
uTorrent
WIDCOMM
Windows Desktop Search
Windows Live
Windows Live Toolbar
Windows Media Connect 2
Windows Media Player
Windows Mobile Device Handbook
Windows Mobile Resources
Windows NT
Windows Plus
WindowsUpdate
WinPCap
WinRAR
xerox
Xvid
Yahoo!

C:\Program Files\Common Files\

Acer
Adobe
Adobe Systems Shared
Apple
DESIGNER
InstallShield
Java
LightScribe
Logitech
Microsoft Shared
MSSoap
muvee Technologies
NewTech Infosystems
ODBC
Real
Services
Skype
SpeechEngines
Symantec Shared
System
WindowsLiveInstaller


Add/Remove Programs:

GemMaster Mystic
Acer OrbiCam Driver
Adobe Flash Player ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS2
Adobe Shockwave Player
Agere Systems HDA Modem
Autorun Eater v2.3
AVG 7.5
Otto
DU Meter
Microsoft Office Enterprise 2007
EPSON Printer Software
ESC79_D78 User's Guide
Acer GridVista
HijackThis 2.0.2
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
NTI CD & DVD-Maker
EPSON Attach To Email
Acer eDataSecurity Management 2.0.3077
Texas Instruments PCIxx21/x515/xx12 drivers.
High Definition Audio Driver Package - KB888111
Update Rollup 2 for Windows XP Media Center Edition 2005
Hotfix for Windows Media Player 10 (KB903157)
Update for Windows Media Player 10 (KB913800)
Hotfix for Windows XP (KB915800-v4)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows Media Player 6.4 (KB925398)
Windows XP Media Center Edition 2005 KB925766
Update for Windows Media Player 10 (KB926251)
Security Update for Windows Internet Explorer 7 (KB928090)
Hotfix for Windows Media Format 11 SDK (KB929399)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows Internet Explorer 7 (KB939653)
Hotfix for Windows Media Player 11 (KB939683)
Windows Search 4.0
Security Update for Windows XP (KB941569)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows XP (KB946648)
Hotfix for Windows Internet Explorer 7 (KB947864)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows XP (KB952004)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Critical Update for Windows Media Player 11 (KB959772)
Security Update for Windows XP (KB960225)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows XP (KB961373)
Security Update for Windows Internet Explorer 7 (KB963027)
Update for Windows XP (KB967715)
LiveUpdate 3.0 (Symantec Corporation)
Launch Manager
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 1.1
Mozilla Firefox (3.0.10)
Microsoft Compression Client Pack 1.0 for Windows XP
NJStar Communicator
Microsoft National Language Support Downlevel APIs
Intel® PROSet/Wireless Software
Samsung ML-2010 Series
Sibelius 4
Synaptics Pointing Device Driver
BUFFALO INC. DISK FORMATTER
BUFFALO TurboUSB for FLASH/HDD
µTorrent
Windows Genuine Advantage Notifications (KB905474)
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Player 11
Windows Mobile Resources
Windows XP Service Pack 3
WinRAR archiver
Windows Media Format 11 runtime
Windows Media Player 11
Microsoft User-Mode Driver Framework Feature Pack 1.0
Xvid 1.1.3 final uninstall
Yahoo! Toolbar
Yahoo! Toolbar
Symantec KB-DocID:2003093015493306
Security Update for CAPICOM (KB931906)
NTI CD & DVD-Maker
Acer eSettings Management
EPSON Attach To Email
QuickTime
Adobe Photoshop CS2
mProSafe
Java™ 6 Update 13
EPSON Scan Assistant
MSXML 4.0 SP2 (KB927978)
iTunes
WIDCOMM Bluetooth Software
Bonjour
Apple Mobile Device Support
Acer eDataSecurity Management
Windows Live Messenger
Acer ePower Management
Skype™ 3.8
PowerDVD
Apple Software Update
LightScribe 1.4.97.1
Acer ePerformance Management
Acer OrbiCam Software
Adobe Stock Photos 1.0
TIPCI
EPSON Web-To-Page
MSXML 4.0 SP2 (KB954430)
Intel® Graphics Media Accelerator Driver
mPfMgr
Adobe Common File Installer
Microsoft Software Update for Web Folders (English) 12
Microsoft Office Access MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office PowerPoint MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Publisher MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Outlook MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Word MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (French) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proof (Spanish) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Proofing (English) 2007
Microsoft Office Enterprise 2007
Security Update for Microsoft Office Word 2007 (KB956358)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Outlook 2007 Junk Email Filter (kb968503)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Visio 2007 (KB947590)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for 2007 Microsoft Office System (KB951550)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Update for 2007 Microsoft Office System (KB967642)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Microsoft Office InfoPath MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Shared MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office OneNote MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Groove MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Groove Setup Metadata MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Shared Setup Metadata MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Microsoft Office Access Setup Metadata MUI (English) 2007
2007 Microsoft Office Suite Service Pack 1 (SP1)
Windows Live Sign-in Assistant
Microsoft ActiveSync
Sonic Encoders
mXML
Adobe® Photoshop® Album Starter Edition 3.2
Windows Live installer
Acer Empowering Technology
Adobe Reader 8.1.3
NTI Backup NOW! 4.5
OGA Notifier 1.7.0105.35.0
Adobe Bridge 1.0
PowerProducer
PIF DESIGNER
EPSON Easy Photo Print
Acer ePresentation Management
MSXML 4.0 SP2 (KB936181)
Acer eNet Management
Safari
Microsoft .NET Framework 1.1
Acer Screensaver
Windows Live Toolbar
LiveUpdate Notice (Symantec Corporation)
mCore
EPSON File Manager
Adobe Help Center 1.0
Smart Menus (Windows Live Toolbar)
mMHouse
Realtek High Definition Audio Driver
mWlsSafe


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"LaunchApp"="Alaunch"
"AGRSMMSG"="AGRSMMSG.exe"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"ntiMUI"="C:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe"
@=""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe 1"
"Acer ePresentation HPD"="C:\\Acer\\Empowering Technology\\ePresentation\\ePresentation.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Boot"="C:\\Acer\\Empowering Technology\\ePower\\Boot.exe"
"LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechCameraAssistant"="C:\\Program Files\\Acer\\OrbiCam\\CameraAssistant.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Acer\\OrbiCam\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.2\\Apps\\apdproxy.exe\""
"DU Meter"="C:\\Program Files\\DU Meter\\DUMeter.exe"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Samsung Common SM"="\"C:\\WINDOWS\\Samsung\\ComSMMgr\\ssmmgr.exe\" /autorun"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"Autorun Eater"="C:\\Program Files\\Autorun Eater\\oldmcdonald.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"eNMTray.exe"=""
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"updateMgr"="c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 2 AUTO_START

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"FirewallDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]
@=""

@=""


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
windir REG_EXPAND_SZ %SystemRoot%
OS REG_SZ Windows_NT
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"
"midi2"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -requestPending -osint -url \"%1\""

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!


Once again, thanks for your help Budapest!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users