Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Security Tool Invasion!


  • Please log in to reply

#1
Sydney34

Sydney34

    Member

  • Member
  • PipPip
  • 19 posts
Hi and oy. My father's old desktop was invaded and occupied by the Security Tool worm 3 days ago. It won't let me do ANYTHING so I'm connecting to the net on my trusty laptop, downloading onto a flash drive, and then operating the desktop in Safe Mode. I've followed all the steps in your Spyware Guide to the best of my ability; the desktop has AVG Free 8.5. Before a friend recommended your site, I had learned about Malwarebytes' Anti-Malware from another site and used it twice before following your guide. So it has removed worms it has found three times, but to no avail. I'll post the 3 logs from Malwarebytyes plus the GMER and 2 OTL, and a message that came up when I rebooted after the third Malwarebytes' scan. Many many thanks for your time and attention! I look forward to your response! Sydney (cyber-challenged in Ireland)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

8/8/2010 10:05:17 PM
mbam-log-2010-08-08 (22-05-17).txt

Scan type: Quick scan
Objects scanned: 126723
Time elapsed: 11 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Carl Conner\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

8/10/2010 11:47:06 PM
mbam-log-2010-08-10 (23-47-06).txt

Scan type: Quick scan
Objects scanned: 126709
Time elapsed: 11 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Carl Conner\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

8/11/2010 10:28:40 PM
mbam-log-2010-08-11 (22-28-40).txt

Scan type: Quick scan
Objects scanned: 125050
Time elapsed: 10 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Carl Conner\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-11 23:00:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Administrator\Local Settings\Temp\pxtdqpod.sys


---- Devices - GMER 1.0.15 ----

Device \Driver\Cdrom \Device\CdRom0 82A601B8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 82A5F0F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 82A5F0F8
Device \Driver\atapi \Device\Ide\IdePort0 82A5F0F8
Device \Driver\atapi \Device\Ide\IdePort1 82A5F0F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 82A5F0F8
Device \Driver\Cdrom \Device\CdRom1 82A601B8
Device \Driver\Cdrom \Device\CdRom2 82A601B8
Device \Driver\axwhisky \Device\Scsi\axwhisky1 82A494A0
Device \Driver\axwhisky \Device\Scsi\axwhisky1Port2Path0Target0Lun0 82A494A0

---- EOF - GMER 1.0.15 ----


OTL logfile created on: 8/11/2010 11:19:53 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = I:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 331.00 Mb Available Physical Memory | 65.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 57.33 Gb Free Space | 76.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3.74 Gb Total Space | 2.42 Gb Free Space | 64.83% Space Free | Partition Type: FAT32

Computer Name: CARL
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/11 23:09:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/11/27 08:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/11 23:09:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/04/20 15:20:25 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/04/14 01:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2003/07/06 12:03:48 | 000,181,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2003/06/10 00:02:12 | 000,894,024 | ---- | M] (Zone Labs Inc.) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2002/07/22 13:50:38 | 000,253,952 | ---- | M] (Executive Software International, Inc.) [Auto | Stopped] -- C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe -- (Diskeeper)
SRV - [2001/12/21 20:36:18 | 000,106,496 | ---- | M] (Ontrack Data International) [On_Demand | Stopped] -- C:\Program Files\Ontrack\Fix-It\mxtask.exe -- (Fix-It Task Manager)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2010/04/17 17:59:39 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/17 17:59:37 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/17 17:59:36 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/17 14:01:18 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2009/09/10 13:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/24 17:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/05/01 00:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/05/01 00:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/05/01 00:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/05/01 00:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/12/11 23:34:52 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/12/11 23:34:50 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/02/22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2003/07/21 14:41:22 | 000,006,912 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2003/07/02 17:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\axwhisky.sys -- (axwhisky)
DRV - [2003/07/02 16:49:52 | 000,124,160 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\axwskbus.sys -- (axwskbus)
DRV - [2003/06/16 16:00:44 | 000,035,340 | ---- | M] (Network Associates, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Network Associates\ThreatScan Agent for ePO\driver\ntbpf.sys -- (ntbpf)
DRV - [2003/06/10 00:02:00 | 000,188,240 | ---- | M] (Zone Labs Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/04/16 14:21:30 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/13 10:19:26 | 000,249,344 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/01/13 10:19:26 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/01/13 10:19:26 | 000,118,422 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/01/13 10:19:26 | 000,022,758 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/01/13 10:19:26 | 000,021,654 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/06/12 13:44:42 | 000,013,300 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002/06/08 16:07:30 | 000,004,480 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002/02/19 17:19:00 | 000,877,517 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/12/21 19:37:46 | 000,057,092 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Ontrack\Fix-It\mxDisk.sys -- (mxDisk)
DRV - [2001/12/16 02:27:34 | 000,536,768 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
DRV - [2001/12/15 21:42:38 | 000,144,512 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/06/29 21:16:00 | 000,155,216 | ---- | M] (TrendMicro) [Kernel | Auto | Stopped] -- C:\Program Files\Ontrack\Fix-It\Tmfilter.sys -- (Tmfilter)
DRV - [2001/06/29 18:21:24 | 000,567,232 | ---- | M] (Trend Micro Incorporated.) [Kernel | Auto | Stopped] -- C:\Program Files\Ontrack\Fix-It\Vsapint.sys -- (Vsapint)
DRV - [2001/06/20 17:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [1995/07/10 02:30:00 | 000,014,592 | ---- | M] (Adaptec) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2001/08/18 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-big.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar_en_2.0.95-big.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe (Lavasoft Sweden)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CopernicPerUserTaskMgr] C:\WINDOWS\System32\CopernicPerUserTaskMgr.exe (Copernic.com)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LTWinModem1] C:\WINDOWS\System32\ltmsg.exe (LUCENT TECHNOLOGIES)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [CopernicPerUserTaskMgr] C:\WINDOWS\System32\CopernicPerUserTaskMgr.exe (Copernic.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe (Headlight Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quick View Plus.lnk = C:\Program Files\Quick View Plus\Program\qvp32.exe (Stellent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe (Zone Labs Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O9 - Extra 'Tools' menuitem : RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7824.0836689815 (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-its51 {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll (Microsoft Corporation)
O18 - Protocol\Handler\msref {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\msref.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Stellent, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/23 20:48:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010/08/11 22:17:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/11 22:17:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/11 22:05:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/11 22:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/08 21:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/08/08 21:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/08 21:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/08 21:48:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/06/24 23:37:49 | 000,000,000 | ---D | C] -- C:\ae263b486d99e48e0dca13628b0f5c
[2010/05/31 17:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/05/31 17:22:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/05/25 23:29:52 | 000,000,000 | ---D | C] -- C:\otNetFX
[2010/05/21 13:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/05/14 00:05:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2003/07/02 17:41:42 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwhisky.sys
[2003/07/02 16:49:52 | 000,124,160 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwskbus.sys

========== Files - Modified Within 90 Days ==========

[2010/08/11 23:20:16 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/08/11 22:45:35 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/08/11 22:45:35 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/08/11 22:42:59 | 000,001,132 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/11 22:39:29 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/11 22:38:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/11 22:37:52 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/08/11 22:36:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/11 22:31:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/11 22:31:51 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/08/11 22:30:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/08/11 22:29:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/11 22:29:34 | 006,352,744 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/11 22:17:31 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 22:04:35 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/08/11 22:04:35 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/08/11 21:10:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/07 17:04:12 | 063,040,759 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/07 16:49:25 | 000,000,334 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/07/30 17:12:56 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/07/15 17:14:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/01 23:17:25 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/25 12:24:19 | 000,558,578 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/25 12:24:19 | 000,482,746 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/25 12:24:19 | 000,085,158 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 16:29:27 | 000,378,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/31 17:28:17 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/31 17:28:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/31 17:24:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/31 17:22:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/05/22 19:31:53 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/05/22 18:38:48 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/05/14 00:05:12 | 000,077,352 | ---- | M] () -- C:\WINDOWS\hpqins05.dat

========== Files Created - No Company Name ==========

[2010/08/11 22:45:35 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/08/11 22:45:35 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/08/11 22:17:31 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 22:04:35 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/08/11 22:04:35 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/05/31 17:22:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/05/13 23:57:02 | 000,077,352 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2010/04/18 19:33:58 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/04/17 14:43:09 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/01/02 18:59:53 | 000,002,696 | ---- | C] () -- C:\WINDOWS\System32\systl32(4).dll
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2003/10/30 13:50:17 | 000,001,801 | ---- | C] () -- C:\WINDOWS\System32\systl32(3).dll
[2003/09/30 19:51:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2003/09/14 20:45:41 | 000,000,087 | ---- | C] () -- C:\WINDOWS\msintl.dll
[2003/09/14 20:33:03 | 000,000,054 | ---- | C] () -- C:\WINDOWS\mstapi32.dll
[2003/08/28 19:37:21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/21 21:30:30 | 000,000,026 | ---- | C] () -- C:\WINDOWS\DfrgUIEx.INI
[2003/08/15 10:39:41 | 000,012,374 | ---- | C] () -- C:\WINDOWS\System32\systl32(2).dll
[2003/08/05 14:19:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2003/08/05 13:19:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2003/08/01 21:33:20 | 000,000,925 | ---- | C] () -- C:\WINDOWS\spamweed.ini
[2003/07/25 20:03:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2003/07/25 20:02:34 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2003/07/25 20:02:33 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2003/07/25 20:02:18 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2003/07/25 20:02:18 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2003/07/25 20:02:13 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2003/07/21 15:13:02 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2003/07/21 14:56:10 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIDBD32.dll
[2003/07/21 14:41:24 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2003/07/19 15:05:49 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2003/07/16 21:01:56 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\909C3B469C.sys
[2003/07/09 22:24:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/07/01 11:16:52 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2003/06/28 16:52:06 | 000,000,641 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2003/06/27 10:27:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/06/15 13:52:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ScanSCSI.INI
[2003/06/14 22:13:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CDCOPY32.INI
[2003/06/14 22:13:03 | 000,000,047 | ---- | C] () -- C:\WINDOWS\Cdmkr32.ini
[2003/06/09 23:46:20 | 000,000,185 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2003/06/09 23:05:14 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2003/06/09 22:06:35 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2003/06/09 22:06:35 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2003/06/09 22:06:35 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2003/06/09 22:06:31 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/05/19 10:36:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hnks.ini
[2003/03/03 18:50:15 | 000,000,011 | ---- | C] () -- C:\WINDOWS\bhtsrc32.dll
[2003/02/08 21:05:34 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/13 14:21:58 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/12/30 20:13:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\PANIC32.dll
[2002/12/30 20:13:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\PANICNT.dll
[2002/12/23 20:49:19 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2002/11/04 20:41:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\CTText.ini
[2002/11/02 18:44:44 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Crazy.ini
[2002/11/02 17:31:03 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2002/11/02 14:50:16 | 000,000,042 | ---- | C] () -- C:\WINDOWS\CT2.ini
[2002/11/02 13:24:04 | 000,000,052 | ---- | C] () -- C:\WINDOWS\CTComm2.ini
[2002/11/02 13:24:04 | 000,000,049 | ---- | C] () -- C:\WINDOWS\TPTest.ini
[2002/11/02 13:24:04 | 000,000,042 | ---- | C] () -- C:\WINDOWS\CT.ini
[2002/11/02 13:21:36 | 000,000,138 | ---- | C] () -- C:\WINDOWS\Crazytalk.ini
[2002/11/02 13:21:35 | 000,000,110 | ---- | C] () -- C:\WINDOWS\CTBugs.ini
[2002/11/02 08:20:56 | 000,001,052 | ---- | C] () -- C:\WINDOWS\TPBugs.ini
[2002/11/02 08:20:56 | 000,000,544 | ---- | C] () -- C:\WINDOWS\CTComm.ini
[2002/11/02 08:20:56 | 000,000,045 | ---- | C] () -- C:\WINDOWS\CrazyTalkBugs.ini
[2002/11/02 08:20:54 | 000,000,195 | ---- | C] () -- C:\WINDOWS\TPBugs2.ini
[2002/11/02 08:20:54 | 000,000,049 | ---- | C] () -- C:\WINDOWS\CTReg.ini
[2002/10/04 14:26:58 | 000,000,097 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2002/09/29 21:04:24 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/09/29 21:03:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/09/29 21:03:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/09/28 22:58:05 | 000,000,459 | ---- | C] () -- C:\WINDOWS\ORS.INI
[2002/09/28 22:18:56 | 000,000,601 | ---- | C] () -- C:\WINDOWS\Oxford.ini
[2002/09/28 22:18:55 | 000,211,285 | ---- | C] () -- C:\WINDOWS\XWI321.DLL
[2002/09/28 22:18:55 | 000,058,759 | ---- | C] () -- C:\WINDOWS\XWI321TE.DLL
[2002/09/28 22:13:51 | 000,000,265 | ---- | C] () -- C:\WINDOWS\harraps.ini
[2002/09/28 22:04:01 | 000,000,333 | ---- | C] () -- C:\WINDOWS\ORIENT.INI
[2002/09/24 20:10:21 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2002/09/24 20:07:35 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2002/09/24 19:22:35 | 000,000,068 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2002/09/23 21:25:12 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/03/26 21:18:27 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/03/21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 13:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 13:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 13:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 13:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 13:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 13:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/21 12:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/20 22:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/03/23 14:46:24 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2003/09/14 10:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ontrack
[2003/07/13 16:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/13 21:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/17 14:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2010/05/22 19:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2010/04/22 19:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/04/22 19:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2003/06/08 09:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\shockwave.com
[2003/09/27 20:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/08/11 22:31:51 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2003/07/09 22:01:50 | 000,320,152 | ---- | M] () -- C:\ASPI.LOG
[2002/09/23 20:48:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/17 16:49:29 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2003/07/24 16:28:25 | 000,007,693 | R--- | M] () -- C:\CLDMA.LOG
[2002/09/23 20:48:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2002/09/23 20:48:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/08/21 11:53:11 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2002/09/23 20:48:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/04/17 16:34:12 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/04/28 23:20:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/11 22:37:52 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/08/08 15:00:03 | 000,000,411 | ---- | M] () -- C:\rkill.log
[2002/11/03 20:25:58 | 000,000,044 | ---- | M] () -- C:\Sampled Audio.wav
[2005/09/29 22:40:44 | 000,002,886 | ---- | M] () -- C:\xPos.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2003/07/21 12:48:19 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/10/20 18:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2000/03/21 11:29:42 | 000,016,840 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\wfxprint2000.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[1999/11/05 14:58:52 | 000,072,704 | ---- | M] () -- C:\WINDOWS\PhotoDeluxe.scr
[2002/11/15 15:36:28 | 000,364,544 | ---- | M] (Simple Star, Inc.) -- C:\WINDOWS\PhotoShow.scr
[2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2003/06/09 18:05:55 | 000,000,560 | ---- | M] () -- C:\Program Files\Global.sw

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2003/07/21 13:38:39 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003/07/21 12:33:12 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2003/07/21 13:38:39 | 016,777,216 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003/07/21 13:38:41 | 004,718,592 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%|bak;true;false;false /fp >

< %systemroot%\system32|bak;true;false;false /fp >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/04/28 23:37:03 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ >
"PingID" = 11 3D FF 4B E1 21 00 49 AE E1 C0 EE FF 83 21 32 [binary data]
"SusClientId" = 6809dce8-01ad-4f57-8a4d-e4220fd9a9d7
"SusClientIdValidation" = 06 02 28 00 00 0E 33 00 48 00 56 00 31 00 4E 00 34 00 54 00 51 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 35 00 51 00 56 00 39 00 47 00 30 00 4A 00 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\IUControl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OemInfo]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup]

< Update\Results\Install|Last SuccessTime /rs >
< End of report >



OTL Extras logfile created on: 8/11/2010 11:19:53 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = I:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 331.00 Mb Available Physical Memory | 65.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 57.33 Gb Free Space | 76.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3.74 Gb Total Space | 2.42 Gb Free Space | 64.83% Space Free | Partition Type: FAT32

Computer Name: CARL
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\HomeMeeting\JoinNet\joinnetu.exe" = C:\Program Files\HomeMeeting\JoinNet\joinnetu.exe:*:Enabled:Meeting Room -- (HomeMeeting)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- File not found
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00219391-BE7F-4D72-907D-232863D1120B}" = DiskeeperWorkstation
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{0B4686AE-A1A7-4477-B8EA-65033218474E}" = CNET Download Manager
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1A6405BA-5BE3-4249-8EEB-AD2EA1E39FF3}" = Windows Application Compatibility Toolkit 2.5
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2673A1E0-687D-11D4-AC17-0050FC01328A}" = CrazyTalk
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3A1421C0-5610-46D4-8283-82F3CA755FDB}" = Roxio PhotoSuite 5
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus® Download Manager for Corel
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{67C5EC16-0DC1-4045-A7FF-D7D0FFA4B54D}" = Microsoft .NET Framework 2.0 Language Pack - CHT
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Santa Cruz
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A9212616-FCA2-4173-BD99-5C741EB3A068}" = Ulead DVD PictureShow 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D666E437-158C-43D0-AC69-F67F6C5EC2B8}" = Trellix Web Express Site Building
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DF792899-325E-4243-BAB3-C5B44B696E1F}" = Ontrack® Fix-It Utilities 4.0
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3436EE2-D5CB-4249-840B-3A0140CC34C1}" = PhoneTools
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{EC1F2687-6922-43E9-A6A5-73D750A8C8CE}" = MediaFACE II
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"ABC Photo Album Software" = ABC Photo Album Software
"Ace Translator" = Ace Translator
"Ad-aware 6 Professional" = Ad-aware 6 Professional
"Add/Remove Plus! 2001" = Add/Remove Plus! 2001
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Advanced DVD Ripper_is1" = Advanced DVD Ripper 5.0
"AVG8Uninstall" = AVG Free 8.5
"Bash_HTML_Editor" = Bash HTML Editor 3.6.5
"Bookshelf 99Z" = Bookshelf 99 ENG
"CatchUp V1.3" = CatchUp V1.3
"CD Wave_is1" = CD Wave Editor version 1.9
"CloneCD" = CloneCD
"Copernic Agent Personal" = Copernic Agent Personal
"Corel Applications" = Corel Applications
"DVDXCopyXpress" = DVDXCopy Xpress 2.0.1
"Easy CD-DA Extractor 5.1" = Easy CD-DA Extractor 5.1
"ERUNT_is1" = ERUNT 1.1j
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"FinalRecovery_is1" = version 1.21
"GetRight" = GetRight
"Google Chrome" = Google Chrome
"HomeMeeting JoinNet 4.4.0" = HomeMeeting JoinNet 4.4.0
"hp deskjet 990c series" = hp deskjet 990c series (Remove only)
"HP Photo Printing Software" = HP Photo Printing Software
"HP Smart Web Printing" = HP Smart Web Printing
"Huawei Modems" = Huawei modem
"ie8" = Windows Internet Explorer 8
"InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{8FDD2A92-9F75-4706-B8C2-08499A9863E6}" = NTI DriveBackup! 3
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD-Maker 6 Platinum
"Kyodai Mahjongg 18.75 (Full package)_is1" = Kyodai
"LTWinModem" = Lucent Win Modem
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0 Language Pack - CHT" = Microsoft .NET Framework 2.0 語言套件 - 繁體中文
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Paint Shop Pro 6" = Paint Shop Pro 6.01 ESD
"PhotoShow 2" = PhotoShow 2
"ProShow Gold" = ProShow Gold
"QVP" = Quick View Plus
"RealPlayer 6.0" = RealOne Player
"Refupdate 2.0" = Refupdate 2.0
"san_pro_2002" = SiSoftware Sandra 2002 Professional
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"SiteLoad_is1" = Trellian SiteLoad v2.0
"SmoothShow 2.0 for Windows" = SmoothShow 2.0 for Windows
"TClockEx_is1" = TClockEx
"ThreatScan 2.5 ePO Add-on" = ThreatScan 2.5 ePO Add-on
"ThreatScan Agent for ePO" = ThreatScan Agent for ePO
"Trellian LiveUpgrade_is1" = Trellian LiveUpgrade v2.0
"Umbro Pro Football" = Umbro Pro Football
"VLC media player" = VideoLAN VLC media player 0.8.1
"Wave Corrector_is1" = Wave Corrector version 2.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"ZoneAlarm Pro" = ZoneAlarm Pro

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/7/2010 7:02:24 PM | Computer Name = CARL | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt,
restoring from backup "C:\WINDOWS\Internet Logs\BACKUP.RDB".

Error - 8/7/2010 7:02:59 PM | Computer Name = CARL | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\CARL.ldb" was corrupt
and has been copied to "C:\WINDOWS\Internet Logs\xDB20.tmp". File "C:\WINDOWS\Internet
Logs\CARL.ldb" was corrupt and has been deleted.

Error - 8/7/2010 7:09:08 PM | Computer Name = CARL | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 8/7/2010 7:09:08 PM | Computer Name = CARL | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 8/8/2010 10:10:07 AM | Computer Name = CARL | Source = Google Update | ID = 20
Description =

Error - 8/10/2010 5:58:17 PM | Computer Name = CARL | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt
and has been copied to "C:\WINDOWS\Internet Logs\xDB21.tmp". File "C:\WINDOWS\Internet
Logs\IAMDB.RDB" was corrupt and has been deleted.

Error - 8/10/2010 5:58:18 PM | Computer Name = CARL | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\IAMDB.RDB" was corrupt,
restoring from backup "C:\WINDOWS\Internet Logs\BACKUP.RDB".

Error - 8/10/2010 5:58:20 PM | Computer Name = CARL | Source = TrueVector Service | ID = 5007
Description = TrueVector engine: File "C:\WINDOWS\Internet Logs\CARL.ldb" was corrupt
and has been copied to "C:\WINDOWS\Internet Logs\xDB22.tmp". File "C:\WINDOWS\Internet
Logs\CARL.ldb" was corrupt and has been deleted.

Error - 8/11/2010 3:10:05 PM | Computer Name = CARL | Source = Google Update | ID = 20
Description =

Error - 8/11/2010 4:10:08 PM | Computer Name = CARL | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8/11/2010 6:22:58 PM | Computer Name = CARL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/11/2010 6:23:02 PM | Computer Name = CARL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/11/2010 6:23:05 PM | Computer Name = CARL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/11/2010 6:23:09 PM | Computer Name = CARL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/11/2010 6:24:05 PM | Computer Name = CARL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/11/2010 6:24:08 PM | Computer Name = CARL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/11/2010 6:24:12 PM | Computer Name = CARL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/11/2010 6:24:16 PM | Computer Name = CARL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/11/2010 6:24:19 PM | Computer Name = CARL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 8/11/2010 6:24:23 PM | Computer Name = CARL | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >



Checking file system on I:
The type of the file system is FAT32.


One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Volume Serial Number is 2831-467D
Convert lost chains to files (Y/N)? Yes
65536 bytes in 1 recovered files.
Windows has made corrections to the file system.

4012900352 bytes total disk space.
1048576 bytes in 32 hidden files.
3244032 bytes in 99 folders.
1405812736 bytes in 1395 files.
2602762240 bytes available on disk.

32768 bytes in each allocation unit.
122464 total allocation units on disk.
79430 allocation units available on disk.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,463 posts
  • MVP
Disable Ad-Watch and leave it disabled until we're done here. See http://aumha.net/vie...hp?f=43&t=38668

Uninstall Zone Alarm for now
Also uninstall
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus® Download Manager for Corel
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

Right click on My Computer and select Manage. Under Services and Applications find the Indexing Service and click STOP. OK

Close the window.

Copy the text in the code box by highlighting and Ctrl + c

:OTL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Ad-watch] C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe (Lavasoft Sweden)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [CopernicPerUserTaskMgr] C:\WINDOWS\System32\CopernicPerUserTaskMgr.exe (Copernic.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe (Headlight Software, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quick View Plus.lnk = C:\Program Files\Quick View Plus\Program\qvp32.exe (Stellent, Inc.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...7824.0836689815 (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ms-its51 {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll (Microsoft Corporation)
O18 - Protocol\Handler\msref {74D92DF3-6D9D-11D1-8B38-006097DBED7A} - C:\Program Files\Common Files\Microsoft Shared\Reference Titles\msref.dll ()
O28 - HKLM ShellExecuteHooks: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - C:\WINDOWS\qvphook.dll (Stellent, Inc.)
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

:Files
C:\Documents and Settings\Carl Conner\Start Menu\Programs\Security Tool.LNK
C:\WINDOWS\System32\systl32(4).dll
C:\WINDOWS\System32\CddbCdda.dll
C:\WINDOWS\System32\systl32(3).dll
C:\WINDOWS\System32\systl32(2).dll
C:\WINDOWS\System32\909C3B469C.sys
   
:Commands
[purity]
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Start >All Programs> Accessories> Command Prompt. Copythe following bolded command, then right click and Paste then hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

If the above doesn't work just doubleclick on the TDSSKiller.exe

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Ron
  • 0

#3
Sydney34

Sydney34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
RKinner, thanks very much for your solution. I'm embarrassed to reveal my computer illiteracy but can't avoid it: Ad-Watch is 6.0 version and much older than the two in your link, so I couldn't figure out how to disable it (after searching for more info on web). I uninstalled it. Is that ok? When I try to uninstall Zone Alarm, I get this message: "Command Line Error Installer control switches must be preceded by a slash not a dash. No switch necessary to refer to configure file. Only one configuration file can be referred per command line." Then I couldn't find Google Toolbar for IE or Microsoft Enhancement Pack...
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,463 posts
  • MVP
Uninstall of Ad-Aware/Ad-Watch is OK.

Not sure what is wrong with Zone Alarm. You might try right clicking on the ZA icon and turn it off first then try to uninstall it. If it won't uninstall we can get rid of it with a Combofix script.

The others can be removed the same way. They showed up in your extras log so should have been in the Add/Remove list. We will get them with the same Combofix script.

Go ahead and run the rest of the programs.

Ron
  • 0

#5
Sydney34

Sydney34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Uninstall of Ad-Aware/Ad-Watch is OK.

Not sure what is wrong with Zone Alarm. You might try right clicking on the ZA icon and turn it off first then try to uninstall it. If it won't uninstall we can get rid of it with a Combofix script.

The others can be removed the same way. They showed up in your extras log so should have been in the Add/Remove list. We will get them with the same Combofix script.

Go ahead and run the rest of the programs.

Ron


  • 0

#6
Sydney34

Sydney34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hey Ron. I couldn't disable AVG so tried to uninstall it but got this message: "Uninstall Failed! Error: Action failed for registry key HKLM\SOFTWARE\MS\WindowsNT\Current Version\Windows:creating registry key....ErrorOx80070005." Disabled Norton I have on my laptop and downloaded ComboFix, copied to flashdrive and ran on infected desktop in Safe Mode anyway. When ComboFix told me AVG might interfere, I pulled out the flashdrive but CF carried on! Soon got this message: "This machine does not have the 'MicroSoft Windows recovery console' installed. Alternatively an existing installation of the recovery console may be present but requires updating. Without it, ComboFix shall not attempt the fixing of some serious infections. Click yes to have ComboFix download and install it." I clicked NO since I was in Safe Mode without an internet connection. Then it said "ComboFix has detected the presence of rootkit activity and needs to reboot the machine." It rebooted and finished the scan. I'm posting all the logs below. Couldn't copy the MBR Check. On it in green was written: "Windows XP MBR code detected." Thanks again for your time. ---Sydney


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{029CA12C-89C1-46a7-A3C7-82F2F98635CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{029CA12C-89C1-46a7-A3C7-82F2F98635CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-watch not found.
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
C:\Program Files\Common Files\Real\Update_OB\realsched.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\CopernicPerUserTaskMgr deleted successfully.
C:\WINDOWS\system32\CopernicPerUserTaskMgr.exe moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk moved successfully.
C:\Program Files\GetRight\getright.exe moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quick View Plus.lnk moved successfully.
C:\Program Files\Quick View Plus\Program\qvp32.exe moved successfully.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-its51\ deleted successfully.
Invalid CLSID key: C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll
File C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss51.dll not found.
C:\Program Files\Common Files\Microsoft Shared\Reference Titles\msref.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msref\ deleted successfully.
Invalid CLSID key: C:\Program Files\Common Files\Microsoft Shared\Reference Titles\msref.dll
File C:\Program Files\Common Files\Microsoft Shared\Reference Titles\msref.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{0cab0400-7395-11d0-a5e5-0020afe2fdd9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0cab0400-7395-11d0-a5e5-0020afe2fdd9}\ deleted successfully.
C:\WINDOWS\qvphook.dll moved successfully.
HidServ removed from NetSvcs value successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
========== FILES ==========
C:\Documents and Settings\Carl Conner\Start Menu\Programs\Security Tool.lnk moved successfully.
C:\WINDOWS\System32\systl32(4).dll moved successfully.
C:\WINDOWS\System32\CddbCdda.dll moved successfully.
C:\WINDOWS\System32\systl32(3).dll moved successfully.
C:\WINDOWS\System32\systl32(2).dll moved successfully.
C:\WINDOWS\System32\909C3B469C.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 373720 bytes
->Temporary Internet Files folder emptied: 70726 bytes

User: All Users

User: Carl Conner
->Temp folder emptied: 5253 bytes
->Temporary Internet Files folder emptied: 52888 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49613 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 148936 bytes

Total Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08132010_211341

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...











OTL logfile created on: 8/14/2010 7:31:33 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = I:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 380.00 Mb Available Physical Memory | 74.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.49 Gb Total Space | 57.32 Gb Free Space | 76.96% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3.74 Gb Total Space | 2.42 Gb Free Space | 64.69% Space Free | Partition Type: FAT32

Computer Name: CARL
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/11 23:09:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/08/11 23:09:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/20 15:20:25 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/04/14 01:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 01:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2003/07/06 12:03:48 | 000,181,312 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2003/06/10 00:02:12 | 000,894,024 | ---- | M] (Zone Labs Inc.) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2002/07/22 13:50:38 | 000,253,952 | ---- | M] (Executive Software International, Inc.) [Auto | Stopped] -- C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe -- (Diskeeper)
SRV - [2001/12/21 20:36:18 | 000,106,496 | ---- | M] (Ontrack Data International) [On_Demand | Stopped] -- C:\Program Files\Ontrack\Fix-It\mxtask.exe -- (Fix-It Task Manager)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\ElbyVCD.sys -- (ElbyVCD)
DRV - [2010/04/17 17:59:39 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/17 17:59:37 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/17 17:59:36 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/17 14:01:18 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2009/09/10 13:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/08/05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/24 17:33:24 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/05/01 00:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/05/01 00:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009/05/01 00:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/05/01 00:00:00 | 000,114,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009/04/30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/12/11 23:34:52 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/12/11 23:34:50 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/02/22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007/02/22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007/02/22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2003/07/21 14:41:22 | 000,006,912 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2003/07/02 17:41:42 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\axwhisky.sys -- (axwhisky)
DRV - [2003/07/02 16:49:52 | 000,124,160 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\axwskbus.sys -- (axwskbus)
DRV - [2003/06/16 16:00:44 | 000,035,340 | ---- | M] (Network Associates, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Network Associates\ThreatScan Agent for ePO\driver\ntbpf.sys -- (ntbpf)
DRV - [2003/06/10 00:02:00 | 000,188,240 | ---- | M] (Zone Labs Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2003/04/16 14:21:30 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/13 10:19:26 | 000,249,344 | ---- | M] (Roxio) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/01/13 10:19:26 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/01/13 10:19:26 | 000,118,422 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/01/13 10:19:26 | 000,022,758 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/01/13 10:19:26 | 000,021,654 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/06/12 13:44:42 | 000,013,300 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2002/06/08 16:07:30 | 000,004,480 | ---- | M] (Elaborate Bytes) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2002/02/19 17:19:00 | 000,877,517 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/12/21 19:37:46 | 000,057,092 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Ontrack\Fix-It\mxDisk.sys -- (mxDisk)
DRV - [2001/12/16 02:27:34 | 000,536,768 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbcwdm.sys -- (tbcwdm)
DRV - [2001/12/15 21:42:38 | 000,144,512 | ---- | M] (Voyetra Turtle Beach) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbcspud.sys -- (tbcspud)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/06/29 21:16:00 | 000,155,216 | ---- | M] (TrendMicro) [Kernel | Auto | Stopped] -- C:\Program Files\Ontrack\Fix-It\Tmfilter.sys -- (Tmfilter)
DRV - [2001/06/29 18:21:24 | 000,567,232 | ---- | M] (Trend Micro Incorporated.) [Kernel | Auto | Stopped] -- C:\Program Files\Ontrack\Fix-It\Vsapint.sys -- (Vsapint)
DRV - [2001/06/20 17:32:54 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [1995/07/10 02:30:00 | 000,014,592 | ---- | M] (Adaptec) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2001/08/18 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (WsftpBrowserHelper Class) - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CopernicPerUserTaskMgr] C:\WINDOWS\System32\CopernicPerUserTaskMgr.exe File not found
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LTWinModem1] C:\WINDOWS\System32\ltmsg.exe (LUCENT TECHNOLOGIES)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe (Zone Labs Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll (Siber Systems)
O9 - Extra 'Tools' menuitem : RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/23 20:48:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/13 20:51:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2010/08/13 20:49:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/08/11 23:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Office Genuine Advantage
[2010/08/11 22:17:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/11 22:17:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/11 22:05:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/11 22:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/08 21:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/08/08 21:50:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/08 21:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/08 21:48:24 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/06/24 23:37:49 | 000,000,000 | ---D | C] -- C:\ae263b486d99e48e0dca13628b0f5c
[2010/05/31 17:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/05/31 17:22:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/05/25 23:29:52 | 000,000,000 | ---D | C] -- C:\otNetFX
[2010/05/21 13:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2003/07/02 17:41:42 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwhisky.sys
[2003/07/02 16:49:52 | 000,124,160 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\axwskbus.sys

========== Files - Modified Within 90 Days ==========

[2010/08/14 19:28:07 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/14 19:26:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/14 19:25:49 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/08/14 19:25:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/13 21:34:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/13 21:27:23 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/08/13 21:27:18 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/13 21:25:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/08/13 21:25:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/08/13 20:42:28 | 000,000,334 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/12 00:42:44 | 006,352,744 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/08/11 22:45:35 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/08/11 22:45:35 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/08/11 22:42:59 | 000,001,132 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/11 22:17:31 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 22:04:35 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/08/11 22:04:35 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/08/11 21:10:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/07 17:04:12 | 063,040,759 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/04 00:41:42 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/30 17:12:56 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/07/01 23:17:25 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/06/25 12:24:19 | 000,558,578 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/25 12:24:19 | 000,482,746 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/25 12:24:19 | 000,085,158 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 16:29:27 | 000,378,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/31 17:28:17 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/31 17:28:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/31 17:24:36 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/31 17:22:09 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/05/22 19:31:53 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/05/22 18:38:48 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys

========== Files Created - No Company Name ==========

[2010/08/11 22:45:35 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/08/11 22:45:35 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/08/11 22:17:31 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/11 22:04:35 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NTREGOPT.lnk
[2010/08/11 22:04:35 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/05/31 17:22:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/04/18 19:33:58 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/04/17 14:43:09 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/08 10:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 16:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2003/09/30 19:51:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2003/09/14 20:45:41 | 000,000,087 | ---- | C] () -- C:\WINDOWS\msintl.dll
[2003/09/14 20:33:03 | 000,000,054 | ---- | C] () -- C:\WINDOWS\mstapi32.dll
[2003/08/28 19:37:21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/08/21 21:30:30 | 000,000,026 | ---- | C] () -- C:\WINDOWS\DfrgUIEx.INI
[2003/08/05 14:19:22 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll
[2003/08/05 13:19:19 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2003/08/01 21:33:20 | 000,000,925 | ---- | C] () -- C:\WINDOWS\spamweed.ini
[2003/07/25 20:03:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2003/07/25 20:02:34 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2003/07/25 20:02:33 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2003/07/25 20:02:18 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2003/07/25 20:02:18 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2003/07/25 20:02:13 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2003/07/21 15:13:02 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2003/07/21 14:56:10 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIDBD32.dll
[2003/07/21 14:41:24 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2003/07/19 15:05:49 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2003/07/09 22:24:34 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/07/01 11:16:52 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2003/06/28 16:52:06 | 000,000,641 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2003/06/27 10:27:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2003/06/15 13:52:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ScanSCSI.INI
[2003/06/14 22:13:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CDCOPY32.INI
[2003/06/14 22:13:03 | 000,000,047 | ---- | C] () -- C:\WINDOWS\Cdmkr32.ini
[2003/06/09 23:46:20 | 000,000,185 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2003/06/09 23:05:14 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2003/06/09 22:06:35 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2003/06/09 22:06:35 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2003/06/09 22:06:35 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2003/06/09 22:06:31 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2003/05/19 10:36:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hnks.ini
[2003/03/03 18:50:15 | 000,000,011 | ---- | C] () -- C:\WINDOWS\bhtsrc32.dll
[2003/02/08 21:05:34 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/13 14:21:58 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/12/30 20:13:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\PANIC32.dll
[2002/12/30 20:13:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\PANICNT.dll
[2002/12/23 20:49:19 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2002/11/04 20:41:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\CTText.ini
[2002/11/02 18:44:44 | 000,000,053 | ---- | C] () -- C:\WINDOWS\Crazy.ini
[2002/11/02 17:31:03 | 000,000,223 | ---- | C] () -- C:\WINDOWS\HP PrecisionScan Pro.INI
[2002/11/02 14:50:16 | 000,000,042 | ---- | C] () -- C:\WINDOWS\CT2.ini
[2002/11/02 13:24:04 | 000,000,052 | ---- | C] () -- C:\WINDOWS\CTComm2.ini
[2002/11/02 13:24:04 | 000,000,049 | ---- | C] () -- C:\WINDOWS\TPTest.ini
[2002/11/02 13:24:04 | 000,000,042 | ---- | C] () -- C:\WINDOWS\CT.ini
[2002/11/02 13:21:36 | 000,000,138 | ---- | C] () -- C:\WINDOWS\Crazytalk.ini
[2002/11/02 13:21:35 | 000,000,110 | ---- | C] () -- C:\WINDOWS\CTBugs.ini
[2002/11/02 08:20:56 | 000,001,052 | ---- | C] () -- C:\WINDOWS\TPBugs.ini
[2002/11/02 08:20:56 | 000,000,544 | ---- | C] () -- C:\WINDOWS\CTComm.ini
[2002/11/02 08:20:56 | 000,000,045 | ---- | C] () -- C:\WINDOWS\CrazyTalkBugs.ini
[2002/11/02 08:20:54 | 000,000,195 | ---- | C] () -- C:\WINDOWS\TPBugs2.ini
[2002/11/02 08:20:54 | 000,000,049 | ---- | C] () -- C:\WINDOWS\CTReg.ini
[2002/10/04 14:26:58 | 000,000,097 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2002/09/29 21:04:24 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2002/09/29 21:03:52 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2002/09/29 21:03:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2002/09/28 22:58:05 | 000,000,459 | ---- | C] () -- C:\WINDOWS\ORS.INI
[2002/09/28 22:18:56 | 000,000,601 | ---- | C] () -- C:\WINDOWS\Oxford.ini
[2002/09/28 22:18:55 | 000,211,285 | ---- | C] () -- C:\WINDOWS\XWI321.DLL
[2002/09/28 22:18:55 | 000,058,759 | ---- | C] () -- C:\WINDOWS\XWI321TE.DLL
[2002/09/28 22:13:51 | 000,000,265 | ---- | C] () -- C:\WINDOWS\harraps.ini
[2002/09/28 22:04:01 | 000,000,333 | ---- | C] () -- C:\WINDOWS\ORIENT.INI
[2002/09/24 20:10:21 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll
[2002/09/24 20:07:35 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2002/09/24 19:22:35 | 000,000,068 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2002/09/23 21:25:12 | 000,000,484 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/03/26 21:18:27 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002/03/21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2002/03/21 13:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2002/03/21 13:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2002/03/21 13:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2002/03/21 13:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2002/03/21 13:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2002/03/21 13:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2002/03/21 12:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2002/03/20 22:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002/03/20 22:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/07 18:59:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000/04/14 17:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1999/03/23 14:46:24 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1999/01/22 11:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2003/09/14 10:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ontrack
[2003/07/13 16:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/05/13 21:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/17 14:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2010/05/22 19:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2010/04/22 19:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/04/22 19:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2003/06/08 09:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\shockwave.com
[2003/09/27 20:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/08/13 21:27:23 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========


< End of report >





ComboFix 10-08-14.02 - Carl Conner 08/14/2010 23:43:01.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.186 [GMT 1:00]
Running from: I:\george.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Carl Conner\Application Data\ACD Systems\ACDSee\ImageDB.ddf
c:\documents and settings\Carl Conner\Local Settings\Application Data\024546.exe
c:\program files\dialers
c:\program files\dialers\stmtdlr.exe
c:\windows\system\oeminfo.ini
c:\windows\system32\42KJE738.ocx
c:\windows\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

2010-08-13 19:51 . 2010-08-13 19:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-08-13 19:49 . 2010-08-13 19:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-11 22:27 . 2010-08-11 22:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage
2010-08-11 21:17 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 21:17 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-11 21:04 . 2010-08-11 21:04 -------- d-----w- c:\program files\ERUNT
2010-08-08 21:12 . 2010-08-08 21:12 -------- d-----w- c:\documents and settings\Carl Conner\Application Data\Malwarebytes
2010-08-08 20:50 . 2010-08-08 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-08 20:50 . 2010-08-11 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-08 20:50 . 2010-08-08 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-08 20:48 . 2010-08-08 20:48 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 22:40 . 2010-04-18 18:34 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-14 22:40 . 2010-04-18 18:32 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-14 22:31 . 2010-04-17 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-08-13 20:33 . 2010-04-18 18:50 -------- d-----w- c:\documents and settings\Carl Conner\Application Data\Skype
2010-08-13 19:42 . 2010-08-13 20:27 1468928 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2010-08-13 19:42 . 2010-08-13 20:27 22016 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2010-08-11 20:41 . 2002-09-25 19:38 -------- d-----w- c:\program files\GetRight
2010-08-08 21:16 . 2010-08-10 21:58 23040 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2010-08-08 21:16 . 2010-08-10 21:58 1468416 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2010-08-07 22:53 . 2010-08-07 23:02 1479168 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2010-08-07 22:53 . 2010-08-07 23:02 2931712 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2010-08-07 15:48 . 2010-04-18 18:53 -------- d-----w- c:\documents and settings\Carl Conner\Application Data\skypePM
2010-07-07 13:49 . 2010-07-08 00:28 375296 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2010-07-06 23:23 . 2010-07-08 00:28 1439744 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2010-06-30 19:23 . 2010-07-01 19:16 1431040 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2010-06-30 19:23 . 2010-07-01 19:16 291840 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2010-06-25 11:57 . 2010-06-25 12:23 1428480 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2010-06-25 11:56 . 2010-06-25 12:23 29696 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2010-06-24 23:58 . 2010-06-25 11:05 1432576 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2010-06-24 23:57 . 2010-06-25 11:05 2060288 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2010-06-14 14:31 . 2002-12-30 17:04 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-05-30 13:35 . 2010-05-30 14:11 1033216 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2010-05-30 13:30 . 2010-05-30 14:11 1384960 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2010-05-23 13:16 . 2003-05-23 17:45 116720 ----a-w- c:\documents and settings\Carl Conner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-22 17:38 . 2010-05-05 16:25 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-05-22 17:38 . 2010-05-05 16:25 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-05-17 23:41 . 2010-05-18 11:30 1330176 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2010-05-17 23:41 . 2010-05-18 11:30 829440 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2003-06-09 17:05 . 2003-06-09 17:04 560 ----a-w- c:\program files\Global.sw
2003-07-21 14:21 . 2003-07-21 14:13 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:03 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2003-10-07 45056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"LTWinModem1"="ltmsg.exe 9" [X]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-04-20 2046816]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\Carl Conner\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2008-11-7 517384]
PowerReg Scheduler.exe [2003-8-21 225280]
TutorABC_helper.appref-ms [2010-5-3 322]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DriveSelect.lnk - c:\program files\321Studios\Xpress\DriveSelect.exe [2003-5-5 217088]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2002-9-25 106560]
ZoneAlarm Pro.lnk - c:\program files\Zone Labs\ZoneAlarm\zapro.exe [2002-9-24 422984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-17 16:59 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
2001-12-06 12:09 45056 ----a-w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2002-04-15 08:12 57344 ----a-w- c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Print House 2000]
2000-04-11 10:22 188416 ----a-r- c:\windows\Corel\StpLnch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrazyTalk Serve]
2002-11-02 07:14 1007616 ----a-w- c:\windows\system32\CrazyTalk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fix-It AV]
2001-12-21 18:52 32768 ----a-w- c:\progra~1\Ontrack\Fix-It\MemCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-01-09 08:21 253952 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-01-13 09:19 757760 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-01-13 13:05 69632 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2001-07-03 09:11 57344 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HomeMeeting\\JoinNet\\joinnetu.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [7/2/2003 5:41 PM 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [7/2/2003 4:49 PM 124160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/17/2010 5:59 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/17/2010 5:59 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/17/2010 5:58 PM 297752]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [9/24/2002 7:22 PM 144512]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [9/24/2002 7:22 PM 536768]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S2 gupdate1cadf28b746024;Google Update Service (gupdate1cadf28b746024);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2010 7:50 PM 133104]
S2 ntbpf;ntbpf;c:\program files\Network Associates\ThreatScan Agent for ePO\driver\ntbpf.sys [8/5/2003 1:42 PM 35340]
S2 Tmfilter;Tmfilter;c:\progra~1\Ontrack\Fix-It\Tmfilter.sys [6/29/2001 9:16 PM 155216]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [4/17/2010 2:43 PM 100736]
S3 mxDisk;mxDisk;c:\progra~1\Ontrack\Fix-It\mxDisk.sys [12/21/2001 7:37 PM 57092]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 18:49]

2010-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 18:49]

2010-08-14 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &Google Search - c:\windows\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmsearch.html
IE: Backward &Links - c:\windows\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\windows\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmcache.html
IE: Customize Menu &4 - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms &] - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Save Forms &[ - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Search Using Copernic Agent - c:\program files\Copernic Agent\Web\SearchExt.htm
IE: Si&milar Pages - c:\windows\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmsimilar.html
IE: Translate Page - c:\windows\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} - c:\program files\GetRight\xx2gr.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-024546 - c:\docume~1\CARLCO~1\LOCALS~1\APPLIC~1\024546.exe
HKLM-Run-CopernicPerUserTaskMgr - c:\windows\system32\CopernicPerUserTaskMgr.exe
MSConfigStartUp-Adaware Bootup - c:\program files\Lavasoft Ad-Aware\Ad-aware.exe
MSConfigStartUp-NeroCheck - c:\windows\system32\NeroCheck.exe
AddRemove-GetRight - c:\program files\GetRight\GETRIGHT.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 23:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8278B178]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85baf28
\Driver\ACPI -> ACPI.sys @ 0xf852dcb8
\Driver\atapi -> 0x8278b178
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
Completion time: 2010-08-14 23:58:59
ComboFix-quarantined-files.txt 2010-08-14 22:58

Pre-Run: 61,462,380,544 bytes free
Post-Run: 61,429,637,120 bytes free

- - End Of File - - B16FDF789B8E21037D383EAFEF8FA1CC






2010/08/15 00:13:38.0531 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/15 00:13:38.0531 ================================================================================
2010/08/15 00:13:38.0531 SystemInfo:
2010/08/15 00:13:38.0531
2010/08/15 00:13:38.0531 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/15 00:13:38.0531 Product type: Workstation
2010/08/15 00:13:38.0531 ComputerName: CARL
2010/08/15 00:13:38.0531 UserName: Carl Conner
2010/08/15 00:13:38.0531 Windows directory: C:\WINDOWS
2010/08/15 00:13:38.0531 System windows directory: C:\WINDOWS
2010/08/15 00:13:38.0531 Processor architecture: Intel x86
2010/08/15 00:13:38.0531 Number of processors: 1
2010/08/15 00:13:38.0531 Page size: 0x1000
2010/08/15 00:13:38.0531 Boot type: Normal boot
2010/08/15 00:13:38.0531 ================================================================================
2010/08/15 00:13:39.0078 Initialize success
2010/08/15 00:13:54.0796 ================================================================================
2010/08/15 00:13:54.0796 Scan started
2010/08/15 00:13:54.0796 Mode: Manual;
2010/08/15 00:13:54.0796 ================================================================================
2010/08/15 00:13:55.0234 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/15 00:13:55.0453 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/15 00:13:55.0578 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/15 00:13:55.0703 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/15 00:13:55.0859 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/08/15 00:13:56.0328 Aspi32 (144fa0451138bedd54931aa84a32983b) C:\WINDOWS\system32\drivers\Aspi32.sys
2010/08/15 00:13:56.0468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/15 00:13:56.0562 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/15 00:13:56.0703 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/15 00:13:56.0843 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/15 00:13:57.0078 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/08/15 00:13:57.0296 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/08/15 00:13:57.0468 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/08/15 00:13:57.0593 axwhisky (35a301482478e97be6e1c2748ce930e1) C:\WINDOWS\system32\DRIVERS\axwhisky.sys
2010/08/15 00:13:57.0703 axwskbus (f3b1ce696ccf6448c85e7cdc702098d8) C:\WINDOWS\system32\DRIVERS\axwskbus.sys
2010/08/15 00:13:57.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/15 00:13:57.0953 bvrp_pci (c043ca48f1f5c00ff8272180fbbd15e9) C:\WINDOWS\system32\drivers\bvrp_pci.sys
2010/08/15 00:13:58.0187 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/15 00:13:58.0312 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/15 00:13:58.0453 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/15 00:13:58.0593 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/15 00:13:58.0703 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/08/15 00:13:58.0843 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/08/15 00:13:58.0953 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/15 00:13:59.0156 cdudf_xp (a19f8c660426e02aa99af1ed3d0dcb1c) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/08/15 00:13:59.0609 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/15 00:13:59.0796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/15 00:14:00.0015 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/08/15 00:14:00.0156 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/15 00:14:00.0328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/15 00:14:00.0453 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/15 00:14:00.0531 dvd_2K (943873bf94e372b78ab0b0631069ac2b) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/08/15 00:14:00.0703 ElbyCDFL (c6659672dff00368db73b73519486156) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys
2010/08/15 00:14:00.0796 ElbyCDIO (8bff0040e793b14d5d02db69d9bb1b7e) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2010/08/15 00:14:01.0015 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/15 00:14:01.0156 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/15 00:14:01.0296 FilterService (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2010/08/15 00:14:01.0421 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/15 00:14:01.0546 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/15 00:14:01.0750 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/15 00:14:01.0953 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/08/15 00:14:02.0109 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/15 00:14:02.0265 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/15 00:14:02.0406 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/08/15 00:14:02.0562 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/15 00:14:02.0703 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/15 00:14:02.0968 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/08/15 00:14:03.0140 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/08/15 00:14:03.0312 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/08/15 00:14:03.0515 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/15 00:14:03.0625 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2010/08/15 00:14:03.0796 hwusbdev (60726cb5f063fb25f8b6b71df34fa1d8) C:\WINDOWS\system32\DRIVERS\ewusbdev.sys
2010/08/15 00:14:04.0062 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/15 00:14:04.0218 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2010/08/15 00:14:04.0406 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/15 00:14:04.0546 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/15 00:14:04.0656 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/15 00:14:04.0734 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/15 00:14:04.0875 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/15 00:14:05.0000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/15 00:14:05.0203 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/15 00:14:05.0390 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/15 00:14:05.0531 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/15 00:14:05.0656 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/15 00:14:05.0781 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/15 00:14:05.0890 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/15 00:14:06.0140 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2010/08/15 00:14:06.0359 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
2010/08/15 00:14:06.0546 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/08/15 00:14:06.0718 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2010/08/15 00:14:07.0125 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2010/08/15 00:14:07.0531 mdvrmng (4e10e84320a8ec1c12bd0d00973b22ab) C:\WINDOWS\system32\drivers\mdvrmng.sys
2010/08/15 00:14:07.0671 mmc_2K (18032034b88c7f9e9068df91ab3ae968) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/08/15 00:14:07.0828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/15 00:14:07.0984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/15 00:14:08.0140 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/08/15 00:14:08.0296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/15 00:14:08.0437 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/15 00:14:08.0593 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/15 00:14:08.0796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/15 00:14:08.0937 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/15 00:14:09.0187 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/15 00:14:09.0359 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/15 00:14:09.0484 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/15 00:14:09.0640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/15 00:14:09.0828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/15 00:14:09.0953 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/15 00:14:10.0140 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/15 00:14:10.0312 mxDisk (aa56401a71c84faf94c152ec77d3ea85) C:\PROGRA~1\Ontrack\Fix-It\mxDisk.sys
2010/08/15 00:14:10.0484 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/15 00:14:10.0718 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/15 00:14:10.0812 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/15 00:14:10.0968 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/15 00:14:11.0125 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/15 00:14:11.0187 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/15 00:14:11.0375 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/15 00:14:11.0562 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/15 00:14:11.0765 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/15 00:14:12.0062 nmwcd (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys
2010/08/15 00:14:12.0234 nmwcdc (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys
2010/08/15 00:14:12.0406 nmwcdcj (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2010/08/15 00:14:12.0546 nmwcdcm (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2010/08/15 00:14:12.0671 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/15 00:14:12.0812 ntbpf (4296828d33dd18052a865079aa9314e2) C:\Program Files\Network Associates\ThreatScan Agent for ePO\driver\ntbpf.sys
2010/08/15 00:14:12.0984 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/15 00:14:13.0062 NTIDrvr (15a72d5b8f0b6a718207f14bd5ebb8ff) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2010/08/15 00:14:13.0203 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/15 00:14:13.0328 nv (f85165a0a6f32b22bb11eacf197f98eb) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/15 00:14:13.0515 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/15 00:14:13.0640 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/15 00:14:13.0812 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/08/15 00:14:13.0968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/15 00:14:14.0125 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/15 00:14:14.0312 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/15 00:14:14.0421 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/15 00:14:14.0671 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/15 00:14:14.0812 Pcouffin (1f7f4eaf77d51aa3891d5ee2fdc6976b) C:\WINDOWS\system32\Drivers\Pcouffin.sys
2010/08/15 00:14:15.0265 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/15 00:14:15.0421 PQNTDrv (88422cb9d58bd542269318a6850fc384) C:\WINDOWS\system32\drivers\PQNTDrv.sys
2010/08/15 00:14:15.0562 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/15 00:14:15.0750 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/15 00:14:15.0906 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/15 00:14:16.0093 pwd_2k (4f1948a73db89ee4b34feeedd6745ee1) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/08/15 00:14:16.0234 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/15 00:14:16.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/15 00:14:16.0765 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/15 00:14:16.0875 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/15 00:14:17.0031 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/15 00:14:17.0187 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/15 00:14:17.0359 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/15 00:14:17.0500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/15 00:14:17.0671 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/15 00:14:17.0843 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/15 00:14:18.0078 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/15 00:14:18.0156 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/15 00:14:18.0328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/15 00:14:18.0531 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/15 00:14:18.0734 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/15 00:14:18.0921 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/08/15 00:14:19.0109 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/15 00:14:19.0218 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/15 00:14:19.0375 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/15 00:14:19.0562 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/15 00:14:19.0734 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/15 00:14:19.0875 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/15 00:14:20.0140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/15 00:14:20.0250 tbcspud (39ad9100a46f566d6aaafe30d5165745) C:\WINDOWS\system32\drivers\tbcspud.sys
2010/08/15 00:14:20.0406 tbcwdm (62073d463457e32beb0a27535cfe603f) C:\WINDOWS\system32\drivers\tbcwdm.sys
2010/08/15 00:14:20.0640 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/15 00:14:20.0734 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/15 00:14:20.0875 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/15 00:14:21.0046 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/15 00:14:21.0218 Tmfilter (f8bd4755cfd536c70a603b4d493b8dc7) C:\PROGRA~1\Ontrack\Fix-It\Tmfilter.sys
2010/08/15 00:14:21.0531 UdfReadr_xp (37148e648e0f3a6694040fd9f80941b7) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/08/15 00:14:21.0734 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/15 00:14:21.0953 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/15 00:14:22.0156 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/08/15 00:14:22.0296 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/15 00:14:22.0468 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/15 00:14:22.0625 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/15 00:14:22.0812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/15 00:14:22.0968 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/15 00:14:23.0062 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/15 00:14:23.0203 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/08/15 00:14:23.0359 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/15 00:14:23.0562 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/15 00:14:23.0750 Vsapint (9ad65673fa5a86b27f33ec96ad567db9) C:\PROGRA~1\Ontrack\Fix-It\Vsapint.sys
2010/08/15 00:14:23.0937 vsdatant (f143a516289864fe053138d08e5cd58d) C:\WINDOWS\System32\vsdatant.sys
2010/08/15 00:14:24.0078 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/15 00:14:24.0296 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/15 00:14:24.0453 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/15 00:14:24.0609 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/15 00:14:24.0781 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/15 00:14:24.0953 ================================================================================
2010/08/15 00:14:24.0953 Scan finished
2010/08/15 00:14:24.0953 ================================================================================
  • 0

#7
Sydney34

Sydney34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts

Uninstall of Ad-Aware/Ad-Watch is OK.

Not sure what is wrong with Zone Alarm. You might try right clicking on the ZA icon and turn it off first then try to uninstall it. If it won't uninstall we can get rid of it with a Combofix script.

The others can be removed the same way. They showed up in your extras log so should have been in the Add/Remove list. We will get them with the same Combofix script.

Go ahead and run the rest of the programs.

Ron


  • 0

#8
Sydney34

Sydney34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ron, I was so stressed about running ComboFix, I forgot to reboot the infected computer. I just did and Security Tool seems to be gone! But a window popped up: "Cannot Start Application. Application download did not succeed. Check your network connection, or contact your system administrator or network service provider." Here is a log of the details. Do you think the infection is cured?





PLATFORM VERSION INFO
Windows : 5.1.2600.196608 (Win32NT)
Common Language Runtime : 2.0.50727.3082
System.Deployment.dll : 2.0.50727.3053 (netfxsp.050727-3000)
mscorwks.dll : 2.0.50727.3082 (QFE.050727-3000)
dfdll.dll : 2.0.50727.3053 (netfxsp.050727-3000)
dfshim.dll : 4.0.31106.0 (Main.031106-0000)

SOURCES
Deployment url : file:///C:/Documents%20and%20Settings/Carl%20Conner/Start%20Menu/Programs/Startup/TutorABC_helper.appref-ms%7C

ERROR SUMMARY
Below is a summary of the errors, details of these errors are listed later in the log.
* Activation of C:\Documents and Settings\Carl Conner\Start Menu\Programs\Startup\TutorABC_helper.appref-ms| resulted in exception. Following failure messages were detected:
+ Downloading http://helper.tutora...per.application did not succeed.
+ The operation has timed out

COMPONENT STORE TRANSACTION FAILURE SUMMARY
No transaction error was detected.

WARNINGS
There were no warnings during this operation.

OPERATION PROGRESS STATUS
* [8/15/2010 1:27:17 AM] : Activation of C:\Documents and Settings\Carl Conner\Start Menu\Programs\Startup\TutorABC_helper.appref-ms| has started.

ERROR DETAILS
Following errors were detected during this operation.
* [8/15/2010 1:29:23 AM] System.Deployment.Application.DeploymentDownloadException (Unknown subtype)
- Downloading http://helper.tutora...per.application did not succeed.
- Source: System.Deployment
- Stack trace:
at System.Deployment.Application.SystemNetDownloader.DownloadSingleFile(DownloadQueueItem next)
at System.Deployment.Application.SystemNetDownloader.DownloadAllFiles()
at System.Deployment.Application.FileDownloader.Download(SubscriptionState subState)
at System.Deployment.Application.DownloadManager.DownloadManifestAsRawFile(Uri& sourceUri, String targetPath, IDownloadNotification notification, DownloadOptions options, ServerInformation& serverInformation)
at System.Deployment.Application.DownloadManager.DownloadManifest(Uri& sourceUri, String targetPath, IDownloadNotification notification, DownloadOptions options, ManifestType manifestType, ServerInformation& serverInformation)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifestDirect(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, IDownloadNotification notification, DownloadOptions options, ServerInformation& serverInformation)
at System.Deployment.Application.DownloadManager.DownloadDeploymentManifest(SubscriptionStore subStore, Uri& sourceUri, TempFile& tempFile, IDownloadNotification notification, DownloadOptions options)
at System.Deployment.Application.ApplicationActivator.ProcessOrFollowShortcut(String shortcutFile, String& errorPageUrl, TempFile& deployFile)
at System.Deployment.Application.ApplicationActivator.PerformDeploymentActivation(Uri activationUri, Boolean isShortcut, String textualSubId, String deploymentProviderUrlFromExtension, BrowserSettings browserSettings, String& errorPageUrl)
at System.Deployment.Application.ApplicationActivator.ActivateDeploymentWorker(Object state)
--- Inner Exception ---
System.Net.WebException
- The operation has timed out
- Source: System
- Stack trace:
at System.Net.HttpWebRequest.GetResponse()
at System.Deployment.Application.SystemNetDownloader.DownloadSingleFile(DownloadQueueItem next)

COMPONENT STORE TRANSACTION DETAILS
No transaction information is available.
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,463 posts
  • MVP
You have this link in your Startup folder:

c:\documents and settings\Carl Conner\Start Menu\Programs\Startup\TutorABC_helper.appref-ms

It is trying to reach the TutorABC site to install something. Guess the internet is still not working which is why you get the error message.

The following should remove ZA, AVG, and some other stuff:


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

SecCenter::
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\documents and settings\All Users\Start Menu\Programs\Startup\ZoneAlarm Pro.lnk
c:\program files\Zone Labs\ZoneAlarm\zapro.exe
c:\windows\system32\avgrsstx.dll
C:\WINDOWS\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
C:\WINDOWS\system32\vsdatant.sys
C:\Program Files\Windows Live\Family Safety\fsssvc.exe

Driver::
AvgLdx86
AvgTdiX
avg8wd
ElbyVCD
mxDisk
Tmfilter
vsdatant
vsmon
fsssvc
SeaPort
Vsapint

Folder::
c:\program files\Zone Labs
c:\progra~1\Ontrack\Fix-It
c:\progra~1\AVG
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
c:\documents and settings\All Users\Application Data\avg8
c:\program files\GetRight
C:\Program Files\NOS
C:\Program Files\Microsoft\Search Enhancement Pack
C:\WINDOWS\System32\ZoneLabs

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=-
"LTWinModem1"=-
"AVG8_TRAY"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fix-It AV]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[-HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag it over to george and let it start as before. If possible connect to the internet before running george and let it update and install the Recovery Console.

You may have trouble getting on the internet. If so:

Start, Run, cmd, OK to bring up a black command window. Type (with an enter after each line in the code box:
netsh  winsock  reset  catalog

netsh  int  ip  reset  reset.log

exit
(I use two spaces in the code box so you can see where one space goes.)
Reboot.

Post the new combofix log.

Also run a new OTL and post its log.

Ron

Edited by RKinner, 14 August 2010 - 07:52 PM.

  • 0

#10
Sydney34

Sydney34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi again. When I first logged onto the problem computer today, it opened into windows and then I got a blue screen: "A problem has been detected and Windows has been shut down to prevent damage to your computer. ewusbdev.sys DRIVER_UNLOADED_WITHOUT_CANCELLING_PENDING_OPTIONS Dumping physical memory to disk: [later] Physical memory dumping complete. Technical information: ***STOP:OX000000CE (OXEBACEF-73, OXoooooooo, OXEBACEF-73, OXOOOOOOOO" I restarted.

I copied the text like you said (from my laptop) and then onto the problem computer and dragged it over george. A single line of green squares appeared from ComboFix and then the message about an active AVG. Not having to work in Safe Mode, I now had a taskbar again so could disable AVG. I was also able to connect to the net so I did and clicked OK for ComboFix to proceed and it also updated and downloaded Recovery Console. But then it stalled. After an hour, I tried to close it, also with Task Manager, cutr couldn't so rebooted manually. There was no log. Should I have done something else? Should I run it again or revert to Safe Mode, and if the latter, in XP or Recovery Console? Thank you! --Sydney
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,463 posts
  • MVP
Try it in Safe Mode (it won't run in Recovery Console). IF it still stalls then try combofix without the script.

. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#12
Sydney34

Sydney34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sorry to be thick, but do I "Double Click My Computer etc." AFTER running ComboFix? (Thank you btw for responding so quickly.)
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,463 posts
  • MVP
Run Combofix then go on to the next step. I want to see what the error was about.

Ron
  • 0

#14
Sydney34

Sydney34

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi Ron. ComboFix ran in Safe Mode with script. Said "CF has detected rootkit activity and has to reboot. Rebooted into Windows and ran. (Got that message "Application did not succeed..." even though I deleted Tutor ABC Helper yesterday.) After about 20 minutes, the machine rebooted again and CF finished the scan.

(The choice was “Clear All Events,” not “Clear Log.”) When I rebooted to do the disc check, there were files to install, as there have been since machine started functioning again. I (again) turned off without installing. A blue screen appeared:“ Checking file system on C…” That was all I could read before Windows came up. I waited almost 2 hours and then ran sfc /scannow. I had to SKIP many, many files.

sigverif: The following files have not been digitally signed:
bmp.gpd c:\windows\syste… 5/3/2010 GPD File None

There were 7 other files but they were old: 1 from 2002, 1 from 2003 and 5 from ’99. I’ve only been using this computer regularly since April.

Here are the ComboFix log and the 2 VEW. THANKS!


ComboFix 10-08-14.02 - Carl Conner 08/16/2010 18:05:56.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.188 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\george.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\All Users\Start Menu\Programs\Startup\ZoneAlarm Pro.lnk"
"c:\program files\Windows Live\Family Safety\fsssvc.exe"
"c:\program files\Zone Labs\ZoneAlarm\zapro.exe"
"c:\windows\system32\avgrsstx.dll"
"c:\windows\System32\Drivers\avgldx86.sys"
"c:\windows\System32\Drivers\avgmfx86.sys"
"c:\windows\System32\Drivers\avgtdix.sys"
"c:\windows\system32\vsdatant.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\AVG Security Toolbar
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_11d36153b741947c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_14d92d8cffb1f47c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_1e1012f0f01b47c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_48b028dbbdd47c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_51f521225294947c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_5a99f2595582947c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_5cc6aa61a36f947c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_664c80d23c87d47c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_735d5931cf4a947c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_86282aff1d97f47c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_92ecd235a423347c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_971023ff52dc147c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_9c5e5213c18d347c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_9feab6afb4cf747c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_b48e3c769956747c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_b96c1cae7b747c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_d1232693677f947c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_d92142539071947c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_e7050e643541547c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_e7e5e0d54db2347c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_e9bbbb98a0a7947c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_f454641046faf47c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\cache\cu_f7a3faf3bac7d47c.cache
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\en.ini
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\Languages\languages.cfg
c:\documents and settings\All Users\Application Data\AVG Security Toolbar\osd.xml
c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\All Users\Application Data\avg8\Cfg\erd.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\malrep.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\setup.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\updatecomps.cfg
c:\documents and settings\All Users\Application Data\avg8\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg8\CfgAll\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg8\CfgAll\updateall.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgfrw.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgfrw.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgns.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avguilog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.1
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.10
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.2
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.3
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.4
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.5
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.6
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.7
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.8
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.9
c:\documents and settings\All Users\Application Data\avg8\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg8\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\cfgexlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\cfglog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\commonpub.log
c:\documents and settings\All Users\Application Data\avg8\Log\commonpub.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\corelog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\fixcfg.log
c:\documents and settings\All Users\Application Data\avg8\Log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\avg8\Log\history.xml
c:\documents and settings\All Users\Application Data\avg8\Log\ldrlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\lnglog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\nslog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\privlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\publog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\rslog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\scanlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\schedlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\srmlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\updlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\vaultlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\wdlog.cfg
c:\documents and settings\All Users\Application Data\avg8\Log\wdsvclog.cfg
c:\documents and settings\All Users\Application Data\avg8\Lsdb\Prev\prvcache.dat
c:\documents and settings\All Users\Application Data\avg8\Lsdb\Prev\prvglbl.dat
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000001.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000005.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000006.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000007.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000008.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000009.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000010.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000011.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000012.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000013.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000014.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000015.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000016.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000017.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000018.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000019.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000020.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000021.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000022.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000023.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\I_00000024.log
c:\documents and settings\All Users\Application Data\avg8\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\avg8\Temp\8293687e-6856-4688-ae1a-6d1e029e5c1e-130-oopp.tmp
c:\documents and settings\All Users\Application Data\avg8\update\backup\incavi.avm
c:\documents and settings\All Users\Application Data\avg8\update\backup\sb.dat
c:\documents and settings\All Users\Application Data\avg8\update\backup\sc.dat
c:\documents and settings\All Users\Application Data\avg8\update\download\avginfoavi.ctf
c:\documents and settings\All Users\Application Data\avg8\update\download\avginfowin.ctf
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi2991u2971tw.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi2993u2991ol.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi2998u2992iq.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi3002u2998qv.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi3004u3002fa.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi3013u3003fr.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi3019u3009mh.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi3025u3015dj.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi3027u3025iu.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi3031u3026fd.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi3039u3028qh.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi3045u3035bc.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi3050u3044eu.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi3052u3050kz.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi3054u3052bk.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\u9iavi3056u3054nb.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsb_205dv.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsb_207d205lk.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsb_208d207ka.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsb_210d208g4.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsb_211d210ut.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsb_214d211ol.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsb_216d214jq.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsb_217d216ar.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsb_219d217zu.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsb2_149gj.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsc_275ff.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsc_276d275y2.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsc_280d276ak.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsc_283d280ob.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsc_286d283g4.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsc_287d286st.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsc_290d287ut.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsc_293d290ol.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsc_296d293jr.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsc_298d296nr.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsc_299d298rs.bin
c:\documents and settings\All Users\Application Data\avg8\update\download\x8xplsc_301d299zu.bin
c:\documents and settings\All Users\Application Data\avg8\update\prepare\incavi.avm
c:\documents and settings\All Users\Application Data\avg8\update\prepare\sb.dat.prepare
c:\documents and settings\All Users\Application Data\avg8\update\prepare\sc.dat.prepare
c:\documents and settings\All Users\Start Menu\Programs\Startup\ZoneAlarm Pro.lnk
c:\progra~1\AVG
c:\progra~1\AVG\AVG8\avg.snu
c:\progra~1\AVG\AVG8\avg7api.dll
c:\progra~1\AVG\AVG8\avg80out.dll
c:\progra~1\AVG\AVG8\avg8us.lng
c:\progra~1\AVG\AVG8\avgabout.dll
c:\progra~1\AVG\AVG8\avgamnot.dll
c:\progra~1\AVG\AVG8\avgapix.dll
c:\progra~1\AVG\AVG8\avgatend.stp
c:\progra~1\AVG\AVG8\avgatupd.stp
c:\progra~1\AVG\AVG8\avgbat.bav
c:\progra~1\AVG\AVG8\avgcclix.dll
c:\progra~1\AVG\AVG8\avgcfgex.exe
c:\progra~1\AVG\AVG8\avgcfgx.dll
c:\progra~1\AVG\AVG8\avgclitx.dll
c:\progra~1\AVG\AVG8\avgcmgr.exe
c:\progra~1\AVG\AVG8\avgcorex.dll
c:\progra~1\AVG\AVG8\avgcrlpx.dll
c:\progra~1\AVG\AVG8\avgcsrvx.exe
c:\progra~1\AVG\AVG8\avgdumpx.exe
c:\progra~1\AVG\AVG8\avgf8us.chm
c:\progra~1\AVG\AVG8\avgfree_us.mht
c:\progra~1\AVG\AVG8\avgfrw.exe
c:\progra~1\AVG\AVG8\avginet.dll
c:\progra~1\AVG\AVG8\avgiproxy.exe
c:\progra~1\AVG\AVG8\avglngx.dll
c:\progra~1\AVG\AVG8\avglogx.dll
c:\progra~1\AVG\AVG8\avglvex.dll
c:\progra~1\AVG\AVG8\avgmail.dll
c:\progra~1\AVG\AVG8\avgmvflx.dll
c:\progra~1\AVG\AVG8\avgmwdef_us.mht
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\progra~1\AVG\AVG8\avgoff2k.dll
c:\progra~1\AVG\AVG8\avgpp.dll
c:\progra~1\AVG\AVG8\avgresf.dll
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgsbfree_us.mht
c:\progra~1\AVG\AVG8\avgscanx.dll
c:\progra~1\AVG\AVG8\avgscanx.exe
c:\progra~1\AVG\AVG8\avgsched.dll
c:\progra~1\AVG\AVG8\avgse.dll
c:\progra~1\AVG\AVG8\avgsrmax.exe
c:\progra~1\AVG\AVG8\avgsrmx.dll
c:\progra~1\AVG\AVG8\avgssie.dll
c:\progra~1\AVG\AVG8\avgtbapi.dll
c:\progra~1\AVG\AVG8\AVGToolbarInstall.exe
c:\progra~1\AVG\AVG8\avgtray.exe
c:\progra~1\AVG\AVG8\avgui.exe
c:\progra~1\AVG\AVG8\avguiadv.dll
c:\progra~1\AVG\AVG8\avguires.dll
c:\progra~1\AVG\AVG8\avgupd.dll
c:\progra~1\AVG\AVG8\avgupd.exe
c:\progra~1\AVG\AVG8\avgvvx.dll
c:\progra~1\AVG\AVG8\avgwd.dll
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\progra~1\AVG\AVG8\avgwdwsc.dll
c:\progra~1\AVG\AVG8\avgxch32.dll
c:\progra~1\AVG\AVG8\avgxpl.dll
c:\progra~1\AVG\AVG8\cf.dat
c:\progra~1\AVG\AVG8\contacts_us.html
c:\progra~1\AVG\AVG8\dbghelp.dll
c:\progra~1\AVG\AVG8\dfncfg.dat
c:\progra~1\AVG\AVG8\fixcfg.exe
c:\progra~1\AVG\AVG8\Icons\background_middle_gray.gif
c:\progra~1\AVG\AVG8\Icons\background_middle_green.gif
c:\progra~1\AVG\AVG8\Icons\background_middle_orange.gif
c:\progra~1\AVG\AVG8\Icons\background_middle_red.gif
c:\progra~1\AVG\AVG8\Icons\background_middle_yellow.gif
c:\progra~1\AVG\AVG8\Icons\background_top_gray.gif
c:\progra~1\AVG\AVG8\Icons\background_top_green.gif
c:\progra~1\AVG\AVG8\Icons\background_top_orange.gif
c:\progra~1\AVG\AVG8\Icons\background_top_red.gif
c:\progra~1\AVG\AVG8\Icons\background_top_yellow.gif
c:\progra~1\AVG\AVG8\Icons\block-doc.gif
c:\progra~1\AVG\AVG8\Icons\blocked.gif
c:\progra~1\AVG\AVG8\Icons\border_bottom_gray.gif
c:\progra~1\AVG\AVG8\Icons\border_bottom_green.gif
c:\progra~1\AVG\AVG8\Icons\border_bottom_orange.gif
c:\progra~1\AVG\AVG8\Icons\border_bottom_red.gif
c:\progra~1\AVG\AVG8\Icons\border_bottom_yellow.gif
c:\progra~1\AVG\AVG8\Icons\border_top_gray.gif
c:\progra~1\AVG\AVG8\Icons\border_top_green.gif
c:\progra~1\AVG\AVG8\Icons\border_top_orange.gif
c:\progra~1\AVG\AVG8\Icons\border_top_red.gif
c:\progra~1\AVG\AVG8\Icons\border_top_yellow.gif
c:\progra~1\AVG\AVG8\Icons\box_bottom_red.gif
c:\progra~1\AVG\AVG8\Icons\box_top_red.gif
c:\progra~1\AVG\AVG8\Icons\caution.gif
c:\progra~1\AVG\AVG8\Icons\click_here_gray.gif
c:\progra~1\AVG\AVG8\Icons\click_here_green.gif
c:\progra~1\AVG\AVG8\Icons\click_here_orange.gif
c:\progra~1\AVG\AVG8\Icons\click_here_red.gif
c:\progra~1\AVG\AVG8\Icons\click_here_yellow.gif
c:\progra~1\AVG\AVG8\Icons\clock.gif
c:\progra~1\AVG\AVG8\Icons\close.gif
c:\progra~1\AVG\AVG8\Icons\icons_blocked.gif
c:\progra~1\AVG\AVG8\Icons\icons_caution.gif
c:\progra~1\AVG\AVG8\Icons\icons_close.gif
c:\progra~1\AVG\AVG8\Icons\icons_safe.gif
c:\progra~1\AVG\AVG8\Icons\icons_unknown.gif
c:\progra~1\AVG\AVG8\Icons\icons_warning.gif
c:\progra~1\AVG\AVG8\Icons\LS_Logo_Results.gif
c:\progra~1\AVG\AVG8\Icons\safe.gif
c:\progra~1\AVG\AVG8\Icons\unknown.gif
c:\progra~1\AVG\AVG8\Icons\warning.gif
c:\progra~1\AVG\AVG8\license_us.txt
c:\progra~1\AVG\AVG8\Notification\arrow_big.png
c:\progra~1\AVG\AVG8\Notification\arrow_red.png
c:\progra~1\AVG\AVG8\Notification\banner1.png
c:\progra~1\AVG\AVG8\Notification\bkg_body.png
c:\progra~1\AVG\AVG8\Notification\bkg_body2.png
c:\progra~1\AVG\AVG8\Notification\bkg_header.png
c:\progra~1\AVG\AVG8\Notification\bkg_title.png
c:\progra~1\AVG\AVG8\Notification\box_shot_ais.png
c:\progra~1\AVG\AVG8\Notification\btn_recommended-en.png
c:\progra~1\AVG\AVG8\Notification\btn_red.png
c:\progra~1\AVG\AVG8\Notification\btn_red_300.png
c:\progra~1\AVG\AVG8\Notification\btn_red_right.png
c:\progra~1\AVG\AVG8\Notification\icon_check.png
c:\progra~1\AVG\AVG8\Notification\logo.png
c:\progra~1\AVG\AVG8\Notification\screenshot-cz.png
c:\progra~1\AVG\AVG8\Notification\screenshot-da.png
c:\progra~1\AVG\AVG8\Notification\screenshot-de.png
c:\progra~1\AVG\AVG8\Notification\screenshot-en.png
c:\progra~1\AVG\AVG8\Notification\screenshot-es-la.png
c:\progra~1\AVG\AVG8\Notification\screenshot-es.png
c:\progra~1\AVG\AVG8\Notification\screenshot-fr.png
c:\progra~1\AVG\AVG8\Notification\screenshot-id.png
c:\progra~1\AVG\AVG8\Notification\screenshot-it.png
c:\progra~1\AVG\AVG8\Notification\screenshot-jp.png
c:\progra~1\AVG\AVG8\Notification\screenshot-ko.png
c:\progra~1\AVG\AVG8\Notification\screenshot-ms.png
c:\progra~1\AVG\AVG8\Notification\screenshot-nl.png
c:\progra~1\AVG\AVG8\Notification\screenshot-pl.png
c:\progra~1\AVG\AVG8\Notification\screenshot-pt.png
c:\progra~1\AVG\AVG8\Notification\screenshot-pt_br.png
c:\progra~1\AVG\AVG8\Notification\screenshot-ru.png
c:\progra~1\AVG\AVG8\Notification\screenshot-tr.png
c:\progra~1\AVG\AVG8\Notification\screenshot-zh.png
c:\progra~1\AVG\AVG8\Notification\screenshot-zt.png
c:\progra~1\AVG\AVG8\Notification\screenshot.png
c:\progra~1\AVG\AVG8\Notification\style.css
c:\progra~1\AVG\AVG8\Notification\upg8to9mes1.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes2.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-cz.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-fr.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-ge.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-id.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-it.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-jp.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-ko.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-ms.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-nl.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-pb.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-pl.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-pt.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-ru.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-sp.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-tr.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-us.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-zh.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3-zt.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes3.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-cz.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-fr.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-ge.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-id.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-it.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-jp.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-ko.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-ms.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-nl.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-pb.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-pl.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-pt.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-ru.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-sp.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-tr.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-us.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-zh.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4-zt.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes4.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes5.html
c:\progra~1\AVG\AVG8\Notification\upg8to9mes6.html
c:\progra~1\AVG\AVG8\patchcfg.exe
c:\progra~1\AVG\AVG8\ph.dat
c:\progra~1\AVG\AVG8\sb.dat
c:\progra~1\AVG\AVG8\sb.dat.xcd
c:\progra~1\AVG\AVG8\sb2.dat
c:\progra~1\AVG\AVG8\sc.dat
c:\progra~1\AVG\AVG8\sc.dat.xcd
c:\progra~1\AVG\AVG8\setup.dat
c:\progra~1\AVG\AVG8\setup.exe
c:\progra~1\AVG\AVG8\setupus.lns
c:\progra~1\AVG\AVG8\Toolbar\Firefox\39_sp.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\40_sp.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\48_sp.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_23\chrome\content\config.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_23\chrome\content\html\tabswelcome.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_23\chrome\content\html\tabswelcome_ie7header.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_23\chrome\content\Languages\en.ini
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_23\chrome\skin\searchProvider.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_23\sp.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_39\chrome\content\config.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_39\chrome\content\html\tabswelcome.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_39\chrome\content\html\tabswelcome_ie7header.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_39\chrome\content\Languages\en.ini
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_39\chrome\skin\searchProvider.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_39\chrome\skin\spGeneralSearch.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_39\sp.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_40\chrome\content\config.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_40\chrome\content\html\tabswelcome.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_40\chrome\content\html\tabswelcome_ie7header.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_40\chrome\content\Languages\en.ini
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_40\chrome\skin\searchProvider.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_40\chrome\skin\spYandex.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_40\sp.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_48\chrome\content\config.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_48\chrome\content\html\tabswelcome.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_48\chrome\content\html\tabswelcome_ie7header.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_48\chrome\content\Languages\en.ini
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_48\chrome\skin\searchProvider.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_48\chrome\skin\spBaidu.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\ch_48\sp.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\channels.dat
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome.manifest
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\after_install.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\After_uninstall.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\autocomplete-popup.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\avg\avgtbapi.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\avg\customwrapper.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\avg\partFiles.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\avg\statusindicator.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\config.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\contexthtml.xul
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\custom.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\ex\marquee.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\about.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_AB.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_ABSearch.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_arrow.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_bottom_shadow.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_confirm.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_confirmAVGSafe.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_confirmTbr.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_general.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_protection.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_search.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_searchSearchBox.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_searchSearchBoxBaidu.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_searchSearchBoxBlank.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_SPupdate.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_SPupdateSearchBox.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_style.css
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\bubble_top_shadow.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\deletehistory_processing.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_!backgroundGrey.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_!backgroundRed.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_!bullet.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_!close.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_!icoiDNES.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_!icoRead.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_!icoRSS.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_!icoSimple.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_!icoUnread.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_!logo.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_!settings.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_!tabHilighted.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_advanced.css
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_advanced.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_config.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\rssreader_simple.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\settings_askdialog.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\settings_background.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\settings_checkboxdialog.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\settings_closedialog.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\settings_icohelp.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\settings_loading.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\settings_logo.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\settings_main.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\settings_menu1.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\settings_menu2.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\settings_menu3.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\settings_menu4.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\settings_style.css
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\tabswelcome.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\tabswelcome_button.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\tabswelcome_button_hilight.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\tabswelcome_buttonHilight.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\tabswelcome_ie7footer.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\tabswelcome_ie7header.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\tabswelcome_poweredByBlank.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\tabswelcome_poweredByYahoo.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\tbapi.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\toolbarprotector_window.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\updater_error.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\updater_ok.gif
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\html\updater_processing.htm
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\htmlwindow.xul
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\Languages\en.ini
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\Languages\languages.cfg
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\bubbles.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\cache.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\chevron.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\cookie.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\directory.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\dns.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\dom.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\dragdrop.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\file.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\include.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\include_lite.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\loader.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\log.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\mutex.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\newtab.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\pass.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\prefs.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\privacy.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\refreshControl.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\registry.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\resources.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\searches.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\searchplugin.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\searchProvs.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\settings.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\splitter.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\stats.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\tabs.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\translation.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\update.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\updatecontrol.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\updateext.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\updater.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\updates.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\utils.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\visibility.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\wrapper.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\xml.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\xmlconfig.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libs\xmlitems.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libsex\mail.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libsex\mime.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libsex\pop3.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libsex\rss.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libsex\ticker.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\libsex\xmlitemsex.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\overlay.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\overlay.xul
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\content\searchProviders.xml
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\icons\default\htmlwindow.ico
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\chevron.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\contexthtml.css
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\dragdrop.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\gripper.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoAbout.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoAVGInfo.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoGoButton.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoHomepage.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoNoProtection.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoOptions.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoProtection.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoProtectionLimited.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoRSS.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoRSSBlue.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoRSSGray.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoRSSGreen.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoTrash.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\icoUpdate.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\logo.ico
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\logo.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\overlay.css
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\rssreader_!icoRead.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\rssreader_!icoUnread.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\Search_provider_drop.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\searchProvider.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\settings_icon.ico
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\slider.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\spWiki.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\spYahoo.png
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\chrome\skin\toolbarprotector_icon.ico
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\components\autocomplete.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\components\avgapi.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils.xpt
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\components\notifications.js
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\components\xpavgdatabaseversion.xpt
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\components\xpavgprogramversion.xpt
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\components\xpavgsearchratingsconfig.xpt
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dll
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\components\xpavgtbapi.xpt
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\crc.dat
c:\progra~1\AVG\AVG8\Toolbar\Firefox\[email protected]\install.rdf
c:\progra~1\AVG\AVG8\Toolbar\Firefox\sp.xml
c:\progra~1\AVG\AVG8\Toolbar\IE8Lib.dll
c:\progra~1\AVG\AVG8\Toolbar\IEToolbar.dll
c:\progra~1\AVG\AVG8\Toolbar\IEToolbar.dll_crash.exh
c:\progra~1\AVG\AVG8\Toolbar\IEToolbar.dll_crash_f.dmp
c:\progra~1\AVG\AVG8\Toolbar\IEToolbar.dll_crash_m.dmp
c:\progra~1\AVG\AVG8\Toolbar\ToolbarBroker.exe
c:\progra~1\AVG\AVG8\updatecomps.bak
c:\progra~1\Ontrack\Fix-It
c:\progra~1\Ontrack\Fix-It\About.znc
c:\progra~1\Ontrack\Fix-It\Advopt.znc
c:\progra~1\Ontrack\Fix-It\Advopt2.znc
c:\progra~1\Ontrack\Fix-It\Advpart.znc
c:\progra~1\Ontrack\Fix-It\Advrec.znc
c:\progra~1\Ontrack\Fix-It\Afsscan.znc
c:\progra~1\Ontrack\Fix-It\anim3d.x
c:\progra~1\Ontrack\Fix-It\aud.dll
c:\progra~1\Ontrack\Fix-It\AutoUpd.dll
c:\progra~1\Ontrack\Fix-It\AVCmd.exe
c:\progra~1\Ontrack\Fix-It\avupdate.exe
c:\progra~1\Ontrack\Fix-It\Bpmnt.dll
c:\progra~1\Ontrack\Fix-It\cddmsg.dll
c:\progra~1\Ontrack\Fix-It\cddmsgnt.dll
c:\progra~1\Ontrack\Fix-It\cdn.dll
c:\progra~1\Ontrack\Fix-It\check.bmp
c:\progra~1\Ontrack\Fix-It\com.dll
c:\progra~1\Ontrack\Fix-It\CPROOF.MXE
c:\progra~1\Ontrack\Fix-It\Cpyad.znc
c:\progra~1\Ontrack\Fix-It\Cpyfl.znc
c:\progra~1\Ontrack\Fix-It\Cpypr.znc
c:\progra~1\Ontrack\Fix-It\CSEngine.dll
c:\progra~1\Ontrack\Fix-It\Cstiml32.dll
c:\progra~1\Ontrack\Fix-It\CSUI.dll
c:\progra~1\Ontrack\Fix-It\Ctl3dv2.dll
c:\progra~1\Ontrack\Fix-It\cube.x
c:\progra~1\Ontrack\Fix-It\Defrag\00000000.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000001.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000002.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000003.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000004.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000005.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000006.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000007.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000008.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000009.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000010.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000011.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000012.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000013.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000014.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000015.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000016.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000017.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000018.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000019.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000020.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000021.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000022.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000023.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000024.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000025.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000026.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000027.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000028.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000029.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\00000030.DFG
c:\progra~1\Ontrack\Fix-It\Defrag\DEFRAG.DFG
c:\progra~1\Ontrack\Fix-It\dgs.sys
c:\progra~1\Ontrack\Fix-It\dgs_api.dll
c:\progra~1\Ontrack\Fix-It\dgs_svc.dll
c:\progra~1\Ontrack\Fix-It\Diag.znc
c:\progra~1\Ontrack\Fix-It\DiagLoad.ctl
c:\progra~1\Ontrack\Fix-It\diskcomn.dll
c:\progra~1\Ontrack\Fix-It\Dlgdir.znc
c:\progra~1\Ontrack\Fix-It\dmsagent.dll
c:\progra~1\Ontrack\Fix-It\dmsant.dll
c:\progra~1\Ontrack\Fix-It\Erhelp.cnt
c:\progra~1\Ontrack\Fix-It\Erhelp.hlp
c:\progra~1\Ontrack\Fix-It\Erp000.znc
c:\progra~1\Ontrack\Fix-It\Erp001.znc
c:\progra~1\Ontrack\Fix-It\Erp002.znc
c:\progra~1\Ontrack\Fix-It\Erp002a.znc
c:\progra~1\Ontrack\Fix-It\Erp002b.znc
c:\progra~1\Ontrack\Fix-It\Erp003.znc
c:\progra~1\Ontrack\Fix-It\Erp004.znc
c:\progra~1\Ontrack\Fix-It\errhook.dll
c:\progra~1\Ontrack\Fix-It\errorui.dll
c:\progra~1\Ontrack\Fix-It\Erwin.exe
c:\progra~1\Ontrack\Fix-It\ETrack.exe
c:\progra~1\Ontrack\Fix-It\ezdisk1.dat
c:\progra~1\Ontrack\Fix-It\ezhelper.dll
c:\progra~1\Ontrack\Fix-It\ezupdate.cfg
c:\progra~1\Ontrack\Fix-It\fddmsg.dll
c:\progra~1\Ontrack\Fix-It\fddmsgnt.dll
c:\progra~1\Ontrack\Fix-It\fdn.dll
c:\progra~1\Ontrack\Fix-It\Fix-It.exe
c:\progra~1\Ontrack\Fix-It\Fix-It.GID
c:\progra~1\Ontrack\Fix-It\Fix-it.hlp
c:\progra~1\Ontrack\Fix-It\Fix-It.Log
c:\progra~1\Ontrack\Fix-It\Fix-It.stg
c:\progra~1\Ontrack\Fix-It\floor.x
c:\progra~1\Ontrack\Fix-It\Fsscan.znc
c:\progra~1\Ontrack\Fix-It\hddmsg.dll
c:\progra~1\Ontrack\Fix-It\hddmsgnt.dll
c:\progra~1\Ontrack\Fix-It\hdn.dll
c:\progra~1\Ontrack\Fix-It\Hint.znc
c:\progra~1\Ontrack\Fix-It\Hourglas.ani
c:\progra~1\Ontrack\Fix-It\I18n.znc
c:\progra~1\Ontrack\Fix-It\ide.dll
c:\progra~1\Ontrack\Fix-It\iom.dll
c:\progra~1\Ontrack\Fix-It\ISMAGIC.exe
c:\progra~1\Ontrack\Fix-It\kbd.dll
c:\progra~1\Ontrack\Fix-It\kbd101.kbd
c:\progra~1\Ontrack\Fix-It\kbd104.kbd
c:\progra~1\Ontrack\Fix-It\kbd84.kbd
c:\progra~1\Ontrack\Fix-It\lfbmp90n.dll
c:\progra~1\Ontrack\Fix-It\LFCMP90n.DLL
c:\progra~1\Ontrack\Fix-It\Lfeps90n.dll
c:\progra~1\Ontrack\Fix-It\lffax90n.dll
c:\progra~1\Ontrack\Fix-It\Lfimg90n.dll
c:\progra~1\Ontrack\Fix-It\Lflma90n.dll
c:\progra~1\Ontrack\Fix-It\Lfmac90n.dll
c:\progra~1\Ontrack\Fix-It\Lfmsp90n.dll
c:\progra~1\Ontrack\Fix-It\Lfpcd90n.dll
c:\progra~1\Ontrack\Fix-It\lfpct90n.dll
c:\progra~1\Ontrack\Fix-It\lfpcx90n.dll
c:\progra~1\Ontrack\Fix-It\lfpng90n.dll
c:\progra~1\Ontrack\Fix-It\lfpsd90n.dll
c:\progra~1\Ontrack\Fix-It\Lfras90n.dll
c:\progra~1\Ontrack\Fix-It\Lftga90n.dll
c:\progra~1\Ontrack\Fix-It\Lfwfx90n.dll
c:\progra~1\Ontrack\Fix-It\Lfwmf90n.dll
c:\progra~1\Ontrack\Fix-It\Lfwpg90n.dll
c:\progra~1\Ontrack\Fix-It\License.txt
c:\progra~1\Ontrack\Fix-It\lpt$vpn.761
c:\progra~1\Ontrack\Fix-It\lpt.dll
c:\progra~1\Ontrack\Fix-It\mbd.dll
c:\progra~1\Ontrack\Fix-It\mdm.dll
c:\progra~1\Ontrack\Fix-It\mem.dll
c:\progra~1\Ontrack\Fix-It\Memboot.dll
c:\progra~1\Ontrack\Fix-It\MemCheck.exe
c:\progra~1\Ontrack\Fix-It\modem.dll
c:\progra~1\Ontrack\Fix-It\mon.dll
c:\progra~1\Ontrack\Fix-It\msvcrt40.dll
c:\progra~1\Ontrack\Fix-It\mul.dll
c:\progra~1\Ontrack\Fix-It\MXAV.dll
c:\progra~1\Ontrack\Fix-It\MXAVNT.dll
c:\progra~1\Ontrack\Fix-It\MXBkp.dll
c:\progra~1\Ontrack\Fix-It\MXBkpUI.dll
c:\progra~1\Ontrack\Fix-It\MXCDRLab.dll
c:\progra~1\Ontrack\Fix-It\MXCEZRec.dll
c:\progra~1\Ontrack\Fix-It\MXCFTSupp.dll
c:\progra~1\Ontrack\Fix-It\MXCtxMnu.dll
c:\progra~1\Ontrack\Fix-It\mxcytask.dll
c:\progra~1\Ontrack\Fix-It\MXDefrag.dll
c:\progra~1\Ontrack\Fix-It\mxdefrui.dll
c:\progra~1\Ontrack\Fix-It\MXDel.dll
c:\progra~1\Ontrack\Fix-It\MXDelUI.dll
c:\progra~1\Ontrack\Fix-It\mxdfix.dll
c:\progra~1\Ontrack\Fix-It\MXDFixUI.dll
c:\progra~1\Ontrack\Fix-It\MXDiag.dll
c:\progra~1\Ontrack\Fix-It\mxDisk.sys
c:\progra~1\Ontrack\Fix-It\mxdlgsup.dll
c:\progra~1\Ontrack\Fix-It\MXDTask.dll
c:\progra~1\Ontrack\Fix-It\Mxecp16.exe
c:\progra~1\Ontrack\Fix-It\mxecpnt.dll
c:\progra~1\Ontrack\Fix-It\mxEDF.exe
c:\progra~1\Ontrack\Fix-It\MXEDV.dll
c:\progra~1\Ontrack\Fix-It\mxentjit.exe
c:\progra~1\Ontrack\Fix-It\MXExHand.dll
c:\progra~1\Ontrack\Fix-It\mxfc.dll
c:\progra~1\Ontrack\Fix-It\MXFile.dll
c:\progra~1\Ontrack\Fix-It\mxhc.dll
c:\progra~1\Ontrack\Fix-It\mximage.dll
c:\progra~1\Ontrack\Fix-It\mximtask.dll
c:\progra~1\Ontrack\Fix-It\mxlc.dll
c:\progra~1\Ontrack\Fix-It\mxlinkdb.dll
c:\progra~1\Ontrack\Fix-It\MXMon.dll
c:\progra~1\Ontrack\Fix-It\mxmon.exe
c:\progra~1\Ontrack\Fix-It\MXMonReg.dll
c:\progra~1\Ontrack\Fix-It\MXMonSnk.dll
c:\progra~1\Ontrack\Fix-It\MXMonSvr.dll
c:\progra~1\Ontrack\Fix-It\MXMonUI.dll
c:\progra~1\Ontrack\Fix-It\MXMsi.dll
c:\progra~1\Ontrack\Fix-It\MxNotify.dll
c:\progra~1\Ontrack\Fix-It\MXPM.dll
c:\progra~1\Ontrack\Fix-It\mxpm3216.dll
c:\progra~1\Ontrack\Fix-It\mxprop.dll
c:\progra~1\Ontrack\Fix-It\MXR.dll
c:\progra~1\Ontrack\Fix-It\MXRDR.dll
c:\progra~1\Ontrack\Fix-It\MxRegCln.dll
c:\progra~1\Ontrack\Fix-It\MxRegCUI.dll
c:\progra~1\Ontrack\Fix-It\MxRegDfg.dll
c:\progra~1\Ontrack\Fix-It\MxRegDUI.dll
c:\progra~1\Ontrack\Fix-It\mxreged.dll
c:\progra~1\Ontrack\Fix-It\MxRegRpr.dll
c:\progra~1\Ontrack\Fix-It\MxRegRUI.dll
c:\progra~1\Ontrack\Fix-It\MxRegSrv.dll
c:\progra~1\Ontrack\Fix-It\mxrnt000.dll
c:\progra~1\Ontrack\Fix-It\MXRTVSNT.dll
c:\progra~1\Ontrack\Fix-It\mxsave.exe
c:\progra~1\Ontrack\Fix-It\mxsched.dll
c:\progra~1\Ontrack\Fix-It\mxsicore.dll
c:\progra~1\Ontrack\Fix-It\mxsiqry.dll
c:\progra~1\Ontrack\Fix-It\MXSmrt.dll
c:\progra~1\Ontrack\Fix-It\MXSmrtUI.dll
c:\progra~1\Ontrack\Fix-It\mxtask.exe
c:\progra~1\Ontrack\Fix-It\Mxthk16.exe
c:\progra~1\Ontrack\Fix-It\MXThunk.dll
c:\progra~1\Ontrack\Fix-It\mxto.dll
c:\progra~1\Ontrack\Fix-It\MxTreeCt.dll
c:\progra~1\Ontrack\Fix-It\MXUAV.dll
c:\progra~1\Ontrack\Fix-It\Mxuc16.exe
c:\progra~1\Ontrack\Fix-It\MXuc32.exe
c:\progra~1\Ontrack\Fix-It\mxucp.dll
c:\progra~1\Ontrack\Fix-It\mxucp32.dll
c:\progra~1\Ontrack\Fix-It\MXUDiag.dll
c:\progra~1\Ontrack\Fix-It\MXUDV.dll
c:\progra~1\Ontrack\Fix-It\mxufc.dll
c:\progra~1\Ontrack\Fix-It\MxUndoUI.dll
c:\progra~1\Ontrack\Fix-It\mxuntcom.dll
c:\progra~1\Ontrack\Fix-It\mxupdate.dll
c:\progra~1\Ontrack\Fix-It\mxupdchk.exe
c:\progra~1\Ontrack\Fix-It\mxur.dll
c:\progra~1\Ontrack\Fix-It\mxusched.dll
c:\progra~1\Ontrack\Fix-It\mxusinfo.dll
c:\progra~1\Ontrack\Fix-It\MxXPSvc.dll
c:\progra~1\Ontrack\Fix-It\NewAge.mid
c:\progra~1\Ontrack\Fix-It\Odivsd.vxd
c:\progra~1\Ontrack\Fix-It\ongu.dll
c:\progra~1\Ontrack\Fix-It\onsidnfo.dll
c:\progra~1\Ontrack\Fix-It\ontrack.url
c:\progra~1\Ontrack\Fix-It\Ovrwrt.znc
c:\progra~1\Ontrack\Fix-It\packing.lst
c:\progra~1\Ontrack\Fix-It\Partid.znc
c:\progra~1\Ontrack\Fix-It\Partinf.znc
c:\progra~1\Ontrack\Fix-It\pdv.dll
c:\progra~1\Ontrack\Fix-It\printer.avi
c:\progra~1\Ontrack\Fix-It\Psapi.dll
c:\progra~1\Ontrack\Fix-It\rdrsetup.dat
c:\progra~1\Ontrack\Fix-It\RegClean\1B580DA.rgu
c:\progra~1\Ontrack\Fix-It\RegClean\1B7991.rgu
c:\progra~1\Ontrack\Fix-It\RegClean\1D5A96.rgu
c:\progra~1\Ontrack\Fix-It\RegClean\29A6A99.rgu
c:\progra~1\Ontrack\Fix-It\RegClean\36860.rgu
c:\progra~1\Ontrack\Fix-It\RegClean\3834DA.rgu
c:\progra~1\Ontrack\Fix-It\RegClean\627B2E.rgu
c:\progra~1\Ontrack\Fix-It\RegClean\83A54B.rgu
c:\progra~1\Ontrack\Fix-It\RegFix\10E60FA.rgu
c:\progra~1\Ontrack\Fix-It\RegFix\22AE1C.rgu
c:\progra~1\Ontrack\Fix-It\RegFix\2A7F16.rgu
c:\progra~1\Ontrack\Fix-It\RegFix\2EEE86.rgu
c:\progra~1\Ontrack\Fix-It\RegFix\41994DF.rgu
c:\progra~1\Ontrack\Fix-It\RegFix\4908F5.rgu
c:\progra~1\Ontrack\Fix-It\RegFix\63664.rgu
c:\progra~1\Ontrack\Fix-It\RegFix\7705E8.rgu
c:\progra~1\Ontrack\Fix-It\regicons.dll
c:\progra~1\Ontrack\Fix-It\register.exe
c:\progra~1\Ontrack\Fix-It\register.url
c:\progra~1\Ontrack\Fix-It\regkeys.txt
c:\progra~1\Ontrack\Fix-It\REGMAGIC.exe
c:\progra~1\Ontrack\Fix-It\releasenotes.txt
c:\progra~1\Ontrack\Fix-It\REMsgs.dll
c:\progra~1\Ontrack\Fix-It\Results\Disk Snapshot20020924221829.txt
c:\progra~1\Ontrack\Fix-It\Results\Disk Snapshot20020927080136.txt
c:\progra~1\Ontrack\Fix-It\Results\PC Diagnostics20030531174151.txt
c:\progra~1\Ontrack\Fix-It\Results\System Saver20020924221827.txt
c:\progra~1\Ontrack\Fix-It\Results\System Saver20020927080134.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030604155420.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030605160427.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030606154556.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030608154743.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030609154530.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030610154745.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030611160302.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030612154929.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030613154622.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030614154653.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030615155009.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030616154652.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030617154706.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030618154945.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030619154710.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030620154743.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030622160227.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030623154929.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030624152650.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030625155146.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030626155136.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030627155127.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030628160255.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030629152559.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030630155013.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030702155245.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030703155128.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030704155550.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030705155307.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030706155447.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030707152656.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030708155614.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030711155610.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030713155621.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030714155630.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030715155150.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030716155356.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030717155539.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030718155348.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030720152730.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030722155322.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030723154800.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030724154803.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030725155207.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030726155006.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030727155813.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030728155151.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030729155049.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030730154838.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030731155252.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030801155218.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030802152755.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030803155218.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030804160918.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030805155706.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030806155326.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030807155812.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030808155624.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030809155255.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030810155541.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030811155216.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030812155106.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030813155505.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030814155417.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030815162257.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030816155648.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030818160706.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030819155749.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030820155453.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030821155323.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030822155621.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030824155822.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030825154643.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030826153646.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030827153053.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030828153052.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030829160202.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030830153750.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030831160032.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030901153821.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030902153323.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030903155836.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030904160019.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030905154433.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030906153353.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030907152914.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030908155942.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030909154833.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030910153041.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030911155933.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030912153430.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030913153318.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030914160147.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030915154642.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030916153119.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030918160212.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030919155954.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030921153019.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030922160132.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030923155100.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030924153559.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030925152955.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030926160340.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030927153004.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030928160042.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030929160138.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020030930153214.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031001153555.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031002160302.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031003154410.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031004153611.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031005160108.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031006153023.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031007153110.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031009160343.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031010155553.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031011153503.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031012160352.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031013153133.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031015160355.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031016153822.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031017153502.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031018160259.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031019154033.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031020154056.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031021162911.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031022153138.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031023153941.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031024162148.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031025153828.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031026153303.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031027160747.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031028153639.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031029153831.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031030160349.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031102153020.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031103153016.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031104160720.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031105160555.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031106153612.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031107153506.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031108160715.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031109154007.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031110153431.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031112160646.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031113153438.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031115160429.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031116155023.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031117153142.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031118160428.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031120154916.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031122160320.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031201153709.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031202160215.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031203153733.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031204153426.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031205155931.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031206153035.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031207153052.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031208160052.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031209154335.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031210153102.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031211155900.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020031213153759.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020040823160332.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020040831153204.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020040903152942.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020040911152939.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020040915153108.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020040928153103.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020041224153148.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020050214153446.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020051113153239.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020060807153221.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020060815153048.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020060818153121.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020060819153114.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020060829153128.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020060831153028.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020060903153052.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020070506153905.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020070811153207.txt
c:\progra~1\Ontrack\Fix-It\Results\Wizard020071231153211.txt
c:\progra~1\Ontrack\Fix-It\Roboex32.dll
c:\progra~1\Ontrack\Fix-It\RTFCtrl.dll
c:\progra~1\Ontrack\Fix-It\Scan.znc
c:\progra~1\Ontrack\Fix-It\scsidll.dll
c:\progra~1\Ontrack\Fix-It\scsint.dll
c:\progra~1\Ontrack\Fix-It\sphere.x
c:\progra~1\Ontrack\Fix-It\spkrtest.wav
c:\progra~1\Ontrack\Fix-It\spotlight.mpeg
c:\progra~1\Ontrack\Fix-It\stone.bmp
c:\progra~1\Ontrack\Fix-It\str.dll
c:\progra~1\Ontrack\Fix-It\sys.dll
c:\progra~1\Ontrack\Fix-It\Sysovr.znc
c:\progra~1\Ontrack\Fix-It\Tagfl.znc
c:\progra~1\Ontrack\Fix-It\TaskCtrl.dll
c:\progra~1\Ontrack\Fix-It\TaskMgr.exe
c:\progra~1\Ontrack\Fix-It\TimeSvrs.txt
c:\progra~1\Ontrack\Fix-It\tlk.dll
c:\progra~1\Ontrack\Fix-It\Tmfilter.sys
c:\progra~1\Ontrack\Fix-It\TrLibNT.dll
c:\progra~1\Ontrack\Fix-It\Undotreg.exe
c:\progra~1\Ontrack\Fix-It\Updates\FixIt\FX403013Eup.exe
c:\progra~1\Ontrack\Fix-It\usb.dll
c:\progra~1\Ontrack\Fix-It\vid.dll
c:\progra~1\Ontrack\Fix-It\Vsapi32.dll
c:\progra~1\Ontrack\Fix-It\Vsapint.sys
c:\progra~1\Ontrack\Fix-It\Wait.znc
c:\progra~1\Ontrack\Fix-It\wall.x
c:\progra~1\Ontrack\Fix-It\Welcome.znc
c:\progra~1\Ontrack\Fix-It\WizardEn.dll
c:\progra~1\Ontrack\Fix-It\WizardUI.dll
c:\progra~1\Ontrack\Fix-It\wmicns.dll
c:\progra~1\Ontrack\Fix-It\ZipLib.dll
c:\progra~1\Ontrack\Fix-It\Zvdlg.znc
c:\progra~1\Ontrack\Fix-It\Zvstr.znc
c:\program files\GetRight
c:\program files\GetRight\dunzip32.dll
c:\program files\GetRight\fix_msie.reg
c:\program files\GetRight\fix_nscp.reg
c:\program files\GetRight\GetRight.cok
c:\program files\GetRight\getright.hlp
c:\program files\GetRight\GetRight.hst
c:\program files\GetRight\GetRight.ini
c:\program files\GetRight\GetRight.lst
c:\program files\GetRight\GetRightClick.log
c:\program files\GetRight\GRBrowse.htm
c:\program files\GetRight\GRDownload.htm
c:\program files\GetRight\GRFolder.ini
c:\program files\GetRight\GRSkin.ini
c:\program files\GetRight\INSTALL.LOG
c:\program files\GetRight\license.txt
c:\program files\GetRight\mirrors.lst
c:\program files\GetRight\mymirror.lst
c:\program files\GetRight\partner1.bmp
c:\program files\GetRight\readme.txt
c:\program files\GetRight\RunOnceShortcut.exe
c:\program files\GetRight\sample.bat
c:\program files\GetRight\sample2.bat
c:\program files\GetRight\sounds\all_done.wav
c:\program files\GetRight\sounds\cant_resume.wav
c:\program files\GetRight\sounds\connected.wav
c:\program files\GetRight\sounds\dialing.wav
c:\program files\GetRight\sounds\error.wav
c:\program files\GetRight\sounds\file_added.wav
c:\program files\GetRight\sounds\file_is_done.wav
c:\program files\GetRight\sounds\hangup_modem.wav
c:\program files\GetRight\sounds\oops.wav
c:\program files\GetRight\sounds\please_login.wav
c:\program files\GetRight\sounds\readme.txt
c:\program files\GetRight\sounds\start_download.wav
c:\program files\GetRight\sounds\switching.wav
c:\program files\GetRight\sounds\turn_off_computer.wav
c:\program files\GetRight\sounds\uhoh.wav
c:\program files\GetRight\to_uninstall.txt
c:\program files\GetRight\UNWISE.EXE
c:\program files\GetRight\xx2gr.dll
c:\program files\Microsoft\Search Enhancement Pack
c:\program files\Microsoft\Search Enhancement Pack\Choice Guard\CGuard.exe
c:\program files\Microsoft\Search Enhancement Pack\Choice Guard\ChoiceGuard.dll
c:\program files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft\Search Enhancement Pack\Search Box Extension\SrchBxEx.dll
c:\program files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
c:\program files\NOS
c:\program files\NOS\bin\getPlus_Helper.dll
c:\program files\NOS\bin\IEGetPlugin.ocx
c:\program files\Windows Live\Family Safety\fsssvc.exe
c:\program files\Zone Labs
c:\program files\Zone Labs\ZoneAlarm\alert.zap
c:\program files\Zone Labs\ZoneAlarm\email.zap
c:\program files\Zone Labs\ZoneAlarm\ErrorLog.txt
c:\program files\Zone Labs\ZoneAlarm\expert.dll
c:\program files\Zone Labs\ZoneAlarm\filter.zap
c:\program files\Zone Labs\ZoneAlarm\firewall.zap
c:\program files\Zone Labs\ZoneAlarm\framewrk.dll
c:\program files\Zone Labs\ZoneAlarm\Help\zaclients.chm
c:\program files\Zone Labs\ZoneAlarm\images\background.gif
c:\program files\Zone Labs\ZoneAlarm\images\blocked_content.gif
c:\program files\Zone Labs\ZoneAlarm\images\Cerb_logo_small.gif
c:\program files\Zone Labs\ZoneAlarm\images\DOS_Title.gif
c:\program files\Zone Labs\ZoneAlarm\images\spacer.gif
c:\program files\Zone Labs\ZoneAlarm\images\style_IE5_pc.css
c:\program files\Zone Labs\ZoneAlarm\images\topbar.gif
c:\program files\Zone Labs\ZoneAlarm\images\topbend_purple.gif
c:\program files\Zone Labs\ZoneAlarm\images\ZAP_logo_small.gif
c:\program files\Zone Labs\ZoneAlarm\INSTALL.LOG
c:\program files\Zone Labs\ZoneAlarm\license.txt
c:\program files\Zone Labs\ZoneAlarm\privacy.zap
c:\program files\Zone Labs\ZoneAlarm\programs.zap
c:\program files\Zone Labs\ZoneAlarm\readme.txt
c:\program files\Zone Labs\ZoneAlarm\repair\vsdb.dll
c:\program files\Zone Labs\ZoneAlarm\repair\vsinit.dll
c:\program files\Zone Labs\ZoneAlarm\repair\vsmon.exe
c:\program files\Zone Labs\ZoneAlarm\repair\vsruledb.dll
c:\program files\Zone Labs\ZoneAlarm\repair\vsutil.dll
c:\program files\Zone Labs\ZoneAlarm\security.zap
c:\program files\Zone Labs\ZoneAlarm\tutorwiz.dll
c:\program files\Zone Labs\ZoneAlarm\zapro.exe
c:\program files\Zone Labs\ZoneAlarm\ZaProReg.reg
c:\program files\Zone Labs\ZoneAlarm\zatutor.exe
c:\program files\Zone Labs\ZoneAlarm\zauninst.exe
c:\program files\Zone Labs\ZoneAlarm\zonealarm.exe
c:\windows\system32\avgrsstx.dll
c:\windows\System32\Drivers\avgldx86.sys
c:\windows\System32\Drivers\avgmfx86.sys
c:\windows\System32\Drivers\avgtdix.sys
c:\windows\System32\ZoneLabs
c:\windows\System32\ZoneLabs\cerbprovider.pvx
c:\windows\System32\ZoneLabs\html.tdr
c:\windows\System32\ZoneLabs\vsdb.dll
c:\windows\System32\ZoneLabs\vsmon.exe
c:\windows\System32\ZoneLabs\vsruledb.dll
c:\windows\System32\ZoneLabs\zlparser.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVG8WD
-------\Legacy_AVGLDX86
-------\Legacy_AVGTDIX
-------\Legacy_MXDISK
-------\Legacy_SEAPORT
-------\Legacy_TMFILTER
-------\Legacy_VSAPINT
-------\Legacy_VSDATANT
-------\Legacy_VSMON
-------\Service_avg8wd
-------\Service_AvgLdx86
-------\Service_AvgTdiX
-------\Service_ElbyVCD
-------\Service_fsssvc
-------\Service_mxDisk
-------\Service_SeaPort
-------\Service_Tmfilter
-------\Service_Vsapint
-------\Service_vsdatant
-------\Service_vsmon
-------\Legacy_Fix-It_Task_Manager
-------\Legacy_getPlusHelper
-------\Legacy_Fix-It_Task_Manager
-------\Legacy_getPlusHelper
-------\Service_Fix-It Task Manager
-------\Service_getPlusHelper
-------\Service_Fix-It Task Manager
-------\Service_getPlusHelper


((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-13 19:51 . 2010-08-13 19:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-08-13 19:49 . 2010-08-13 19:49 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-08-11 22:27 . 2010-08-11 22:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage
2010-08-11 21:17 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 21:17 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-11 21:04 . 2010-08-11 21:04 -------- d-----w- c:\program files\ERUNT
2010-08-08 21:12 . 2010-08-08 21:12 -------- d-----w- c:\documents and settings\Carl Conner\Application Data\Malwarebytes
2010-08-08 20:50 . 2010-08-08 20:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-08-08 20:50 . 2010-08-11 21:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-08 20:50 . 2010-08-08 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-08 20:48 . 2010-08-08 20:48 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 17:26 . 2010-04-18 18:50 -------- d-----w- c:\documents and settings\Carl Conner\Application Data\Skype
2010-08-16 17:23 . 2010-04-18 18:34 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-16 17:23 . 2010-04-18 18:32 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-16 17:20 . 2010-04-26 16:33 -------- d-----w- c:\program files\Microsoft
2010-08-16 17:20 . 2002-09-24 21:17 -------- d-----w- c:\program files\Ontrack
2010-08-16 17:07 . 2010-04-18 18:53 -------- d-----w- c:\documents and settings\Carl Conner\Application Data\skypePM
2010-08-15 11:27 . 2010-08-15 13:34 1472000 ----a-w- c:\windows\Internet Logs\xDB25.tmp
2010-08-15 11:27 . 2010-08-15 13:34 24576 ----a-w- c:\windows\Internet Logs\xDB26.tmp
2010-08-13 19:42 . 2010-08-13 20:27 1468928 ----a-w- c:\windows\Internet Logs\xDB23.tmp
2010-08-13 19:42 . 2010-08-13 20:27 22016 ----a-w- c:\windows\Internet Logs\xDB24.tmp
2010-08-08 21:16 . 2010-08-10 21:58 23040 ----a-w- c:\windows\Internet Logs\xDB22.tmp
2010-08-08 21:16 . 2010-08-10 21:58 1468416 ----a-w- c:\windows\Internet Logs\xDB21.tmp
2010-08-07 22:53 . 2010-08-07 23:02 1479168 ----a-w- c:\windows\Internet Logs\xDB1F.tmp
2010-08-07 22:53 . 2010-08-07 23:02 2931712 ----a-w- c:\windows\Internet Logs\xDB20.tmp
2010-07-07 13:49 . 2010-07-08 00:28 375296 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
2010-07-06 23:23 . 2010-07-08 00:28 1439744 ----a-w- c:\windows\Internet Logs\xDB1D.tmp
2010-06-30 19:23 . 2010-07-01 19:16 1431040 ----a-w- c:\windows\Internet Logs\xDB1B.tmp
2010-06-30 19:23 . 2010-07-01 19:16 291840 ----a-w- c:\windows\Internet Logs\xDB1C.tmp
2010-06-25 11:57 . 2010-06-25 12:23 1428480 ----a-w- c:\windows\Internet Logs\xDB19.tmp
2010-06-25 11:56 . 2010-06-25 12:23 29696 ----a-w- c:\windows\Internet Logs\xDB1A.tmp
2010-06-24 23:58 . 2010-06-25 11:05 1432576 ----a-w- c:\windows\Internet Logs\xDB17.tmp
2010-06-24 23:57 . 2010-06-25 11:05 2060288 ----a-w- c:\windows\Internet Logs\xDB18.tmp
2010-06-14 14:31 . 2002-12-30 17:04 744448 ----a-w- c:\windows\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2010-05-30 13:35 . 2010-05-30 14:11 1033216 ----a-w- c:\windows\Internet Logs\xDB16.tmp
2010-05-30 13:30 . 2010-05-30 14:11 1384960 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2010-05-23 13:16 . 2003-05-23 17:45 116720 ----a-w- c:\documents and settings\Carl Conner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-22 17:38 . 2010-05-05 16:25 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-05-22 17:38 . 2010-05-05 16:25 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2003-06-09 17:05 . 2003-06-09 17:04 560 ----a-w- c:\program files\Global.sw
2003-07-21 14:21 . 2003-07-21 14:13 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----


---- Directory of c:\program files\Common ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2003-10-07 45056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\documents and settings\Carl Conner\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2008-11-7 517384]
PowerReg Scheduler.exe [2003-8-21 225280]
TutorABC_helper.appref-ms [2010-5-3 322]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DriveSelect.lnk - c:\program files\321Studios\Xpress\DriveSelect.exe [2003-5-5 217088]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2002-9-25 106560]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]
2001-12-06 12:09 45056 ----a-w- c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2002-04-15 08:12 57344 ----a-w- c:\program files\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Print House 2000]
2000-04-11 10:22 188416 ----a-r- c:\windows\Corel\StpLnch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrazyTalk Serve]
2002-11-02 07:14 1007616 ----a-w- c:\windows\system32\CrazyTalk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-01-09 08:21 253952 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-01-13 09:19 757760 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-01-13 13:05 69632 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2001-07-03 09:11 57344 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HomeMeeting\\JoinNet\\joinnetu.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 axwhisky;axwhisky;c:\windows\system32\drivers\axwhisky.sys [7/2/2003 5:41 PM 5248]
R0 axwskbus;axwskbus;c:\windows\system32\drivers\axwskbus.sys [7/2/2003 4:49 PM 124160]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [9/24/2002 7:22 PM 144512]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [9/24/2002 7:22 PM 536768]
S2 gupdate1cadf28b746024;Google Update Service (gupdate1cadf28b746024);c:\program files\Google\Update\GoogleUpdate.exe [4/18/2010 7:50 PM 133104]
S2 ntbpf;ntbpf;c:\program files\Network Associates\ThreatScan Agent for ePO\driver\ntbpf.sys [8/5/2003 1:42 PM 35340]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [4/17/2010 2:43 PM 100736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 18:49]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-18 18:49]

2010-08-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &Google Search - c:\windows\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmsearch.html
IE: Backward &Links - c:\windows\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\windows\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmcache.html
IE: Customize Menu &4 - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Fill Forms &] - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm
IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Save Forms &[ - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Search Using Copernic Agent - c:\program files\Copernic Agent\Web\SearchExt.htm
IE: Si&milar Pages - c:\windows\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmsimilar.html
IE: Translate Page - c:\windows\downloaded program files\GoogleToolbar_en_2.0.95-big.dll/cmtrans.html
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
Name-Space Handler: ftp\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} -
Name-Space Handler: http\GetRightIEClickCatcher - {73BA8F12-723E-11D1-A9E2-00403320FCF2} -
.
- - - - ORPHANS REMOVED - - - -

AddRemove-AVG8Uninstall - c:\program files\AVG\AVG8\setup.exe
AddRemove-ZoneAlarm Pro - c:\program files\Zone Labs\ZoneAlarm\zauninst.exe
AddRemove-{459E93B6-150E-45d5-8D4B-45C66FC035FE} - c:\program files\NOS\bin\getPlus_Helper.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 18:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82B9D218]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85f3f28
\Driver\ACPI -> ACPI.sys @ 0xf8566cb8
\Driver\atapi -> 0x82b9d218
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4688)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\program files\WS_FTP Pro\nsftpch.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Executive Software\DiskeeperWorkstation\DKService.exe
c:\windows\System32\inetsrv\inetinfo.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\windows\System32\snmp.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-08-16 18:30:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-16 17:30
ComboFix2.txt 2010-08-14 22:59

Pre-Run: 61,813,751,808 bytes free
Post-Run: 61,611,388,928 bytes free

- - End Of File - - 806B789700EDCE1DE5678978B73753CD




Vino's Event Viewer v01c run on Windows XP in English
Report run at 16/08/2010 11:45:30 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/08/2010 11:35:44 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 11:34:14 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 11:22:17 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 11:22:13 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 11:22:10 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 11:22:06 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 11:22:02 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 11:14:06 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 11:11:43 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 11:11:40 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 11:11:35 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 11:11:32 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 9:33:04 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 9:32:14 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 9:32:10 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 9:32:07 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 9:32:03 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 9:31:59 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 9:31:56 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

Log: 'System' Date/Time: 16/08/2010 9:31:52 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\D, has a bad block.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/08/2010 8:27:12 PM
Type: warning Category: 0
Event: 101 Source: W3SVC
The server was unable to add the virtual root '/data' for the directory 'C:\Documents and Settings\Carl Conner\My Documents\My PhotoShows\HTML\A_WALK_IN_THE_GLENGARRIFF_WOOD\data' due to the following error: The system cannot find the path specified. The data is the error code. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft...ntredirect.asp.





Vino's Event Viewer v01c run on Windows XP in English
Report run at 16/08/2010 11:47:45 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/08/2010 11:10:07 PM
Type: error Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 16/08/2010 10:10:05 PM
Type: error Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

Log: 'Application' Date/Time: 16/08/2010 9:10:47 PM
Type: error Category: 0
Event: 20 Source: Google Update
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/08/2010 8:27:12 PM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 16/08/2010 8:27:12 PM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,463 posts
  • MVP
You still have a bad block showing in the event logs.
"The device, \Device\Harddisk0\D, has a bad block. "
This may indicate the hard drive is dying so make sure you backup any critical files. You can try running the Disk check one more time.


Delete the file:
c:\documents and settings\Carl Conner\Start Menu\Programs\Startup\TutorABC_helper.appref-ms

and that should get rid of the TutorABC error.

I would install the free Avast anti=virus and let it do a full scan.
http://www.avast.com...avast-home.html

Are you still unable to get on the internet?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP