Malware Infections (Ron T001Precisead)

Elzi · #1 14th Sep 2009, 14:19

Hi There

Please help I noticed some programs in my Add & remove programs tab which I don't recognize

1. Ron T001 Pricesead
2. Contextual Tool Pricesead
3. Search Assistant Pricesead

When I want to remove programs they say the system won't function properly.

I have followed all the steps on the malware removal guide. And they still appear in the add and remove programs list.

I started having problems on the 9th Sept '09 with annoying popups popping up even while not using the computer online.

Please can someone help me

Here is my logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/14/2009 at 09:47 PM

Application Version : 4.28.1010

Core Rules Database Version : 4099
Trace Rules Database Version: 2039

Scan type : Complete Scan
Total Scan Time : 01:05:55

Memory items scanned : 507
Memory threats detected : 0
Registry items scanned : 6980
Registry threats detected : 15
File items scanned : 23226
File threats detected : 7

Adware.Vundo/Variant-VS
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5B22B4FE-9E84-3CDA-C13F-1D3F21739DC1}
HKCR\CLSID\{5B22B4FE-9E84-3CDA-C13F-1D3F21739DC1}
HKCR\CLSID\{5B22B4FE-9E84-3CDA-C13F-1D3F21739DC1}
HKCR\CLSID\{5B22B4FE-9E84-3CDA-C13F-1D3F21739DC1}\InProcServer32
HKCR\CLSID\{5B22B4FE-9E84-3CDA-C13F-1D3F21739DC1}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\LTADSPQNYMOROIO.DLL
HKU\S-1-5-21-1993962763-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5B22B4FE-9E84-3CDA-C13F-1D3F21739DC1}
HKU\S-1-5-21-1993962763-1958367476-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98C5AF9A-A3EE-0AD6-6936-4DA5CD2087AA}
HKCR\CLSID\{98C5AF9A-A3EE-0AD6-6936-4DA5CD2087AA}
HKCR\CLSID\{98C5AF9A-A3EE-0AD6-6936-4DA5CD2087AA}
HKCR\CLSID\{98C5AF9A-A3EE-0AD6-6936-4DA5CD2087AA}\Implemented Categories
HKCR\CLSID\{98C5AF9A-A3EE-0AD6-6936-4DA5CD2087AA}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{98C5AF9A-A3EE-0AD6-6936-4DA5CD2087AA}\InProcServer32
HKCR\CLSID\{98C5AF9A-A3EE-0AD6-6936-4DA5CD2087AA}\InProcServer32#ThreadingModel
HKCR\CLSID\{98C5AF9A-A3EE-0AD6-6936-4DA5CD2087AA}\Programmable
HKU\S-1-5-21-1993962763-1958367476-725345543-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{98C5AF9A-A3EE-0AD6-6936-4DA5CD2087AA}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9485E57D-5961-409D-B6D4-00E673016B41}\RP912\A0301658.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt

Adware.Vundo/Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9485E57D-5961-409D-B6D4-00E673016B41}\RP918\A0305111.DLL

Trojan.Agent/Gen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9485E57D-5961-409D-B6D4-00E673016B41}\RP918\A0305112.EXE
C:\WINDOWS\SYSTEM32\QVQBIWGJJQELXXCVX.EXE
C:\WINDOWS\Prefetch\QVQBIWGJJQELXXCVX.EXE-32A677F4.pf

Malwarebytes' Anti-Malware 1.41
Database version: 2797
Windows 5.1.2600 Service Pack 3

9/14/2009 10:17:44 PM
mbam-log-2009-09-14 (22-17-44).txt

Scan type: Quick Scan
Objects scanned: 93839
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 6
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6dc9fcc9-1adc-9bab-bb96-e1d4fa20ff3d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6dc9fcc9-1adc-9bab-bb96-e1d4fa20ff3d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c3a13a-2c73-c124-4477-227decc3978f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88c3a13a-2c73-c124-4477-227decc3978f} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.mfc\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\registrysmart\microsoft.vc80.crt\(default) (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rjotpzcvfmfvddth (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Owner\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.CRT (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\RegistrySmart\Microsoft.VC80.MFC (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Nov 23 - 09_35_37 PM_484.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Log\2007 Nov 23 - 09_35_42 PM_859.log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\RegistrySmart\Registry Backups\2007-11-22_18-53-52.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d5d09eac-31e9-2272-b5e0-137eca817e02.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:11 PM, on 9/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PVSW\Bin\w3dbsmgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\juice.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityresponse.symantec.com.../fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityresponse.symantec.com.../fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://securityresponse.symantec.com.../fix_homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com.../fix_homepage/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe
O4 - Global Startup: Event Reminder.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxda_device - - C:\WINDOWS\system32\lxdacoms.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8072 bytes

Thanks

Elzi

**evilfantasy** · #2 15th Sep 2009, 10:59

Open HijackThis and select Do a system scan only

Vista users right click on HijackThis and select Run as Administrator. (you will receive a UAC prompt, please allow it)

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Elzi · #3 15th Sep 2009, 12:19

Hi Evilfantasy

Thanks for taking some time to help me out it's much appreciated

DDS (Ver_09-07-30.01) - NTFSx86
Run by Owner at 21:12:09.62 on Tue 09/15/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1215.666 [GMT 2:00]

AV: avast! antivirus 4.8.1351 [VPS 090914-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
svchost.exe
C:\PVSW\Bin\w3dbsmgr.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdacoms.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.za/
mDefault_Page_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mDefault_Search_URL = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mSearch Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Samsung LBP SM] "c:\windows\samsung\lasersmmgr\ssmmgr.exe" /autorun
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\pervas~1.lnk - c:\pvsw\bin\w3dbsmgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster greeting cards\pmremind.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-3-24 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-13 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-3-24 13696]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-13 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-13 138680]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-25 55152]
R2 lxda_device;lxda_device;c:\windows\system32\lxdacoms.exe -service --> c:\windows\system32\lxdacoms.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-13 352920]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 NPF;Netgroup Packet Filter; [x]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]

=============== Created Last 30 ================

2009-09-14 23:03 <DIR> --d----- c:\program files\Trend Micro
2009-09-14 22:41 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-14 22:08 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-09-14 22:08 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-14 22:08 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-14 22:08 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-14 22:08 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-14 20:34 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-14 20:34 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-14 20:34 <DIR> --d----- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-09-14 20:33 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-14 20:17 <DIR> --d----- c:\program files\CCleaner
2009-09-13 22:30 272 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-09-11 20:38 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-11 20:37 <DIR> --d----- c:\program files\PC Tools AntiVirus
2009-09-11 20:02 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-09-11 20:00 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-09-11 20:00 <DIR> --d----- c:\program files\common files\iS3
2009-09-10 21:10 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Avanquest
2009-09-10 21:10 <DIR> --d----- c:\program files\Avanquest update
2009-09-10 21:08 <DIR> --d----- c:\program files\Avanquest
2009-09-10 20:57 <DIR> --d----- c:\program files\Flash Slideshow Maker Professional
2009-09-10 03:39 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-09 22:53 58,334 a------- c:\windows\system32\u_ltadspqnymoroio.dll.exe
2009-09-09 22:28 <DIR> --d----- c:\program files\Coral Draw
2009-09-09 22:27 101,377 a------- c:\windows\system32\8ac7adc0-f5d1-6a38-3d75-068e807274ae.exe
2009-09-05 07:47 <DIR> --d----- c:\docume~1\owner\applic~1\Reg Tool
2009-09-05 07:47 <DIR> --d----- c:\program files\Reg Tool
2009-08-23 11:52 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-08-23 11:49 <DIR> --d--r-- c:\program files\Skype
2009-08-22 07:07 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-22 07:07 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-22 07:07 14,640 -------- c:\windows\system32\spmsgXP_2k3.dll

==================== Find3M ====================

2009-09-14 22:41 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-14 11:24 290,912 a------- c:\windows\xcopy.bin
2009-08-05 11:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 21:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 19:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 10:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 10:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 10:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 10:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 10:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 10:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-03 17:57 15,740 a------- c:\program files\Razor090603-175747.txt
2007-07-25 11:02 24,095 ac------ c:\program files\Castle Spikes.. (400 x 300).jpg
2009-06-05 19:02 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-06-05 19:02 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-06-05 19:01 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009060520090606\index.dat
2009-06-05 19:02 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 21:12:46.84 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/24/2007 3:11:33 AM
System Uptime: 9/14/2009 10:53:36 PM (23 hours ago)

Motherboard: | | P4M800P-8237
Processor: Intel(R) Celeron(R) CPU 2.66GHz | Socket 775 | 2672/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 38.737 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP815: 6/18/2009 1:11:29 AM - System Checkpoint
RP816: 6/19/2009 2:11:12 AM - System Checkpoint
RP817: 6/20/2009 3:11:12 AM - System Checkpoint
RP818: 6/21/2009 4:11:12 AM - System Checkpoint
RP819: 6/22/2009 7:17:25 AM - System Checkpoint
RP820: 6/23/2009 7:31:06 AM - System Checkpoint
RP821: 6/23/2009 10:16:03 PM - Installed Windows Rights Management Client with Service Pack 2
RP822: 6/24/2009 10:31:08 PM - System Checkpoint
RP823: 6/25/2009 11:26:25 PM - System Checkpoint
RP824: 6/27/2009 12:27:30 AM - System Checkpoint
RP825: 6/28/2009 1:26:24 AM - System Checkpoint
RP826: 6/29/2009 2:26:24 AM - System Checkpoint
RP827: 6/30/2009 3:26:25 AM - System Checkpoint
RP828: 7/1/2009 4:25:33 AM - System Checkpoint
RP829: 7/2/2009 4:28:03 AM - System Checkpoint
RP830: 7/5/2009 3:57:15 PM - System Checkpoint
RP831: 7/6/2009 4:31:26 PM - System Checkpoint
RP832: 7/7/2009 5:56:08 PM - System Checkpoint
RP833: 7/8/2009 6:30:58 PM - System Checkpoint
RP834: 7/9/2009 6:54:59 PM - System Checkpoint
RP835: 7/9/2009 7:22:12 PM - Installed Driver Detective.
RP836: 7/10/2009 7:30:58 PM - System Checkpoint
RP837: 7/11/2009 8:30:59 PM - System Checkpoint
RP838: 7/12/2009 9:30:59 PM - System Checkpoint
RP839: 7/13/2009 8:16:02 AM - Removed Driver Detective.
RP840: 7/14/2009 8:30:59 AM - System Checkpoint
RP841: 7/15/2009 9:30:41 AM - System Checkpoint
RP842: 7/15/2009 8:00:23 PM - Software Distribution Service 3.0
RP843: 7/16/2009 8:30:41 PM - System Checkpoint
RP844: 7/17/2009 9:30:42 PM - System Checkpoint
RP845: 7/18/2009 10:30:41 PM - System Checkpoint
RP846: 7/19/2009 10:31:46 PM - System Checkpoint
RP847: 7/20/2009 10:48:40 PM - System Checkpoint
RP848: 7/21/2009 11:49:28 PM - System Checkpoint
RP849: 7/22/2009 8:00:18 PM - Software Distribution Service 3.0
RP850: 7/23/2009 9:56:50 PM - System Checkpoint
RP851: 7/24/2009 10:48:23 PM - System Checkpoint
RP852: 7/25/2009 11:48:23 PM - System Checkpoint
RP853: 7/27/2009 12:20:13 AM - System Checkpoint
RP854: 7/28/2009 1:20:12 AM - System Checkpoint
RP855: 7/29/2009 2:20:12 AM - System Checkpoint
RP856: 7/29/2009 8:00:16 PM - Software Distribution Service 3.0
RP857: 7/29/2009 10:45:49 PM - Installed AVG 8.5
RP858: 7/30/2009 11:10:11 PM - System Checkpoint
RP859: 7/31/2009 8:26:27 AM - Avg8 Update
RP860: 7/31/2009 8:30:43 AM - Avg8 Update
RP861: 7/31/2009 8:00:17 PM - Software Distribution Service 3.0
RP862: 8/1/2009 8:49:16 PM - System Checkpoint
RP863: 8/2/2009 9:09:43 PM - System Checkpoint
RP864: 8/3/2009 11:07:21 PM - System Checkpoint
RP865: 8/4/2009 11:09:44 PM - System Checkpoint
RP866: 8/6/2009 12:09:44 AM - System Checkpoint
RP867: 8/7/2009 12:10:49 AM - System Checkpoint
RP868: 8/7/2009 8:00:17 PM - Software Distribution Service 3.0
RP869: 8/7/2009 9:42:22 PM - Printer Driver Microsoft XPS Document Writer Installed
RP870: 8/8/2009 8:00:16 PM - Software Distribution Service 3.0
RP871: 8/9/2009 9:13:30 PM - System Checkpoint
RP872: 8/10/2009 10:55:02 PM - System Checkpoint
RP873: 8/11/2009 11:45:12 PM - System Checkpoint
RP874: 8/12/2009 8:00:27 PM - Software Distribution Service 3.0
RP875: 8/13/2009 9:40:28 AM - Avg8 Update
RP876: 8/13/2009 9:42:35 AM - Avg8 Update
RP877: 8/14/2009 10:32:48 AM - System Checkpoint
RP878: 8/15/2009 10:50:06 AM - System Checkpoint
RP879: 8/16/2009 11:08:42 AM - System Checkpoint
RP880: 8/17/2009 12:08:29 PM - System Checkpoint
RP881: 8/18/2009 1:08:33 PM - System Checkpoint
RP882: 8/19/2009 2:11:44 PM - System Checkpoint
RP883: 8/19/2009 8:00:16 PM - Software Distribution Service 3.0
RP884: 8/20/2009 8:44:38 PM - System Checkpoint
RP885: 8/21/2009 9:14:22 PM - System Checkpoint
RP886: 8/22/2009 7:07:33 AM - Installed Windows XP Wdf01007.
RP887: 8/23/2009 8:01:29 AM - System Checkpoint
RP888: 8/24/2009 8:09:22 AM - System Checkpoint
RP889: 8/25/2009 9:01:12 AM - System Checkpoint
RP890: 8/26/2009 10:02:18 AM - System Checkpoint
RP891: 8/26/2009 8:00:17 PM - Software Distribution Service 3.0
RP892: 8/27/2009 8:35:17 PM - System Checkpoint
RP893: 8/28/2009 10:24:21 PM - System Checkpoint
RP894: 8/29/2009 10:55:12 PM - System Checkpoint
RP895: 8/30/2009 8:11:59 PM - Removed AVG 8.5
RP896: 8/30/2009 8:13:28 PM - Installed AVG 8.5
RP897: 8/31/2009 8:19:48 PM - System Checkpoint
RP898: 9/1/2009 9:20:53 PM - System Checkpoint
RP899: 9/2/2009 10:18:16 PM - System Checkpoint
RP900: 9/3/2009 10:20:30 PM - System Checkpoint
RP901: 9/4/2009 11:19:25 PM - System Checkpoint
RP902: 9/5/2009 7:47:03 AM - Installed Reg Tool
RP903: 9/5/2009 8:13:53 AM - Removed Reg Tool
RP904: 9/5/2009 8:15:45 AM - Removed Google Earth.
RP905: 9/6/2009 7:08:59 PM - System Checkpoint
RP906: 9/7/2009 9:36:20 PM - System Checkpoint
RP907: 9/8/2009 8:43:03 PM - Installed Web Easy Professional
RP908: 9/9/2009 11:09:49 PM - System Checkpoint
RP909: 9/10/2009 8:00:23 PM - Software Distribution Service 3.0
RP910: 9/10/2009 9:02:47 PM - Removed Web Easy Professional
RP911: 9/10/2009 9:08:37 PM - Installed Web Easy Professional
RP912: 9/11/2009 8:00:44 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP913: 9/12/2009 8:17:01 PM - System Checkpoint
RP914: 9/13/2009 9:16:27 PM - Removed AVG Identity Protection.
RP915: 9/13/2009 9:28:32 PM - Removed Nokia Music.
RP916: 9/13/2009 9:29:20 PM - Removed Nokia Connectivity Cable Driver
RP917: 9/13/2009 9:30:44 PM - Removed Nokia Download!.
RP918: 9/13/2009 10:32:29 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP919: 9/14/2009 8:34:12 PM - Installed SUPERAntiSpyware Free Edition
RP920: 9/14/2009 10:40:14 PM - Removed Java(TM) 6 Update 11
RP921: 9/14/2009 10:41:12 PM - Installed Java(TM) 6 Update 16

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.3
Avanquest update
avast! Antivirus
Billion 400G
Business Online
Camera RAW Plug-In for EPSON Creativity Suite
CCleaner (remove only)
Choice Guard
ClickArt 50,000
Contextual Tool Precisead
Critical Update for Windows Media Player 11 (KB959772)
CX4300_5500_DX4400 manual
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
FileZilla Client 3.2.2.1
Flash Slideshow Maker Pro 4.87
Garmin MapInstall
Garmin WebUpdater
Google Chrome
Google Updater
Greeting Cards Deluxe
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iQue - Worldwide Basemap
IrfanView (remove only)
Java(TM) 6 Update 16
Junk Mail filter update
Lexmark 640 Series
LimeWire 4.18.8
LiveUpdate 1.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Nero Suite
Nokia Multimedia Common Components 2.4
Nokia NSeries One Touch Access
Nokia NSeries One Touch Access 6.84.2114
Nokia Ovi Application Installer
Nokia Ovi Application Installer 6.85.3011
Nokia Ovi Content Copier
Nokia Ovi Content Copier 6.85.3011
Nokia Ovi Suite
Nokia Ovi System Utilities
Nokia Ovi System Utilities 6.85.3018
Nokia Photos
Nokia Software Updater
OGA Notifier 1.7.0105.35.0
Pastel Xpress 2007
PC Connectivity Solution
Pervasive System Analyzer
Pervasive.SQL V8 Workgroup (v8.6)
PHP Form Wizard 1.2.5 demo
PIXresizer 2.0.4
Platform
PowerDVD
Realtek AC'97 Audio
RON Too1 Precisead
Samsung ML-1710 Series
Samsung PC Studio
Search Assistant Precisead
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Shockwave
Skypeâ„¢ 4.1
SUPERAntiSpyware Free Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB934391)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver 6.14.10.0331
Web Easy Professional
Web Easy Professional 7
WebFldrs XP
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows XP Service Pack 3
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

9/14/2009 6:29:52 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
9/14/2009 6:29:52 AM, error: Service Control Manager [7000] - The avast! Mail Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/14/2009 10:56:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
9/14/2009 10:56:19 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/14/2009 10:23:27 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
9/13/2009 9:51:29 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
9/13/2009 10:34:28 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
9/13/2009 10:31:03 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
9/13/2009 10:28:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde ViaIde

==== End Of File ===========================

**evilfantasy** · #4 15th Sep 2009, 13:50

Your welcome.

Go to Add or Remove Programs and uninstall:

LiveUpdate 1.6 (Symantec Corporation)
RON Too1 Precisead
Search Assistant Precisead

----------

Download the Norton Removal Tool (SymNRT) to your desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

* Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.
* Once open Click Next
* Accept the license agreement and click Next
* Type in the letters/numbers that you see into the text box then click Next.
* Then click Next and the tool will start running.
* Once finished restart the PC.
* Delete the 'Norton_Removal_Tool' from your desktop.

----------

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

----------

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFixÂ© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

DDS::
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Folder::
c:\program files\avg
c:\docume~1\alluse~1\applic~1\SITEguard
c:\docume~1\alluse~1\applic~1\STOPzilla!
c:\program files\common files\iS3
c:\docume~1\owner\applic~1\Reg Tool
c:\program files\Reg Tool

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Elzi · #5 16th Sep 2009, 13:18

Hi Evilfantasy

Here is the 1st half of my Combofix log - The forumsays it's too large so I had to split it in half

ComboFix 09-09-14.02 - Owner 09/16/2009 21:39.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1215.756 [GMT 2:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090916-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ADS - system32: deleted 142 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\alluse~1\applic~1\SITEguard
c:\docume~1\alluse~1\applic~1\SITEguard\siteguard.db
c:\docume~1\alluse~1\applic~1\STOPzilla!
c:\docume~1\alluse~1\applic~1\STOPzilla!\modules_scanned.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\modules_scanned.db.bak
c:\docume~1\alluse~1\applic~1\STOPzilla!\scanner.log
c:\docume~1\alluse~1\applic~1\STOPzilla!\sgdefs.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\sgdwc.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\sgupdater.log
c:\docume~1\alluse~1\applic~1\STOPzilla!\userdata.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\zilla5.log
c:\docume~1\owner\applic~1\Reg Tool
c:\docume~1\owner\applic~1\Reg Tool\Logs\2009-09-05 07-47-170.log
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\filelist.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-0.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-1.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-10.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-100.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-101.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-102.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-103.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-104.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-105.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-106.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-107.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-108.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-109.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-11.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-110.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-111.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-112.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-113.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-114.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-115.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-116.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-117.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-118.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-119.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-12.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-120.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-121.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-122.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-123.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-124.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-125.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-126.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-127.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-128.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-129.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-13.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-130.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-131.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-132.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-133.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-134.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-135.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-136.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-137.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-138.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-139.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-14.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-140.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-141.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-142.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-143.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-144.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-145.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-146.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-147.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-148.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-149.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-15.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-150.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-151.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-152.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-153.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-154.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-155.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-156.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-157.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-158.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-159.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-16.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-160.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-161.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-162.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-163.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-164.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-165.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-166.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-167.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-168.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-169.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-17.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-170.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-171.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-172.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-173.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-174.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-175.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-176.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-177.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-178.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-179.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-18.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-180.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-181.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-182.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-183.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-184.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-185.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-186.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-187.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-188.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-189.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-19.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-190.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-191.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-192.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-193.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-194.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-195.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-196.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-197.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-198.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-199.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-2.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-20.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-200.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-201.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-202.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-203.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-204.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-205.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-206.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-207.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-208.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-209.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-21.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-210.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-211.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-212.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-213.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-214.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-215.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-216.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-217.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-218.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-219.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-22.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-220.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-221.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-222.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-223.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-224.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-225.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-226.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-227.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-228.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-229.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-23.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-230.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-231.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-232.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-233.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-234.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-235.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-236.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-237.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-238.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-239.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-24.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-240.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-241.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-242.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-243.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-244.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-245.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-246.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-247.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-248.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-249.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-25.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-250.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-251.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-252.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-253.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-254.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-255.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-256.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-257.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-258.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-259.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-26.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-260.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-261.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-262.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-263.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-264.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-265.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-266.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-267.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-268.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-269.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-27.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-270.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-271.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-272.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-273.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-274.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-275.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-276.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-277.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-278.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-279.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-28.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-280.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-281.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-282.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-283.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-284.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-285.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-286.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-287.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-288.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-289.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-29.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-290.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-291.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-292.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-293.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-294.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-295.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-296.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-297.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-298.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-299.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-3.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-30.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-300.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-301.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-302.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-303.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-304.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-305.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-306.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-307.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-308.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-309.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-31.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-310.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-311.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-312.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-313.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-314.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-315.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-316.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-317.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-318.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-319.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-32.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-320.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-321.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-322.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-323.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-324.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-325.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-326.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-327.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-328.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-329.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-33.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-330.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-331.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-332.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-333.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-334.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-335.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-336.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-337.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-338.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-339.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-34.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-340.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-341.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-342.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-343.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-344.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-345.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-346.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-347.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-348.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-349.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-35.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-350.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-351.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-352.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-353.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-354.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-355.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-356.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-357.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-358.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-359.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-36.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-360.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-361.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-362.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-363.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-364.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-365.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-366.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-367.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-37.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-38.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-39.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-4.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-40.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-41.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-42.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-43.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-44.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-45.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-46.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-47.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-48.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-49.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-5.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-50.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-51.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-52.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-53.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-54.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-55.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-56.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-57.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-58.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-59.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-6.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-60.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-61.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-62.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-63.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-64.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-65.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-66.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-67.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-68.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-69.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-7.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-70.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-71.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-72.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-73.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-74.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-75.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-76.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-77.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-78.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-79.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-8.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-80.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-81.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-82.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-83.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-84.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-85.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-86.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-87.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-88.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-89.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-9.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-90.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-91.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-92.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-93.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-94.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-95.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-96.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-97.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-98.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-54-120\regb-99.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file0.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file1.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file10.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file100.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file101.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file102.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file103.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file104.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file105.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file106.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file107.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file108.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file109.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file11.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file110.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file111.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file112.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file12.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file13.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file14.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file15.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file16.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file17.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file18.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file19.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file2.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file20.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file21.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file22.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file23.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file24.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file25.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file26.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file27.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file28.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file29.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file3.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file30.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file31.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file32.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file33.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file34.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file35.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file36.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file37.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file38.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file39.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file4.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file40.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file41.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file42.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file43.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file44.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file45.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file46.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file47.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file48.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file49.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file5.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file50.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file51.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file52.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file53.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file54.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file55.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file56.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file57.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file58.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file59.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file6.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file60.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file61.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file62.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file63.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file64.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file65.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file66.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file67.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file68.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file69.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file7.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file70.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file71.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file72.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file73.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file74.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file75.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file76.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file77.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file78.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file79.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file8.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file80.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file81.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file82.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file83.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file84.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file85.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file86.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file87.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file88.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file89.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file9.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file90.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file91.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file92.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file93.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file94.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file95.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file96.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file97.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file98.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\file99.db

Elzi · #6 16th Sep 2009, 13:21

ok here is the second half - hope it's fine split!

c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\filelist.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-0.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-1.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-10.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-100.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-101.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-102.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-103.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-104.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-105.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-106.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-107.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-108.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-109.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-11.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-110.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-111.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-112.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-113.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-114.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-115.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-116.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-117.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-118.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-119.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-12.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-120.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-121.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-122.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-123.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-124.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-125.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-126.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-127.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-128.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-129.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-13.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-130.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-131.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-132.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-133.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-134.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-135.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-136.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-137.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-138.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-139.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-14.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-140.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-141.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-142.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-143.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-144.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-145.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-146.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-147.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-148.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-149.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-15.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-150.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-151.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-152.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-153.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-154.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-155.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-156.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-157.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-158.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-159.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-16.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-160.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-161.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-162.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-163.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-164.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-165.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-166.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-17.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-18.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-19.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-2.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-20.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-21.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-22.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-23.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-24.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-25.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-26.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-27.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-28.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-29.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-3.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-30.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-31.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-32.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-33.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-34.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-35.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-36.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-37.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-38.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-39.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-4.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-40.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-41.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-42.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-43.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-44.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-45.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-46.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-47.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-48.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-49.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-5.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-50.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-51.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-52.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-53.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-54.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-55.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-56.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-57.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-58.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-59.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-6.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-60.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-61.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-62.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-63.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-64.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-65.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-66.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-67.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-68.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-69.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-7.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-70.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-71.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-72.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-73.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-74.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-75.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-76.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-77.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-78.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-79.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-8.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-80.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-81.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-82.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-83.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-84.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-85.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-86.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-87.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-88.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-89.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-9.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-90.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-91.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-92.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-93.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-94.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-95.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-96.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-97.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-98.db
c:\docume~1\owner\applic~1\Reg Tool\QuarantineW\2009-09-05 07-58-070\regb-99.db
c:\docume~1\owner\applic~1\Reg Tool\Results\Evidence.db
c:\docume~1\owner\applic~1\Reg Tool\Results\Junk.db
c:\docume~1\owner\applic~1\Reg Tool\Results\Registry.db
c:\docume~1\owner\applic~1\Reg Tool\Results\Update.db
c:\docume~1\owner\applic~1\Reg Tool\spy_ignore.db
c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3CDE3168-925F-417C-8EFB-CC93E2A23C34}\PalmDesktopShortcut.exe
c:\documents and settings\Owner\Application Data\Microsoft\Installer\{3CDE3168-925F-417C-8EFB-CC93E2A23C34}\PalmExe
c:\program files\avg
c:\program files\common files\iS3
c:\program files\common files\iS3\Anti-Spyware\phishing.rsf
c:\program files\common files\iS3\Anti-Spyware\sgdfull.rsf
c:\program files\driver
c:\program files\Reg Tool
c:\program files\Reg Tool\PW\general.html
c:\program files\Reg Tool\PW\optimizations.html
c:\program files\Reg Tool\PW\optimizationsxp.html
c:\program files\Reg Tool\PW\privacy.html
c:\program files\Reg Tool\PW\scheduler.html
c:\program files\Reg Tool\PW\wizard.css
c:\windows\Installer\20c901.msi
c:\windows\Installer\9dbfb1e.msi
c:\windows\system32\166521.dat
c:\windows\system32\azip32.dll
c:\windows\system32\dzgtactx.dll
c:\windows\system32\FTPx.dll
c:\windows\system32\MabryObj.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KAVSYS
-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-08-16 to 2009-09-16 )))))))))))))))))))))))))))))))
.

2009-09-16 18:39 . 2009-09-16 18:39 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-09-16 17:55 . 2006-09-06 08:54 11520 ----a-r- c:\windows\system32\drivers\WDMSTUB.sys
2009-09-14 21:03 . 2009-09-14 21:03 -------- d-----w- c:\program files\Trend Micro
2009-09-14 20:41 . 2009-09-14 20:41 -------- d-----w- c:\program files\Java
2009-09-14 20:08 . 2009-09-14 20:08 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-14 20:08 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-14 20:08 . 2009-09-14 20:08 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-14 20:08 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-14 20:08 . 2009-09-14 20:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-14 18:34 . 2009-09-14 18:34 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-14 18:34 . 2009-09-14 18:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-14 18:34 . 2009-09-14 18:34 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-09-14 18:33 . 2009-09-14 18:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-14 18:17 . 2009-09-14 18:17 -------- d-----w- c:\program files\CCleaner
2009-09-13 20:36 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-13 20:36 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-13 20:36 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-13 20:36 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-13 20:36 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-13 20:36 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-13 20:36 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-13 20:36 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-13 20:35 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-13 20:35 . 2009-09-13 20:35 -------- d-----w- c:\program files\Alwil Software
2009-09-11 18:37 . 2009-09-13 20:27 -------- d-----w- c:\program files\PC Tools AntiVirus
2009-09-10 19:10 . 2009-09-10 19:10 -------- dc----w- c:\documents and settings\All Users\Application Data\Avanquest
2009-09-10 19:10 . 2009-09-10 19:10 -------- d-----w- c:\program files\Avanquest update
2009-09-10 19:10 . 2009-09-10 19:10 -------- dc----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-09-10 19:08 . 2009-09-10 19:08 -------- d-----w- c:\program files\Avanquest
2009-09-10 18:57 . 2009-09-10 18:58 -------- d-----w- c:\program files\Flash Slideshow Maker Professional
2009-09-10 01:39 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 20:53 . 2009-09-12 05:27 58334 ----a-w- c:\windows\system32\u_ltadspqnymoroio.dll.exe
2009-09-09 20:28 . 2009-09-09 20:28 -------- d-----w- c:\program files\Coral Draw
2009-08-23 09:52 . 2009-08-23 09:52 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-23 09:52 . 2009-09-16 19:16 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2009-08-23 09:50 . 2009-09-16 19:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2009-08-23 09:49 . 2009-08-23 09:49 -------- d-----w- c:\program files\Common Files\Skype
2009-08-23 09:49 . 2009-08-23 09:49 -------- d-----r- c:\program files\Skype
2009-08-23 09:49 . 2009-08-23 09:49 -------- dc----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-22 05:07 . 2008-03-21 11:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-16 19:10 . 2009-02-27 21:53 -------- dc--a-w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-16 17:59 . 2007-03-24 15:03 -------- d---a-w- c:\program files\DIFX
2009-09-16 17:59 . 2007-09-03 17:12 -------- d---a-w- c:\program files\Garmin
2009-09-16 17:55 . 2007-03-24 13:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-16 04:49 . 2007-03-24 14:57 290912 ----a-w- c:\windows\xcopy.bin
2009-09-14 20:41 . 2009-04-25 20:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-13 20:30 . 2009-09-13 20:30 272 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-09-13 19:54 . 2009-02-12 19:09 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-13 19:30 . 2009-01-16 16:41 -------- d---a-w- c:\program files\Nokia
2009-09-13 19:21 . 2007-03-25 14:58 -------- d---a-w- c:\program files\Microsoft ActiveSync
2009-09-13 19:19 . 2009-01-16 16:50 -------- d---a-w- c:\program files\SimpleCenter
2009-09-13 19:18 . 2009-05-08 07:19 -------- d-----w- c:\program files\Google
2009-09-11 23:32 . 2009-03-12 20:41 -------- d---a-w- c:\documents and settings\Owner\Application Data\FileZilla
2009-09-10 18:10 . 2009-04-25 16:54 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 18:09 . 2009-04-25 20:14 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2009-09-10 18:01 . 2009-03-24 17:52 -------- dc--a-w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-30 18:13 . 2009-07-29 20:45 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-22 05:07 . 2009-08-22 05:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-08-22 05:07 . 2009-08-22 05:07 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-19 19:38 . 2007-07-25 09:00 -------- d---a-w- c:\program files\PIXresizer
2009-08-15 15:48 . 2009-08-15 15:47 -------- d-----w- c:\program files\PHP Form Wizard
2009-08-15 11:00 . 2007-06-19 16:07 -------- d---a-w- c:\program files\IrfanView
2009-08-14 04:58 . 2009-09-11 18:38 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-12 18:54 . 2008-01-01 07:48 -------- d---a-w- c:\program files\Common Files\Adobe
2009-08-08 08:47 . 2007-03-24 01:13 94240 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 13:13 . 2009-03-04 11:11 -------- d---a-w- c:\program files\Common Files\Nokia
2009-07-30 18:59 . 2009-07-30 18:59 -------- dc----w- c:\documents and settings\All Users\Application Data\NokiaMusic
2009-07-29 21:00 . 2009-04-25 18:18 -------- dc----w- c:\documents and settings\All Users\Application Data\Norton
2009-07-29 20:49 . 2007-03-24 15:02 -------- dc--a-w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-02-28 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2006-02-28 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-02-28 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-02-28 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-02-28 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2006-02-28 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2006-02-28 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-03 15:57 . 2009-06-03 15:57 15740 ----a-w- c:\program files\Razor090603-175747.txt
2007-07-25 09:02 . 2007-07-25 09:02 24095 -c--a-w- c:\program files\Castle Spikes.. (400 x 300).jpg
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-08 39408]
"Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-16 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"Samsung LBP SM"="c:\windows\Samsung\LaserSMMgr\ssmmgr.exe" [2003-04-04 266240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-08-03 577536]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Pervasive.SQL Workgroup Engine.lnk - c:\pvsw\Bin\w3dbsmgr.exe [2006-10-16 106546]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster Greeting Cards\pmremind.exe [2008-6-4 331776]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Live\\Mail\\wlmail.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Pervasive Software Shared\\PSA\\psawizrd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Common Files\\Broderbund\\Advanced Drawing\\advdraw.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=
"c:\\WINDOWS\\system32\\lxdacoms.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [3/24/2007 3:17 PM 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/13/2009 10:36 PM 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [3/24/2007 3:14 AM 13696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/13/2009 10:36 PM 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [4/25/2009 6:53 PM 55152]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2006-02-28 00:12]

2009-09-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 17:23]

2009-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1958367476-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-16 11:07]

2009-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1958367476-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-16 11:07]

2009-09-16 c:\windows\Tasks\User_Feed_Synchronization-{6AC1CCD7-4428-4B40-B36C-2BEB2935E8C4}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.za/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-SITEguard - (no file)
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-{76E41F43-59D2-4F30-BA42-9A762EE1E8DE} - c:\program files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-16 21:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-1958367476-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1120)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxdacoms.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-09-16 21:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-16 19:58

Pre-Run: 41,234,432,000 bytes free
Post-Run: 41,161,515,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

933 --- E O F --- 2009-09-10 18:03

**evilfantasy** · #7 16th Sep 2009, 15:03

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

How is the computer running now?

Elzi · #8 19th Sep 2009, 03:52

Hi there Evilfantasy

Sorry for the delay it's been a hectic week. I've just completed the final steps and evrything seems to be back to normal.

I haven't had any weird popups on my pc and I don't see any unfamiliar programs on my programs list.

Thanks once again for your quick friendly help it's much appreciated.

I do however have another old problem on this specific pc. It's been here4 forever something small I don't know if you can help or should I post a new forum under another section.

Everytime I start the pc and windows open I get a notebook message that opens up with the following :

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

I know it's got something todo with configuration settings. How do I fix this it's kinda anoying to close it everytime I restart.

Thanks

Elzi

**evilfantasy** · #9 19th Sep 2009, 14:31

There is some information here on that message. http://support.microsoft.com/kb/330132

Let me know if that doesn't help any and I will look around some more.

----------

Final suggestions...

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

Make sure all of your security programs are up to date and run scans with them regularly.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
HJT and MBAM Reveal Infections, Help Evilfantasy!	inflames	Virus, Spyware & Security	11	17th Mar 2009 10:16
Damage done following virus infections - registry errors, among others	amy	Virus, Spyware & Security	16	1st Feb 2009 14:16
Help with malware removal	joeshcosmo	Virus, Spyware & Security	3	22nd Jan 2009 11:48
MBAM reveals Infections	inflames	Virus, Spyware & Security	13	15th Dec 2008 20:06
Malware log	antbann	Virus, Spyware & Security	4	1st Mar 2008 14:31