1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Need a Post-Removal check...

Discussion in 'Malware and Virus Removal Archive' started by rthompson, 2010/07/27.

  1. 2010/07/27
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    [Inactive] Need a Post-Removal check...

    My friend went to a site, where he shouldn't have been, and caught some pups and trojans. His Windows (Vista home) password had been changed, and he hadn't made a password reset key. So I scanned his hdd while slaved to mine, using Avast's Boot-Time Scanner. I have the log if needed.

    I used his reinstall disk to reload windows, and set the password to something more secure. Scanned again with avast and found the malicious software in the 'windows.old' file, so i deleted the entire file. Used Ad-Aware to find several more pups, which Ad-Aware removed, and moved on to updating drivers, windows, etc.

    Just need to check my work here, make sure i didn't miss anything. The drive is currently slaved to my hdd.

    Thanks in advance for your time and effort.

    Here are the dds logs:

    DDS


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Richard at 13:22:31.17 on Tue 07/27/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.471 [GMT -4:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Sygate Personal Firewall *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Sygate\SPF\smc.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\HPZipm12.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Richard\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.aol.com/
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Download Guard for Internet Explorer: {20c1a7f0-528e-444f-bac5-5804a61cca7f} - c:\program files\lavasoft\download guard for internet explorer\DownloadGuardBHO.dll
    BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: aTube Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: aTube Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [SmcService] c:\progra~1\sygate\spf\smc.exe -startgui
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265916363842
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\richard\applic~1\mozilla\firefox\profiles\y6a2d51q.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
    FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=62219&p=
    FF - component: c:\documents and settings\richard\application data\mozilla\firefox\profiles\y6a2d51q.default\extensions\{90037cad-93df-4feb-9624-76c8ac58f253}\components\Engine.dll
    FF - plugin: c:\documents and settings\richard\local settings\application data\yahoo!\browserplus\2.9.2\plugins\npybrowserplus_2.9.2.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 16000
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 4095
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 1000000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 1000000
    FF - user.js: dom.disable_window_status_change - true
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    FF - user.js: nglayout.initialpaint.delay - 1000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-26 64288]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-9 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-9 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-9 40384]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-9 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-9 40384]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-19 135664]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-7-6 23456]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-3-31 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
    S4 vsdatant;vsdatant; [x]

    =============== Created Last 30 ================

    2010-07-26 07:02:12 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
    2010-07-26 03:56:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Uninstall
    2010-07-26 03:56:09 0 d-----w- c:\program files\common files\SureThing Shared
    2010-07-26 03:56:08 0 d-----w- c:\program files\Roxio
    2010-07-26 03:54:42 0 d-----w- c:\program files\common files\Sonic Shared
    2010-07-25 20:56:59 274288 ----a-w- c:\windows\system32\mucltui.dll
    2010-07-25 20:56:59 215920 ----a-w- c:\windows\system32\muweb.dll
    2010-07-25 20:56:59 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
    2010-07-25 20:56:48 300 ----a-w- c:\docume~1\richard\applic~1\wklnhst.dat
    2010-07-23 01:53:09 63 ----a-w- c:\windows\mdm.ini
    2010-07-23 01:53:09 376 ----a-w- c:\windows\ODBC.INI
    2010-07-23 01:51:24 0 d-----w- c:\windows\ShellNew
    2010-07-23 01:50:27 0 d-----w- c:\windows\Twain32
    2010-07-23 01:45:23 0 d-----w- c:\program files\Microsoft Works Suite 2001
    2010-07-23 01:18:57 627 ------w- c:\windows\fna00172
    2010-07-23 01:18:48 0 d-----w- c:\program files\FoneSync
    2010-07-19 02:27:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-18 23:20:13 0 d-----w- c:\docume~1\richard\applic~1\OpenOffice.org
    2010-07-18 23:14:38 0 d-----w- c:\program files\OpenOffice.org 3
    2010-07-18 23:14:03 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-07-18 17:13:27 0 d-----w- c:\docume~1\richard\applic~1\iLike
    2010-07-18 17:12:50 0 d-----w- c:\program files\iLike
    2010-07-17 07:09:52 552 ----a-w- c:\windows\system32\d3d8caps.dat
    2010-07-17 06:40:44 0 d-----w- c:\program files\WinPcap
    2010-07-17 06:40:34 0 d-----w- c:\program files\Ask.com
    2010-07-17 06:40:14 0 d-----w- c:\program files\DsNET Corp
    2010-07-17 06:20:58 0 d-----w- c:\program files\Coding4Fun
    2010-07-17 05:40:31 0 d-----w- c:\program files\Naevius Facebook Layouts
    2010-07-14 09:12:23 38848 ----a-w- c:\windows\avastSS.scr
    2010-07-12 00:58:37 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-07-12 00:58:36 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2010-07-12 00:55:48 6784 -c--a-w- c:\windows\system32\dllcache\serscan.sys
    2010-07-12 00:55:48 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
    2010-07-12 00:55:48 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
    2010-07-12 00:55:48 37376 ----a-w- c:\windows\system32\kousd.dll
    2010-07-12 00:55:47 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
    2010-07-12 00:55:47 71680 ----a-w- c:\windows\system32\fnfilter.dll
    2010-07-06 16:29:47 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
    2010-07-06 14:35:44 0 d-----w- c:\program files\AutocompletePro
    2010-07-06 14:35:42 0 d-----w- c:\program files\Free ISO Burn Wizard
    2010-07-06 00:03:35 0 d-----w- c:\program files\Seagate

    ==================== Find3M ====================

    2010-06-04 17:42:57 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

    ============= FINISH: 13:23:24.59 ===============

    Attach


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume4
    Install Date: 1/29/2010 1:20:09 AM
    System Uptime: 7/27/2010 1:12:27 PM (0 hours ago)

    Motherboard: Hewleet-Packard | | Asterope
    Processor: Intel(R) Celeron(R) CPU 2.93GHz | CPU 1 | 2931/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 112 GiB total, 90.264 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is FIXED (NTFS) - 218 GiB total, 199.113 GiB free.
    G: is FIXED (NTFS) - 15 GiB total, 9.272 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Video Controller (VGA Compatible)
    Device ID: PCI\VEN_1002&DEV_5A61&SUBSYS_2A31103C&REV_00\4&1CF2FBB4&0&2808
    Manufacturer:
    Name: Video Controller (VGA Compatible)
    PNP Device ID: PCI\VEN_1002&DEV_5A61&SUBSYS_2A31103C&REV_00\4&1CF2FBB4&0&2808
    Service:

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_2A31103C&REV_81\3&267A616A&0&A0
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_2A31103C&REV_81\3&267A616A&0&A0
    Service:

    ==== System Restore Points ===================

    RP106: 4/29/2010 8:40:30 AM - System Checkpoint
    RP107: 4/30/2010 9:40:31 AM - System Checkpoint
    RP108: 5/1/2010 10:40:30 AM - System Checkpoint
    RP109: 5/2/2010 11:40:31 AM - System Checkpoint
    RP110: 5/3/2010 11:41:36 AM - System Checkpoint
    RP111: 5/4/2010 12:40:31 PM - System Checkpoint
    RP112: 5/5/2010 1:40:31 PM - System Checkpoint
    RP113: 5/6/2010 1:45:42 PM - System Checkpoint
    RP114: 5/7/2010 2:08:28 PM - System Checkpoint
    RP115: 5/7/2010 6:37:42 PM - Installed Microsoft Web Platform Installer 2.0
    RP116: 5/7/2010 7:33:38 PM - Installed Windows XP KB942288-v3.
    RP117: 5/7/2010 7:34:20 PM - Installed Windows XP KB958655-v2.
    RP118: 5/7/2010 8:16:42 PM - Installed %1 %2.
    RP119: 5/9/2010 9:03:54 PM - avast! Free Antivirus Setup
    RP120: 5/9/2010 9:17:46 PM - avast! Free Antivirus Setup
    RP121: 5/14/2010 2:00:23 PM - System Checkpoint
    RP122: 5/15/2010 2:03:09 PM - System Checkpoint
    RP123: 5/16/2010 3:03:09 PM - System Checkpoint
    RP124: 5/17/2010 4:03:10 PM - System Checkpoint
    RP125: 5/18/2010 4:34:25 PM - System Checkpoint
    RP126: 5/19/2010 4:42:33 PM - System Checkpoint
    RP127: 5/21/2010 3:07:15 PM - System Checkpoint
    RP128: 5/22/2010 4:03:09 PM - System Checkpoint
    RP129: 5/23/2010 5:03:10 PM - System Checkpoint
    RP130: 5/24/2010 6:03:09 PM - System Checkpoint
    RP131: 5/25/2010 7:03:09 PM - System Checkpoint
    RP132: 5/26/2010 7:08:59 PM - System Checkpoint
    RP133: 5/27/2010 8:03:09 PM - System Checkpoint
    RP134: 5/28/2010 9:04:15 PM - System Checkpoint
    RP135: 5/29/2010 10:03:09 PM - System Checkpoint
    RP136: 5/31/2010 7:00:50 AM - System Checkpoint
    RP137: 6/1/2010 7:03:09 AM - System Checkpoint
    RP138: 6/2/2010 8:03:09 AM - System Checkpoint
    RP139: 6/3/2010 9:03:09 AM - System Checkpoint
    RP140: 6/6/2010 6:54:15 PM - System Checkpoint
    RP141: 6/7/2010 7:03:12 PM - System Checkpoint
    RP142: 6/8/2010 7:52:22 PM - System Checkpoint
    RP143: 6/11/2010 1:58:11 PM - System Checkpoint
    RP144: 6/12/2010 3:22:07 PM - System Checkpoint
    RP145: 6/13/2010 4:15:05 PM - System Checkpoint
    RP146: 6/14/2010 4:52:21 PM - System Checkpoint
    RP147: 6/15/2010 5:52:22 PM - System Checkpoint
    RP148: 6/16/2010 6:52:22 PM - System Checkpoint
    RP149: 6/17/2010 7:52:22 PM - System Checkpoint
    RP150: 6/18/2010 8:52:21 PM - System Checkpoint
    RP151: 6/19/2010 9:14:56 PM - System Checkpoint
    RP152: 6/20/2010 9:53:26 PM - System Checkpoint
    RP153: 6/23/2010 8:12:44 AM - Software Distribution Service 3.0
    RP154: 6/23/2010 9:23:58 AM - Software Distribution Service 3.0
    RP155: 6/23/2010 9:26:41 AM - Software Distribution Service 3.0
    RP156: 6/25/2010 1:59:40 PM - System Checkpoint
    RP157: 6/26/2010 2:42:01 PM - System Checkpoint
    RP158: 6/27/2010 3:23:21 PM - System Checkpoint
    RP159: 6/28/2010 5:52:23 PM - System Checkpoint
    RP160: 6/29/2010 6:54:00 PM - System Checkpoint
    RP161: 6/30/2010 7:13:31 PM - System Checkpoint
    RP162: 7/1/2010 8:00:26 PM - System Checkpoint
    RP163: 7/2/2010 8:29:38 PM - System Checkpoint
    RP164: 7/3/2010 8:56:03 PM - System Checkpoint
    RP165: 7/5/2010 1:01:45 AM - System Checkpoint
    RP166: 7/5/2010 8:02:00 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP167: 7/5/2010 8:03:34 PM - Installed SeaTools for Windows
    RP168: 7/6/2010 8:27:32 PM - System Checkpoint
    RP169: 7/9/2010 2:01:42 PM - System Checkpoint
    RP170: 7/10/2010 2:59:49 PM - System Checkpoint
    RP171: 7/11/2010 3:22:22 PM - System Checkpoint
    RP172: 7/12/2010 3:30:35 PM - System Checkpoint
    RP173: 7/14/2010 3:24:29 PM - System Checkpoint
    RP174: 7/16/2010 3:07:01 PM - System Checkpoint
    RP175: 7/17/2010 2:20:56 AM - Installed Facebook Developer Toolkit 1.0
    RP176: 7/17/2010 2:33:30 AM - Software Distribution Service 3.0
    RP177: 7/18/2010 4:50:36 AM - System Checkpoint
    RP178: 7/18/2010 7:13:43 PM - Installed Java(TM) 6 Update 18
    RP179: 7/18/2010 7:14:25 PM - Installed OpenOffice.org 3.2
    RP180: 7/18/2010 10:27:20 PM - Installed Java(TM) 6 Update 20
    RP181: 7/19/2010 7:50:43 AM - Removed OpenOffice.org 3.2
    RP182: 7/20/2010 7:56:36 AM - System Checkpoint
    RP183: 7/21/2010 8:56:36 AM - System Checkpoint
    RP184: 7/22/2010 9:01:16 AM - System Checkpoint
    RP185: 7/22/2010 9:09:53 PM - Installed Works Suite OS Pack
    RP186: 7/22/2010 9:16:09 PM - Installed Microsoft Works 6.0
    RP187: 7/22/2010 9:18:16 PM - Installed Works Synchronization
    RP188: 7/22/2010 9:42:57 PM - Removed Microsoft Works 6.0
    RP189: 7/22/2010 9:45:50 PM - Installed Microsoft Works 6.0
    RP190: 7/22/2010 9:50:14 PM - Installed Microsoft Word 2000 SR-1
    RP191: 7/22/2010 9:57:18 PM - Installed Microsoft Works Suite Add-in for Microsoft Word
    RP192: 7/23/2010 10:22:46 PM - System Checkpoint
    RP193: 7/25/2010 6:21:02 AM - System Checkpoint
    RP194: 7/25/2010 4:01:31 PM - Removed Microsoft Works 6.0
    RP195: 7/25/2010 4:04:03 PM - Installed Microsoft Works
    RP196: 7/26/2010 3:00:30 AM - Software Distribution Service 3.0
    RP197: 7/27/2010 3:00:44 AM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    1500
    1500_Help
    1500Trb
    A Ruler for Windows
    Acrobat.com
    Ad-Aware
    Ad-aware 5.83
    Ad-Aware Email Scanner for Outlook
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 6.0
    Adobe Photoshop 7.0
    Adobe Reader 9.3.3
    Adobe SVG Viewer
    Advanced SystemCare 3
    AiO_Scan
    AiOSoftware
    AOL Toolbar
    ASEMCA
    Ask Toolbar
    aTube Catcher
    AutocompletePro
    avast! Free Antivirus
    BCM V.92 56K Modem
    BufferChm
    ClickArt Photo
    Compatibility Pack for the 2007 Office system
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    Destinations
    DeviceManagementQFolder
    DocProc
    Download Guard for Internet Explorer
    Download Updater (AOL LLC)
    DriverAgent by eSupport.com
    eSupportQFolder
    Facebook Developer Toolkit 1.0
    Fax
    FM Screen Capture Codec (Remove Only)
    FoneSync
    Free ISO Burn Wizard 3.6.1.1
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB976272)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB958655-v2)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Image Zone Express
    HP Imaging Device Functions 5.3
    HP PSC & OfficeJet 5.3.B
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.3
    HPProductAssistant
    iLike Sidebar
    Internet Information Services (IIS) 7 Manager
    Java Auto Updater
    Java(TM) 6 Update 20
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Help Viewer 1.0
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft Silverlight 4 Toolkit April 2010
    Microsoft Silverlight 4 Tools for Visual Studio 2010
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Management Studio
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 Policies
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Compact 3.5 SP1 Query Tools English
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server VSS Writer
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual Studio 2005 Toolbox Controls Installer
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Web Developer 2010 Express - ENU
    Microsoft Web Platform Installer 2.0
    Microsoft Word 2000 SR-1
    Microsoft Works
    Microsoft Works 2001 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Mozilla Firefox (3.6.8)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Naevius Facebook Layouts 1.0
    NewCopy
    OpenOffice.org 3.2
    ProductContext
    Readme
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Scan
    ScannerCopy
    SeaTools for Windows
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Service Pack 1 for SQL Server 2008 (KB968369)
    SolutionCenter
    Spybot - Search & Destroy
    Sql Server Customer Experience Improvement Program
    Status
    Sygate Personal Firewall
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB978506)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WCF RIA Services Toolkit
    WCF RIA Services V1.0 for Visual Studio 2010
    Web Deployment Tool
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinPcap 4.1.1
    Works Suite OS Pack
    Works Synchronization
    Yahoo! BrowserPlus 2.9.2

    ==== Event Viewer Messages From Past Week ========

    7/23/2010 2:23:32 AM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
    7/23/2010 2:23:32 AM, error: Service Control Manager [7034] - The avast! Mail Scanner service terminated unexpectedly. It has done this 1 time(s).
    7/23/2010 2:23:32 AM, error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s).

    ==== End Of File ===========================
     
    Last edited: 2010/07/27
    rthompson,
    #1
  2. 2010/07/27
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Since you reinstalled Windows, I don't expect anything malicious on new installation.
    If some files were retained, like "windows.old" folder, I suggest, you run Kaspersky on-line scanner...

    Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
    broni,
    #2


  3. to hide this advert.

  4. 2010/07/28
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    Kapersky scan

    My thoughts exactly broni, as mentioned earlier I did delete the windows.old folder, however I did copy some files from the suspect drive to my hdd, to be transferred back to the original drive. Therefore i went ahead and did the Kapersky OLS, in order to back up the Avast findings, which came up drier than a dinosaur bone.

    KASPERSKY ONLINE SCANNER 7.0: scan report
    Wednesday, July 28, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Tuesday, July 27, 2010 08:05:37
    Records in database: 4196059
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan statistics:
    Objects scanned: 171980
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 04:27:00

    No threats found. Scanned area is clean.

    Selected area has been scanned.

    I did notice during the scan that the JRE needs to be updated, other than that, if you don't see anything in the dds log that needs addressed, we can call this a done deal.

    I thank you very kindly for your expertise and time dealing with this matter. If there is nothing further I will go ahead and close this thread
     
    rthompson,
    #3
  5. 2010/07/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yeah, your Java is one notch behind. Current version is Update 21.

    Other than that, you should be good to go :)
     
    broni,
    #4
  6. 2010/07/28
    rthompson

    rthompson Well-Known Member Thread Starter

    Joined:
    2009/12/22
    Messages:
    330
    Likes Received:
    1
    ok broni,

    thanks again, talk to you on the flip-flop.
     
    rthompson,
    #5
  7. 2010/07/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're welcome :)
     
    broni,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...