Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojanhorse Downloader Infection/ Redirects


  • This topic is locked This topic is locked
31 replies to this topic

#1 rascott

rascott

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 PM

Posted 25 October 2010 - 02:55 PM

Before I screw anything up I have learned to ask of advice.
My computer is infected with multiple trojans and also the Google Jump & Redirect Viruses. While scanning with AVG, one time it notified me that I was infected with Trojanhorse Downloader Small HLN, Trojanhourse PSW.Generic8.YUY and Generac 18.ANZA. Google redirects. It said that each trojan had two occurances; one that it quaranteed and one that was inaccessable. Upon opening an error states: Error loading c\windows\momine.dll
Ran CHKDSK which stated errors fixed, but not all I assume.

Please advise.

While reading others trouble shooting I saw that a DDS LOG is often asked for so I include it(run on 10/22/2010):


DDS (Ver_10-10-21.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/1/2010 10:40:12 PM
System Uptime: 10/22/2010 11:38:16 PM

Motherboard: | | K8M800-8237
Processor: AMD Sempron™ Processor 3000+ | Socket 754 | 1799/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 59.455 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP15: 7/26/2010 10:11:47 AM - System Checkpoint
RP16: 7/27/2010 10:13:56 AM - System Checkpoint
RP17: 7/28/2010 12:12:32 PM - System Checkpoint
RP18: 7/29/2010 2:43:17 PM - System Checkpoint
RP19: 7/30/2010 2:54:40 PM - System Checkpoint
RP20: 8/2/2010 10:09:34 AM - System Checkpoint
RP21: 8/4/2010 11:45:42 AM - System Checkpoint
RP22: 8/5/2010 1:42:43 PM - System Checkpoint
RP23: 8/9/2010 9:21:39 AM - System Checkpoint
RP24: 8/10/2010 11:19:22 AM - System Checkpoint
RP25: 8/11/2010 2:30:11 PM - System Checkpoint
RP26: 8/12/2010 2:51:14 PM - System Checkpoint
RP27: 8/14/2010 10:22:56 AM - System Checkpoint
RP28: 8/15/2010 11:16:45 AM - System Checkpoint
RP29: 8/16/2010 12:52:22 PM - Avg Update
RP30: 8/17/2010 2:15:53 PM - System Checkpoint
RP31: 8/18/2010 2:19:17 PM - System Checkpoint
RP32: 8/19/2010 3:27:08 PM - System Checkpoint
RP33: 8/23/2010 12:16:05 PM - System Checkpoint
RP34: 8/24/2010 1:41:44 PM - System Checkpoint
RP35: 8/25/2010 2:07:41 PM - System Checkpoint
RP36: 8/26/2010 2:23:35 PM - System Checkpoint
RP37: 8/27/2010 4:55:13 PM - System Checkpoint
RP38: 8/28/2010 4:59:00 PM - System Checkpoint
RP39: 8/29/2010 5:31:05 PM - System Checkpoint
RP40: 8/30/2010 6:31:06 PM - System Checkpoint
RP41: 8/31/2010 7:31:06 PM - System Checkpoint
RP42: 9/1/2010 8:30:27 PM - System Checkpoint
RP43: 9/5/2010 1:49:45 PM - System Checkpoint
RP44: 9/6/2010 2:00:52 PM - System Checkpoint
RP45: 9/7/2010 2:41:11 PM - System Checkpoint
RP46: 9/8/2010 3:57:26 PM - System Checkpoint
RP47: 9/10/2010 10:18:31 AM - System Checkpoint
RP48: 9/11/2010 10:42:28 AM - System Checkpoint
RP49: 9/13/2010 9:52:21 AM - System Checkpoint
RP50: 9/23/2010 6:55:17 AM - Avg Update
RP51: 9/23/2010 6:59:59 AM - Avg Update
RP52: 9/24/2010 7:55:15 AM - System Checkpoint
RP53: 9/25/2010 8:35:27 AM - System Checkpoint
RP54: 9/26/2010 9:34:51 AM - System Checkpoint
RP55: 9/27/2010 11:15:34 AM - System Checkpoint
RP56: 9/28/2010 11:35:32 AM - System Checkpoint
RP57: 9/29/2010 1:16:03 PM - System Checkpoint
RP58: 9/30/2010 3:13:06 PM - System Checkpoint
RP59: 10/4/2010 9:38:04 AM - System Checkpoint
RP60: 10/4/2010 11:01:10 AM - Avg Update
RP61: 10/5/2010 1:51:08 PM - System Checkpoint
RP62: 10/6/2010 1:55:05 PM - System Checkpoint
RP63: 10/7/2010 2:12:31 PM - System Checkpoint
RP64: 10/8/2010 4:00:31 PM - System Checkpoint
RP65: 10/9/2010 4:16:54 PM - System Checkpoint
RP66: 10/10/2010 5:16:34 PM - System Checkpoint
RP67: 10/11/2010 6:21:52 PM - System Checkpoint
RP68: 10/12/2010 6:45:40 PM - System Checkpoint
RP69: 10/13/2010 7:37:48 PM - System Checkpoint
RP70: 10/14/2010 8:37:49 PM - System Checkpoint
RP71: 10/16/2010 9:54:23 AM - System Checkpoint
RP72: 10/17/2010 10:04:40 AM - System Checkpoint
RP73: 10/18/2010 3:29:56 PM - System Checkpoint
RP74: 10/19/2010 11:38:57 AM - Installed Java™ 6 Update 22
RP75: 10/19/2010 11:41:13 AM - Installed MSN Toolbar Setup
RP76: 10/20/2010 12:04:29 PM - System Checkpoint
RP77: 10/21/2010 3:25:53 PM - System Checkpoint
RP78: 10/23/2010 1:48:36 AM - System Checkpoint

==== Installed Programs ======================

5600
5600_Help
5600Trb
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
AiO_Scan
AiOSoftware
Ask Toolbar
AVG Free 9.0
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Destinations
DeviceManagementQFolder
DocProc
eSupportQFolder
Fax
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Java Auto Updater
Java™ 6 Update 22
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
MSN Toolbar Setup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewCopy
PrintKey2000
ProductContext
Readme
Scan
ScannerCopy
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SolutionCenter
Status
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA/S3G Display Driver
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
XML Paper Specification Shared Components Pack 1.0
Zynga Toolbar

==== Event Viewer Messages From Past Week ========

10/21/2010 4:48:24 PM, error: i8042prt [40] - An error occurred while trying to acquire the device ID of the mouse
10/16/2010 9:01:06 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
10/16/2010 9:01:06 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:30 PM

Posted 25 October 2010 - 04:42 PM

Hi

that is the Attach.txt, so I will need you to run DDS again, I'll give you the full instructions

Please run the additional programs as well


Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window will open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file.



NEXT



Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.



NEXT


Scan With RootKitUnHooker

  • Please Download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers and Stealth
  • Uncheck the rest. then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished and then click File > Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 rascott

rascott
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 PM

Posted 26 October 2010 - 11:51 AM

Thank you
I await further instructions
Here is requested info:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 119):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF79B4000 \WINDOWS\system32\KDCOM.DLL
0xF78C4000 \WINDOWS\system32\BOOTVID.dll
0xF7385000 ACPI.sys
0xF79B6000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7374000 pci.sys
0xF74B4000 isapnp.sys
0xF79B8000 viaide.sys
0xF7734000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74C4000 MountMgr.sys
0xF7355000 ftdisk.sys
0xF79BA000 dmload.sys
0xF732F000 dmio.sys
0xF773C000 PartMgr.sys
0xF74D4000 VolSnap.sys
0xF7317000 atapi.sys
0xF74E4000 disk.sys
0xF74F4000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72F7000 fltMgr.sys
0xF72E5000 sr.sys
0xF72CE000 KSecDD.sys
0xF7241000 Ntfs.sys
0xF7214000 NDIS.sys
0xF71FA000 Mup.sys
0xF7504000 gagp30kx.sys
0xF7664000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xF716C000 \SystemRoot\system32\DRIVERS\vtmini.sys
0xF7158000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF707A000 \SystemRoot\system32\DRIVERS\HCF_MSFT.sys
0xF77D4000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7674000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7684000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7694000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7057000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77E4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF5E55000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77EC000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF5DC2000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF5D9E000 \SystemRoot\system32\drivers\portcls.sys
0xF76A4000 \SystemRoot\system32\drivers\drmk.sys
0xF5D3E000 \SystemRoot\system32\drivers\ALCXSENS.SYS
0xF77F4000 \SystemRoot\system32\DRIVERS\fetnd5.sys
0xF77FC000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF76B4000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7964000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF5D2A000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76C4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7804000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF780C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7AB0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7968000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5D13000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76F4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7814000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5D02000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7704000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF781C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7824000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5CD2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7714000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79D2000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5C4C000 \SystemRoot\system32\DRIVERS\update.sys
0xF7984000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7724000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7554000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79F4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF782C000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF79F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B87000 \SystemRoot\System32\Drivers\Null.SYS
0xF79F8000 \SystemRoot\System32\Drivers\Beep.SYS
0xF783C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7844000 \SystemRoot\System32\drivers\vga.sys
0xF79FA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF784C000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7854000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF71C6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF4B51000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF4AF8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF4ABE000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF4A98000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7574000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF4A70000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF4A4E000 \SystemRoot\System32\drivers\afd.sys
0xF7584000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF4A23000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF49B3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF75A4000 \SystemRoot\System32\Drivers\Fips.SYS
0xF785C000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xF497F000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF7864000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7940000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF786C000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF7874000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF75B4000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF7944000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF5BCC000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF79A8000 \SystemRoot\System32\drivers\Dxapi.sys
0xF789C000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AAE000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\vtdisp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF1F6F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF1C2A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A36000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF1A93000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7B8C000 \SystemRoot\system32\SetupNT.sys
0xF192F000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF1672000 \SystemRoot\system32\drivers\wdmaud.sys
0xF19AB000 \SystemRoot\system32\drivers\sysaudio.sys
0xF1282000 \SystemRoot\System32\Drivers\HTTP.sys
0xF78AC000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xEFEBE000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 61):
0 System Idle Process
4 System
560 C:\WINDOWS\system32\smss.exe
624 csrss.exe
648 C:\WINDOWS\system32\winlogon.exe
696 C:\WINDOWS\system32\services.exe
708 C:\WINDOWS\system32\lsass.exe
872 C:\WINDOWS\system32\svchost.exe
952 svchost.exe
1092 C:\WINDOWS\system32\svchost.exe
1176 svchost.exe
1244 C:\Program Files\AVG\AVG9\avgchsvx.exe
1252 C:\Program Files\AVG\AVG9\avgrsx.exe
1404 svchost.exe
1484 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1688 C:\WINDOWS\system32\spoolsv.exe
1896 svchost.exe
1928 C:\Program Files\AVG\AVG9\avgwdsvc.exe
136 C:\Program Files\Java\jre6\bin\jqs.exe
236 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
332 C:\Program Files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe
524 C:\WINDOWS\system32\HPZipm12.exe
616 C:\WINDOWS\system32\svchost.exe
1276 C:\Program Files\AVG\AVG9\avgnsx.exe
2468 alg.exe
428 C:\WINDOWS\system32\mshta.exe
1356 C:\WINDOWS\system32\mshta.exe
2188 C:\WINDOWS\system32\mshta.exe
748 C:\WINDOWS\system32\mshta.exe
2680 C:\WINDOWS\system32\mshta.exe
1360 C:\WINDOWS\system32\mshta.exe
1672 C:\WINDOWS\system32\mshta.exe
4088 C:\WINDOWS\system32\mshta.exe
3796 C:\WINDOWS\system32\mshta.exe
3644 C:\WINDOWS\system32\mshta.exe
3964 C:\WINDOWS\system32\mshta.exe
3952 C:\WINDOWS\system32\mshta.exe
2832 C:\WINDOWS\system32\mshta.exe
3628 C:\WINDOWS\system32\mshta.exe
2604 C:\WINDOWS\system32\mshta.exe
2300 C:\WINDOWS\system32\mshta.exe
756 C:\WINDOWS\system32\mshta.exe
252 C:\WINDOWS\system32\mshta.exe
3744 C:\WINDOWS\system32\mshta.exe
1368 C:\WINDOWS\system32\VTTimer.exe
2340 C:\WINDOWS\system32\VTTrayp.exe
2764 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2444 C:\WINDOWS\system32\ctfmon.exe
4056 C:\WINDOWS\SOUNDMAN.EXE
3988 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3812 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1532 C:\Program Files\PrintKey2000\Printkey2000.exe
2956 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2584 C:\WINDOWS\explorer.exe
580 C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
1780 C:\WINDOWS\system32\mshta.exe
2928 C:\WINDOWS\system32\mshta.exe
3172 C:\Program Files\Internet Explorer\iexplore.exe
2856 C:\Program Files\Internet Explorer\iexplore.exe
220 C:\WINDOWS\system32\wscntfy.exe
3416 C:\Documents and Settings\Ross\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JB-00JJC0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!



DDS (Ver_10-10-21.02) - NTFSx86
Run by Ross at 9:07:32.85 on Tue 10/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.494.70 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ross\Desktop\dds.com

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [qsffifbbjeajr] c:\documents and settings\ross\local settings\application data\vymamhcd\isktcmw.exe
uRun: [Usegafisequp] rundll32.exe "c:\windows\momine.dll",Startup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QBCD Autorun] D:\autorun.exe restart QB_SEQUENCE first
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Gquyojebuq] rundll32.exe "c:\windows\akulemahe.dll",Startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-3 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-3 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-3 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 mstbsvc;MSN Toolbar Setup;c:\program files\msn\toolbar\4.0.0412.0\mstbsvc.exe [2010-4-6 102752]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-9 135664]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-16 431432]

=============== Created Last 30 ================

2010-10-19 18:40:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-11 14:19:33 -------- d-----w- c:\docume~1\ross\locals~1\applic~1\{54757542-7A67-4203-BFDC-BC6919A1D534}
2010-09-30 14:19:34 -------- d-----w- c:\windows\pss

==================== Find3M ====================

2010-09-15 09:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

============= FINISH: 9:09:01.10 ===============


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x857CAA00 [4] System
0x853A5A58 [136] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x84C22AA8 [220] C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation, Windows Security Center Notification App)
0x85582B00 [236] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)
0x84D68C40 [252] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x853D8B28 [332] C:\Program Files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe (Microsoft Corp., MSN Toolbar Setup)
0x856314C0 [428] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x84DEDC68 [432] C:\Documents and Settings\Ross\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x852D84E0 [524] C:\WINDOWS\system32\HPZipm12.exe (HP, PML Driver)
0x8525C020 [560] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x84944C68 [580] C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe (Hewlett-Packard Co., Hewlett-Packard Product Assistant)
0x85385428 [616] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85516DA0 [624] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x85512670 [648] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x853A1250 [696] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x853B2900 [708] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x85706650 [748] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x84D70880 [756] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x855351B8 [872] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x855207B8 [952] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85551308 [1092] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85527B28 [1176] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8551F480 [1244] C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o., AVG Cache Server)
0x855305D0 [1252] C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o., AVG Resident Shield Service)
0x852F6A88 [1276] C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o., AVG Network scanner Service)
0x85628D20 [1356] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x852DDC90 [1360] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x84D666C0 [1368] C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc., -)
0x8551A8B0 [1404] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85515698 [1484] C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o., AVG Scanning Core Module - Server Part)
0x8553F798 [1532] C:\Program Files\PrintKey2000\Printkey2000.exe (Fred's Software, -)
0x84B94160 [1672] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x8559BDA0 [1688] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x84CC14B8 [1780] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x852A6438 [1852] C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x853BEA50 [1896] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x85333678 [1928] C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o., AVG Watchdog Service)
0x84DF6990 [2188] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x85376418 [2300] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x8511C7B0 [2340] C:\WINDOWS\system32\VTTrayp.exe (S3 Graphics Co., Ltd., s3contrl (32-bit))
0x84D63BD8 [2444] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x84D862E0 [2468] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x852727E8 [2584] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8528E020 [2604] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x855E78F8 [2680] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x850E7888 [2764] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o., AVG Tray Monitor)
0x850BA020 [2832] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x8527EDA0 [2856] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x8562A020 [2928] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x84B9C020 [2956] C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co., HP CUE Status)
0x84AEF2C8 [3172] C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation, Internet Explorer)
0x84D7F020 [3628] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x84DCD638 [3644] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x84913020 [3744] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x856B8518 [3796] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x84D11DA0 [3812] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co., HP Digital Imaging Monitor)
0x8512B020 [3952] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x84BD2020 [3964] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
0x84932020 [3988] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java™ Update Scheduler)
0x84E24020 [4056] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp., Realtek Sound Manager)
0x8553CAE8 [4088] C:\WINDOWS\system32\mshta.exe (Microsoft Corporation, Microsoft ® HTML Application host)
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\vtdisp.dll 3567616 bytes (VIA/S3 Graphics Co, Ltd., VIA/S3G Graphics Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF707A000 C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys 909312 bytes (Conexant, Modem)
0xF5DC2000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 602112 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xF7241000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF49B3000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5D3E000 C:\WINDOWS\system32\drivers\ALCXSENS.SYS 393216 bytes (Sensaura Ltd, Sensaura WDM 3D Audio Driver)
0xF5C4C000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF4AF8000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF1A93000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF716C000 C:\WINDOWS\system32\DRIVERS\vtmini.sys 286720 bytes (Copyright © VIA/S3 Graphics Co, Ltd., VIA/S3G Miniport Driver)
0xF1282000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF4ABE000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF497F000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF5CD2000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7385000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF1C2A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7214000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEFEBE000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF4A23000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF4A70000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF732F000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF4A98000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF192F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF5D9E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5E55000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7057000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF4A4E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF72F7000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7355000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF71FA000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7317000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF72CE000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5D13000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF1672000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5D2A000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7158000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF4B51000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF72E5000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7374000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5D02000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF5BCC000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7684000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF76B4000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76A4000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7694000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF19AB000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7554000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7664000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF74F4000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF75B4000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF76C4000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76D4000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74D4000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7504000 gagp30kx.sys 49152 bytes (Microsoft Corporation, MS Generic AGPv3.0 Filter for K8/9 Processor Platforms)
0xF76F4000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF75A4000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7674000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF74C4000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76E4000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF74B4000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7724000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7714000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74E4000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7704000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7584000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF13F3000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7574000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77D4000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7854000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7864000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF77EC000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF77FC000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF77F4000 C:\WINDOWS\system32\DRIVERS\fetnd5.sys 28672 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
0xF783C000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7734000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF786C000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF78AC000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF785C000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF7874000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF780C000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7804000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77E4000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7844000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF782C000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF784C000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF773C000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF781C000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7824000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7814000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF789C000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7944000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF7984000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF1F6F000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7964000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7940000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF78C4000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF79A8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7968000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF71C6000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF79F8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF79BA000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF79F6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF79B4000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF79FA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A36000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF79FC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79D2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79F4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF79B8000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF79B6000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7AB0000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7AAE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7B87000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B8C000 C:\WINDOWS\system32\SetupNT.sys 4096 bytes
!!!!!!!!!!!Hidden driver: 0x8564AAEA ?_empty_? 1302 bytes
!!!!!!!!!!!Hidden driver: 0x8533BF38 ?_empty_? 0 bytes
==============================================
>Stealth
==============================================
0xF7317000 WARNING: suspicious driver modification [atapi.sys::0x8564AAEA]
0xF7694000 WARNING: Virus alike driver modification [redbook.sys], 61440 bytes
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\Cfg\updatecomps.cfg.prepare
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\update\download\f9lngus864b860we.bin
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\update\download\f9lsie863b856qs.bin
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\update\download\f9setup863b855hk.bin
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\update\download\f9tbig863dl.bin
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\update\download\u9iavi3220u3219pe.bin
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\update\download\x8xplsc_380d3799m.bin
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp\cty.cty.prepare
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\39_sp.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\40_sp.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\48_sp.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\57_sp.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\channels.dat
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome.manifest
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\after_install.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\after_uninstall.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\autocomplete-popup.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\avg\avgtbapi.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\avg\customwrapper.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\avg\partFiles.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\avg\shield.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\avg\statusindicator.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\config.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\contexthtml.xul
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\custom.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\ex\marquee.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\htmlwindow.xul
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\about.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\avgcert.pfx
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_AB.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_ABSearch.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_arrow.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_bottom_shadow.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirm.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmAVGSafe.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmEmail.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmFacebook.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmTbr.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_confirmWeather.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_general.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_IDV.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_IDV1.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_IDV2.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_logo.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_protection.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_search.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBox.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBoxBaidu.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_searchSearchBoxBlank.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_SPupdate.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_SPupdateSearchBox.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_style.css
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_top_shadow.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_VIPActivated.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_VIPActivation.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_VIPError.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_VIPFirst.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_VIPFirst.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_VIPLogo.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\bubble_VIPSecCode.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\deletehistory_processing.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_config.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifier.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierBackground.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierBullet.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierClose.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierDown.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierDownActive.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierDownDisabled.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierIco.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierNext.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierNextActive.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierNextDisabled.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierPrevious.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierPreviousActive.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierPreviousDisabled.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierScrollbar.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierSettings.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierUp.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierUpActive.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\emailchecker_notifierUpDisabled.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\Facebook_config.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\Facebook_error.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\facebook_logo.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\Facebook_notifier.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\Facebook_notifierIco.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\Facebook_status.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\facebook_style.css
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\facebook_textbox.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\Facebook_user.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBAccess.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBCalc.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBExcel.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBExplorer.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBMediaPlayer.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBNotepad.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBOutlook.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBOutlookExpress.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBPaint.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBPowerPoint.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBSkype.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\icoUBWord.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!backgroundGrey.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!backgroundRed.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!bullet.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!close.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!icoiDNES.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!icoRead.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!icoRSS.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!icoSimple.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!icoUnread.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!logo.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!settings.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_!tabHilighted.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.css
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_advanced.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_config.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\rssreader_simple.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_askdialog.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_background.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_checkboxdialog.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_closedialog.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_icohelp.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_icoQuest.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_icoRisk.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_icoSafe.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_icoUnkn.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_loading.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_logo.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_main.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_main.htm.new
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_menu1.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_menu2.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_menu3.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_menu4.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\settings_style.css
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_arrow_gray.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_arrow_green.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_arrow_orange.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_arrow_red.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_arrow_yellow.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_gray.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_green.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_orange.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_red.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_middle_yellow.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_top_gray.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_top_green.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_top_orange.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_top_red.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_background_top_yellow.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_blocked.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_gray.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_green.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_orange.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_red.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_bottom_yellow.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_top_gray.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_top_green.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_top_orange.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_top_red.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_border_top_yellow.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_caution.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_dangerous.html
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_icons_blocked.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_icons_caution.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_icons_close.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_icons_safe.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_icons_unknown.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_icons_warning.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_LS_Logo_Results.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_questionable.html
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_risky.html
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_safe.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_safe.html
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_unknown.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_unknown.html
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_waiting.html
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\ssb_warning.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_button.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_buttonHilight.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_button_hilight.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7footer.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_ie7header.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_poweredByBlank.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tabswelcome_poweredByYahoo.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\tbapi.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\toolbarprotector_window.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\updater_error.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\updater_ok.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\updater_processing.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\vipaffils.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\weather_bg.gif
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\weather_error.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\weather_img.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\html\weather_x.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\imageButton.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\en.ini
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\Languages\languages.cfg
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libsex\fcb.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libsex\mail.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libsex\mime.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libsex\pop3.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libsex\rss.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libsex\ticker.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libsex\xmlitemsex.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\bubbles.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\cache.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\chevron.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\cookie.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\directory.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\dns.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\dom.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\dragdrop.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\file.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\include.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\include_lite.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\loader.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\log.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\mutex.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\newtab.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\pass.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\prefs.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\privacy.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\refreshControl.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\registry.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\resources.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\searches.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\searchplugin.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\searchProvs.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\settings.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\splitter.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\stats.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\tabs.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\translation.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\update.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\updatecontrol.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\updateext.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\updater.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\updates.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\usefulbuttons.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\utils.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\visibility.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\wrapper.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\xml.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\xmlconfig.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\libs\xmlitems.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\overlay.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\overlay.xul
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\content\searchProviders.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\icons\default\htmlwindow.ico
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\chevron.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\contexthtml.css
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\dragdrop.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\emailchecker_icoEmail.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\emailchecker_icoEmailNew.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\gripper.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoAbout.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoAVGInfo.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoFacebook_facebook.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoFacebook_FriendReq.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoFacebook_messages.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoFacebook_pokes.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoGoButtonBG.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoHomepage.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoIdentityGuard.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoNoProtection.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoOptions.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoProtection.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoProtectionLimited.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoRSS.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoRSSBlue.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoRSSGray.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoRSSGreen.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_D.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_Q.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_R.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_S.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_U.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoShieldButtonBG_W.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoTrash.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBAccess.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBCalc.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBExcel.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBExplorer.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBMediaPlayer.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBNotepad.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBOutlook.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBOutlookExpress.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBPaint.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBPowerPoint.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBSkype.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUBWord.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoUpdate.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\icoWeather.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\logo.ico
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\logo.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\overlay.css
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\rssreader_!icoRead.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\rssreader_!icoUnread.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\searchProvider.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\Search_provider_drop.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\settings_icon.ico
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\slider.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\spImages.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\spLocal.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\spShopping.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\spVideo.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\spWiki.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\spYahoo.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\spYahooBG.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\spYahooBG_small.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\chrome\skin\toolbarprotector_icon.ico
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_23\chrome\content\config.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_23\chrome\content\html\tabswelcome.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_23\chrome\content\html\tabswelcome_ie7header.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_23\chrome\content\Languages\en.ini
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_23\chrome\skin\searchProvider.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_23\sp.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_39\chrome\content\config.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_39\chrome\content\html\tabswelcome.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_39\chrome\content\html\tabswelcome_ie7header.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_39\chrome\content\Languages\en.ini
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_39\chrome\skin\searchProvider.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_39\chrome\skin\spGeneralSearch.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_39\sp.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_40\chrome\content\config.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_40\chrome\content\html\tabswelcome.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_40\chrome\content\html\tabswelcome_ie7header.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_40\chrome\content\Languages\en.ini
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_40\chrome\skin\searchProvider.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_40\chrome\skin\spYandex.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_40\sp.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_48\chrome\content\config.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_48\chrome\content\html\tabswelcome.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_48\chrome\content\html\tabswelcome_ie7header.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_48\chrome\content\Languages\en.ini
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_48\chrome\skin\searchProvider.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_48\chrome\skin\spBaidu.png
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_48\sp.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_57\chrome\content\config.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_57\chrome\content\html\tabswelcome.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_57\chrome\content\html\tabswelcome_ie7header.htm
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\ch_57\sp.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\autocomplete.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\avgapi.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\facebook.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\IGeared_tavgp_xputils.xpt
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\notifications.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\sp.js
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\xpavgdatabaseversion.xpt
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\xpavgprogramversion.xpt
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\xpavgsearchratingsconfig.xpt
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\xpavgtbapi.dll
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\xpavgtbapi.xpt
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\components\xpavgverdicts.xpt
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\install.rdf
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\avg@igeared\xpfunc.dll
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\Firefox\sp.xml
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\IE8Lib.dll
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\IEToolbar.dll
!-->[Hidden] C:\Program Files\AVG\AVG9\Toolbar.old\ToolbarBroker.exe
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037941.ini
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037942.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037943.old
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037944.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037945.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037946.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037947.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037948.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037949.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037950.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037951.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037952.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037953.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037954.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037955.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\A0037956.cfg
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\change.log
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\RestorePointSize
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\rp.log
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\ComDb.Dat
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\domain.txt
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\Repository\$WinMgmt.CFG
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\Repository\FS\INDEX.BTR
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\Repository\FS\INDEX.MAP
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\Repository\FS\MAPPING.VER
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\Repository\FS\MAPPING1.MAP
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\Repository\FS\MAPPING2.MAP
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\Repository\FS\OBJECTS.DATA
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\Repository\FS\OBJECTS.MAP
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_MACHINE_SAM
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_MACHINE_SECURITY
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_MACHINE_SOFTWARE
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_MACHINE_SYSTEM
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_USER_.DEFAULT
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1645522239-308236825-1801674531-1003
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1645522239-308236825-1801674531-1004
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1645522239-308236825-1801674531-500
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1645522239-308236825-1801674531-1003
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1645522239-308236825-1801674531-1004
!-->[Hidden] C:\System Volume Information\_restore{1A613E3F-26A9-47E7-A2FC-B0106B325B3E}\RP80\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1645522239-308236825-1801674531-500
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006AA8A, Type: Inline - RelativeJump 0x80541A8A-->80541A91 [ntkrnlpa.exe]
[1092]svchost.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[1092]svchost.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[1092]svchost.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[1092]svchost.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[1092]svchost.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[1092]svchost.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[1092]svchost.exe-->user32.dll-->GetCursorPos, Type: Inline - RelativeJump 0x7E42974E-->00000000 [unknown_code_page]
[2584]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[2584]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[2584]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[2584]explorer.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2584]explorer.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2584]explorer.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2584]explorer.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2584]explorer.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2584]explorer.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2584]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[2584]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[2856]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[2856]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[2856]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[2856]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[2856]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[2856]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[2856]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[2856]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x7E41EA3B-->00000000 [tbZyn0.dll]
[2856]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[2856]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[2856]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[2856]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[2856]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [tbZyn0.dll]
[2856]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[2856]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[2856]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[2856]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[2856]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[2856]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[3172]iexplore.exe-->mswsock.dll+0x00004057, Type: Inline - RelativeJump 0x71A54057-->00000000 [unknown_code_page]
[3172]iexplore.exe-->mswsock.dll+0x0000433A, Type: Inline - RelativeJump 0x71A5433A-->00000000 [unknown_code_page]
[3172]iexplore.exe-->mswsock.dll+0x00005847, Type: Inline - RelativeJump 0x71A55847-->00000000 [unknown_code_page]
[3172]iexplore.exe-->ntdll.dll-->KiUserExceptionDispatcher, Type: Inline - RelativeJump 0x7C90E47C-->00000000 [unknown_code_page]
[3172]iexplore.exe-->ntdll.dll-->NtProtectVirtualMemory, Type: Inline - RelativeJump 0x7C90D6EE-->00000000 [unknown_code_page]
[3172]iexplore.exe-->ntdll.dll-->NtWriteVirtualMemory, Type: Inline - RelativeJump 0x7C90DFAE-->00000000 [unknown_code_page]
[3172]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x7E41EA3B-->00000000 [tbZyn0.dll]
[3172]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[3172]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[3172]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[3172]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[3172]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [tbZyn0.dll]
[3172]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[3172]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[3172]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[3172]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]



RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
!!!!!!!!!!!Hidden driver: 0x8533BF38 ?_empty_? 0 bytes
!!!!!!!!!!!Hidden driver: 0x8564AAEA ?_empty_? 1302 bytes
0xF7385000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x806D0000 ACPI_HAL 131840 bytes
0xF4A4E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF5D3E000 C:\WINDOWS\system32\drivers\ALCXSENS.SYS 393216 bytes (Sensaura Ltd, Sensaura WDM 3D Audio Driver)
0xF5DC2000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 602112 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xF7664000 C:\WINDOWS\system32\DRIVERS\AmdPPM.sys 53248 bytes (Advanced Micro Devices, AMD Processor Driver)
0xF7317000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF7AB0000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF497F000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xF785C000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF4ABE000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xF79F8000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF78C4000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF5BCC000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7684000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF74F4000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF74E4000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF732F000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF79BA000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF76A4000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF79A8000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7AAE000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF192F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF77FC000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF77F4000 C:\WINDOWS\system32\DRIVERS\fetnd5.sys 28672 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)
0xF75A4000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF782C000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF72F7000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF79F6000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7355000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7504000 gagp30kx.sys 49152 bytes (Microsoft Corporation, MS Generic AGPv3.0 Filter for K8/9 Processor Platforms)
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF707A000 C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys 909312 bytes (Conexant, Modem)
0xF783C000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF75B4000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF7944000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF7874000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF1282000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF76C4000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF7674000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF4A98000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF4B51000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF74B4000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF780C000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF79B4000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7057000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF72CE000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF79FA000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF77D4000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7804000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF74C4000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF1C2A000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF49B3000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF784C000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7704000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7984000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF71FA000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7214000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF7968000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF1F6F000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF5D13000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF7724000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7584000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF4A70000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF13F3000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7854000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7241000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0xF7B87000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF5D2A000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF773C000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7A36000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7374000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7734000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x804D7000 PnpManager 2066816 bytes
0xF5D9E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5D02000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF781C000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF71C6000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF76D4000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF76E4000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF76F4000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7824000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0x804D7000 RAW 2066816 bytes
0xF4A23000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF79FC000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF5CD2000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7694000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF7964000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF76B4000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7B8C000 C:\WINDOWS\system32\SetupNT.sys 4096 bytes
0xF72E5000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF1A93000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF79D2000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF19AB000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF4AF8000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF7814000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7714000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF5C4C000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF7864000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF79F4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF77EC000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7554000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF5E55000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF786C000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7940000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF77E4000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7844000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF79B8000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7158000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF74D4000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBF012000 C:\WINDOWS\System32\vtdisp.dll 3567616 bytes (VIA/S3 Graphics Co, Ltd., VIA/S3G Graphics Driver)
0xF716C000 C:\WINDOWS\system32\DRIVERS\vtmini.sys 286720 bytes (Copyright © VIA/S3 Graphics Co, Ltd., VIA/S3G Miniport Driver)
0xF7574000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF789C000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF1672000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xBF800000 Win32k 1851392 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF79B6000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x804D7000 WMIxWDM 2066816 bytes

#4 rascott

rascott
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 PM

Posted 26 October 2010 - 11:58 AM

I may have over looked Attach file


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/1/2010 10:40:12 PM
System Uptime: 10/25/2010 12:18:44 PM (21 hours ago)

Motherboard: | | K8M800-8237
Processor: AMD Sempron™ Processor 3000+ | Socket 754 | 1799/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 59.277 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP17: 7/28/2010 12:12:32 PM - System Checkpoint
RP18: 7/29/2010 2:43:17 PM - System Checkpoint
RP19: 7/30/2010 2:54:40 PM - System Checkpoint
RP20: 8/2/2010 10:09:34 AM - System Checkpoint
RP21: 8/4/2010 11:45:42 AM - System Checkpoint
RP22: 8/5/2010 1:42:43 PM - System Checkpoint
RP23: 8/9/2010 9:21:39 AM - System Checkpoint
RP24: 8/10/2010 11:19:22 AM - System Checkpoint
RP25: 8/11/2010 2:30:11 PM - System Checkpoint
RP26: 8/12/2010 2:51:14 PM - System Checkpoint
RP27: 8/14/2010 10:22:56 AM - System Checkpoint
RP28: 8/15/2010 11:16:45 AM - System Checkpoint
RP29: 8/16/2010 12:52:22 PM - Avg Update
RP30: 8/17/2010 2:15:53 PM - System Checkpoint
RP31: 8/18/2010 2:19:17 PM - System Checkpoint
RP32: 8/19/2010 3:27:08 PM - System Checkpoint
RP33: 8/23/2010 12:16:05 PM - System Checkpoint
RP34: 8/24/2010 1:41:44 PM - System Checkpoint
RP35: 8/25/2010 2:07:41 PM - System Checkpoint
RP36: 8/26/2010 2:23:35 PM - System Checkpoint
RP37: 8/27/2010 4:55:13 PM - System Checkpoint
RP38: 8/28/2010 4:59:00 PM - System Checkpoint
RP39: 8/29/2010 5:31:05 PM - System Checkpoint
RP40: 8/30/2010 6:31:06 PM - System Checkpoint
RP41: 8/31/2010 7:31:06 PM - System Checkpoint
RP42: 9/1/2010 8:30:27 PM - System Checkpoint
RP43: 9/5/2010 1:49:45 PM - System Checkpoint
RP44: 9/6/2010 2:00:52 PM - System Checkpoint
RP45: 9/7/2010 2:41:11 PM - System Checkpoint
RP46: 9/8/2010 3:57:26 PM - System Checkpoint
RP47: 9/10/2010 10:18:31 AM - System Checkpoint
RP48: 9/11/2010 10:42:28 AM - System Checkpoint
RP49: 9/13/2010 9:52:21 AM - System Checkpoint
RP50: 9/23/2010 6:55:17 AM - Avg Update
RP51: 9/23/2010 6:59:59 AM - Avg Update
RP52: 9/24/2010 7:55:15 AM - System Checkpoint
RP53: 9/25/2010 8:35:27 AM - System Checkpoint
RP54: 9/26/2010 9:34:51 AM - System Checkpoint
RP55: 9/27/2010 11:15:34 AM - System Checkpoint
RP56: 9/28/2010 11:35:32 AM - System Checkpoint
RP57: 9/29/2010 1:16:03 PM - System Checkpoint
RP58: 9/30/2010 3:13:06 PM - System Checkpoint
RP59: 10/4/2010 9:38:04 AM - System Checkpoint
RP60: 10/4/2010 11:01:10 AM - Avg Update
RP61: 10/5/2010 1:51:08 PM - System Checkpoint
RP62: 10/6/2010 1:55:05 PM - System Checkpoint
RP63: 10/7/2010 2:12:31 PM - System Checkpoint
RP64: 10/8/2010 4:00:31 PM - System Checkpoint
RP65: 10/9/2010 4:16:54 PM - System Checkpoint
RP66: 10/10/2010 5:16:34 PM - System Checkpoint
RP67: 10/11/2010 6:21:52 PM - System Checkpoint
RP68: 10/12/2010 6:45:40 PM - System Checkpoint
RP69: 10/13/2010 7:37:48 PM - System Checkpoint
RP70: 10/14/2010 8:37:49 PM - System Checkpoint
RP71: 10/16/2010 9:54:23 AM - System Checkpoint
RP72: 10/17/2010 10:04:40 AM - System Checkpoint
RP73: 10/18/2010 3:29:56 PM - System Checkpoint
RP74: 10/19/2010 11:38:57 AM - Installed Java™ 6 Update 22
RP75: 10/19/2010 11:41:13 AM - Installed MSN Toolbar Setup
RP76: 10/20/2010 12:04:29 PM - System Checkpoint
RP77: 10/21/2010 3:25:53 PM - System Checkpoint
RP78: 10/23/2010 1:48:36 AM - System Checkpoint
RP79: 10/25/2010 9:45:00 AM - System Checkpoint
RP80: 10/26/2010 9:21:49 AM - Avg Update

==== Installed Programs ======================

5600
5600_Help
5600Trb
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
AiO_Scan
AiOSoftware
Ask Toolbar
AVG Free 9.0
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Destinations
DeviceManagementQFolder
DocProc
eSupportQFolder
Fax
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Java Auto Updater
Java™ 6 Update 22
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
MSN Toolbar Setup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewCopy
PrintKey2000
ProductContext
Readme
Scan
ScannerCopy
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
SolutionCenter
Status
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA/S3G Display Driver
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
XML Paper Specification Shared Components Pack 1.0
Zynga Toolbar

==== Event Viewer Messages From Past Week ========

10/21/2010 8:07:25 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
10/21/2010 8:07:25 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
10/21/2010 4:48:24 PM, error: i8042prt [40] - An error occurred while trying to acquire the device ID of the mouse

==== End Of File ===========================

#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:30 PM

Posted 26 October 2010 - 05:15 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#6 rascott

rascott
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 PM

Posted 27 October 2010 - 10:17 AM

Ran combofix
Log report:

ComboFix 10-10-26.04 - Ross 10/27/2010 8:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.494.142 [GMT -7:00]
Running from: c:\documents and settings\Ross\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Pennie\Local Settings\Application Data\{CCFA05E0-7EE2-45C2-A466-030EFE4F4958}
c:\documents and settings\Pennie\Local Settings\Application Data\{CCFA05E0-7EE2-45C2-A466-030EFE4F4958}\chrome.manifest
c:\documents and settings\Pennie\Local Settings\Application Data\{CCFA05E0-7EE2-45C2-A466-030EFE4F4958}\chrome\content\_cfg.js
c:\documents and settings\Pennie\Local Settings\Application Data\{CCFA05E0-7EE2-45C2-A466-030EFE4F4958}\chrome\content\overlay.xul
c:\documents and settings\Pennie\Local Settings\Application Data\{CCFA05E0-7EE2-45C2-A466-030EFE4F4958}\install.rdf
c:\documents and settings\Ross\Local Settings\Application Data\{54757542-7A67-4203-BFDC-BC6919A1D534}
c:\documents and settings\Ross\Local Settings\Application Data\{54757542-7A67-4203-BFDC-BC6919A1D534}\chrome.manifest
c:\documents and settings\Ross\Local Settings\Application Data\{54757542-7A67-4203-BFDC-BC6919A1D534}\chrome\content\_cfg.js
c:\documents and settings\Ross\Local Settings\Application Data\{54757542-7A67-4203-BFDC-BC6919A1D534}\chrome\content\overlay.xul
c:\documents and settings\Ross\Local Settings\Application Data\{54757542-7A67-4203-BFDC-BC6919A1D534}\install.rdf
c:\documents and settings\Ross\Local Settings\Application Data\Windows Server
c:\windows\akulemahe.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.

2010-10-19 18:41 . 2010-10-19 18:41 -------- d-----w- c:\program files\Common Files\Java
2010-10-19 18:40 . 2010-09-15 11:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-08 21:40 . 2010-10-08 21:40 -------- d-----w- c:\documents and settings\Ross\Application Data\HP
2010-10-08 21:17 . 2010-10-08 21:18 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 09:29 . 2010-03-02 06:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-06-14 2734688]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-06-14 02:10 2734688 ----a-w- c:\program files\Zynga\tbZyn0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-10-06 18:31 2475336 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 23:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-06-14 2734688]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-06-14 2734688]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"VTTimer"="VTTimer.exe" [2006-09-15 53248]
"VTTrayp"="VTtrayp.exe" [2007-04-25 176128]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2010-3-1 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 16:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=audpci40.dll
"midi"=audpci40.dll
"mixer"=audpci40.dll
"aux"=audpci40.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/3/2010 1:02 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/3/2010 1:02 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:46 AM 308136]
R2 mstbsvc;MSN Toolbar Setup;c:\program files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe [4/6/2010 3:34 PM 102752]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2010 12:18 PM 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/26/2010 9:23 AM 517448]
.
Contents of the 'Scheduled Tasks' folder

2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 19:18]

2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 19:18]

2010-10-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 23:50]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-qsffifbbjeajr - c:\documents and settings\ross\local settings\application data\vymamhcd\isktcmw.exe
HKCU-Run-Usegafisequp - c:\windows\momine.dll
HKLM-Run-QBCD Autorun - D:\autorun.exe
HKLM-Run-Gquyojebuq - c:\windows\akulemahe.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-27 08:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-10-27 08:08:40
ComboFix-quarantined-files.txt 2010-10-27 15:08

Pre-Run: 63,588,696,064 bytes free
Post-Run: 64,161,030,144 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A7D909551754F958FF8D2684B0F5D78D

thank you.
Further instructions?

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:30 PM

Posted 27 October 2010 - 03:27 PM

Hi

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 rascott

rascott
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 PM

Posted 28 October 2010 - 10:29 AM

Followed instructions given.
Requested info follows.

ComboFix 10-10-26.04 - Ross 10/27/2010 21:10:34.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.494.246 [GMT -7:00]
Running from: c:\documents and settings\Ross\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ross\Desktop\bleep-req\CFScript
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-19 18:41 . 2010-10-19 18:41 -------- d-----w- c:\program files\Common Files\Java
2010-10-19 18:40 . 2010-09-15 11:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-08 21:40 . 2010-10-08 21:40 -------- d-----w- c:\documents and settings\Ross\Application Data\HP
2010-10-08 21:17 . 2010-10-08 21:18 -------- d-----w- c:\program files\Common Files\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 09:29 . 2010-03-02 06:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((( SnapShot@2010-10-27_15.06.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-28 02:45 . 2010-10-28 02:45 16384 c:\windows\Temp\Perflib_Perfdata_7b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-06-14 2734688]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-06-14 02:10 2734688 ----a-w- c:\program files\Zynga\tbZyn0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-10-06 18:31 2475336 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 23:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-06-14 2734688]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn0.dll" [2010-06-14 2734688]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-10-06 2475336]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"VTTimer"="VTTimer.exe" [2006-09-15 53248]
"VTTrayp"="VTtrayp.exe" [2007-04-25 176128]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-10-04 2067808]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2010-3-1 869376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 16:46 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=audpci40.dll
"midi"=audpci40.dll
"mixer"=audpci40.dll
"aux"=audpci40.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/3/2010 1:02 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/3/2010 1:02 PM 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:46 AM 308136]
R2 mstbsvc;MSN Toolbar Setup;c:\program files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe [4/6/2010 3:34 PM 102752]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/9/2010 12:18 PM 135664]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/26/2010 9:23 AM 517448]
.
Contents of the 'Scheduled Tasks' folder

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 19:18]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-09 19:18]

2010-10-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 23:50]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-27 21:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3152)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-27 21:19:18
ComboFix-quarantined-files.txt 2010-10-28 04:19
ComboFix2.txt 2010-10-27 15:08

Pre-Run: 63,143,497,728 bytes free
Post-Run: 63,833,157,632 bytes free

- - End Of File - - 4F9D276480B5ACF31AC1C066FCD0E8C7



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4971

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/27/2010 9:32:23 PM
mbam-log-2010-10-27 (21-32-23).txt

Scan type: Quick scan
Objects scanned: 154316
Time elapsed: 5 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------

Kasparsky Scan found no threats.

Looking in AVG virus vault I find infections, the same ones that got me here in the first place.
Couldn't find a way to show info in vault.
While previously working on this I had another threat pop up: Win32/PatchedDX

Next step?

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:30 PM

Posted 28 October 2010 - 05:58 PM

can you be more specific - what location is this being found?

Was this an alert AVG gave you?

It may be finding the infection in old restore points.

The items in AVG quarantine can stay there, they wont harm your computer

Let's set a new restore point, clean out the old ones, then clear out all your temp files,

then update and run your AVG and then let me know if it finds anything that isn't already in quarantine.

please do the following:

Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
It's normal after running TFC cleaner that the PC will be slower to boot the first time.


NEXT



Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create,
when the confirmation screen shows the restore point has been created click Close.

Now remove all previous Restore Points:
Click Start > Run > copy and paste the following into the run box:

cleanmgr

Choose to scan drive C:\ (if C:\ is your main drive) At the top, click on More Options tab. Click the Clean up button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 rascott

rascott
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 PM

Posted 28 October 2010 - 10:59 PM

Thank you for all your assistance.

Followed your instructions and I must say that you have allowed my lack of knowledge to step through them without confusion or frustration.

AVG virus vault is where results were moved to. It is also where previous virus' are located. Is that quarentine?

Do I now 'Empty Vault'? I await your instructions.

Results follow:

Scan "Scan whole computer" completed.
Warnings;"181";"181";"0"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Thursday, October 28, 2010, 5:23:38 PM"
Scan finished:;"Thursday, October 28, 2010, 6:08:05 PM (44 minute(s) 26 second(s))"
Total object scanned:;"226589"
User who launched the scan:;"Ross"

Warnings
File;"Infection";"Result"
C:\Documents and Settings\Ross\Cookies\ross@tribalfusion[2].txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@tribalfusion[2].txt;"Found Tracking cookie.Tribalfusion";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@tribalfusion[1].txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@tribalfusion[1].txt;"Found Tracking cookie.Tribalfusion";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@statse.webtrendslive[2].txt:\statse.webtrendslive.com.b4ca7df0;"Found Tracking cookie.Webtrendslive";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@statse.webtrendslive[2].txt;"Found Tracking cookie.Webtrendslive";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@revsci[2].txt:\revsci.net.f1b6b2e;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@revsci[2].txt:\revsci.net.f0067737;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@revsci[2].txt:\revsci.net.50e13b1b;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@revsci[2].txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@revsci[2].txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@revsci[2].txt:\revsci.net.18a1d1b2;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@revsci[2].txt;"Found Tracking cookie.Revsci";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@realmedia[1].txt:\realmedia.com.dc841856;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@realmedia[1].txt:\realmedia.com.bf4a1fa7;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@realmedia[1].txt:\realmedia.com.a2b49f1a;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@realmedia[1].txt:\realmedia.com.9514c147;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@realmedia[1].txt:\realmedia.com.855b46d;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@realmedia[1].txt;"Found Tracking cookie.Realmedia";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@pro-market[1].txt:\pro-market.net.bbf67f2d;"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@pro-market[1].txt:\pro-market.net.b51604f4;"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@pro-market[1].txt:\pro-market.net.1d1ba569;"Found Tracking cookie.Pro-market";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@pro-market[1].txt;"Found Tracking cookie.Pro-market";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@mediaplex[2].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@mediaplex[2].txt:\mediaplex.com.dc30fb3c;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@mediaplex[2].txt;"Found Tracking cookie.Mediaplex";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@m.webtrends[2].txt;"Found Tracking cookie.Webtrends";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@casalemedia[2].txt:\casalemedia.com.987e6b46;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@casalemedia[2].txt:\casalemedia.com.80ad4799;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@casalemedia[2].txt:\casalemedia.com.650648e8;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@casalemedia[2].txt:\casalemedia.com.350339d4;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@casalemedia[2].txt:\casalemedia.com.2d37ad26;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@casalemedia[2].txt:\casalemedia.com.1773afc;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@casalemedia[2].txt;"Found Tracking cookie.Casalemedia";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@atdmt[2].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@atdmt[1].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@advertising[1].txt:\advertising.com.f62113d5;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@advertising[1].txt:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@advertising[1].txt:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@advertising[1].txt:\advertising.com.1820df7a;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@advertising[1].txt;"Found Tracking cookie.Advertising";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@adbrite[2].txt:\adbrite.com.f796fd05;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@adbrite[2].txt:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@adbrite[2].txt;"Found Tracking cookie.Adbrite";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@ad.yieldmanager[3].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@ad.yieldmanager[3].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@ad.yieldmanager[3].txt;"Found Tracking cookie.Yieldmanager";"Healed"
C:\Documents and Settings\Ross\Cookies\ross@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Ross\Cookies\ross@ad.yieldmanager[1].txt;"Found Tracking cookie.Yieldmanager";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@zedo[2].txt:\zedo.com.f462b69f;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@zedo[2].txt:\zedo.com.dab23eee;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@zedo[2].txt:\zedo.com.c1dd09f2;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@zedo[2].txt:\zedo.com.a5b6a132;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@zedo[2].txt:\zedo.com.27f1639b;"Found Tracking cookie.Zedo";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@zedo[2].txt;"Found Tracking cookie.Zedo";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@tribalfusion[2].txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@tribalfusion[2].txt;"Found Tracking cookie.Tribalfusion";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@trafficmp[1].txt:\trafficmp.com.f3e5803e;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@trafficmp[1].txt:\trafficmp.com.e2e71e33;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@trafficmp[1].txt:\trafficmp.com.ae53b8b;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@trafficmp[1].txt:\trafficmp.com.a00e30b4;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@trafficmp[1].txt:\trafficmp.com.37644bdb;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@trafficmp[1].txt:\trafficmp.com.283bb361;"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@trafficmp[1].txt;"Found Tracking cookie.Trafficmp";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@tacoda[1].txt:\tacoda.net.ed9c50d1;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@tacoda[1].txt:\tacoda.net.cd7ce44f;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@tacoda[1].txt:\tacoda.net.c4fe2ebb;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@tacoda[1].txt:\tacoda.net.5935e89;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@tacoda[1].txt:\tacoda.net.4366831a;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@tacoda[1].txt:\tacoda.net.27341d57;"Found Tracking cookie.Tacoda";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@tacoda[1].txt;"Found Tracking cookie.Tacoda";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@serving-sys[2].txt:\serving-sys.com.db46cecc;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@serving-sys[2].txt:\serving-sys.com.ac41fe5a;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@serving-sys[2].txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@serving-sys[2].txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@serving-sys[2].txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@serving-sys[2].txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@serving-sys[2].txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@serving-sys[2].txt;"Found Tracking cookie.Serving-sys";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt:\ru4.com.ede0a20c;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt:\ru4.com.c1de753f;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt:\ru4.com.a281be05;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt:\ru4.com.a15d2f4b;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt:\ru4.com.91b70c83;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt:\ru4.com.89628ed1;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt:\ru4.com.86ebc5e4;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt:\ru4.com.608b8516;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt:\ru4.com.5a5e0633;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt:\ru4.com.4bc45416;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt:\ru4.com.429cde9a;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt:\ru4.com.3f5f8743;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt:\ru4.com.229907d0;"Found Tracking cookie.Ru4";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@ru4[1].txt;"Found Tracking cookie.Ru4";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@revsci[2].txt:\revsci.net.f3475212;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@revsci[2].txt:\revsci.net.f0067737;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@revsci[2].txt:\revsci.net.50e13b1b;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@revsci[2].txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@revsci[2].txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@revsci[2].txt:\revsci.net.18a1d1b2;"Found Tracking cookie.Revsci";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@revsci[2].txt;"Found Tracking cookie.Revsci";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@realmedia[2].txt:\realmedia.com.ef906bac;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@realmedia[2].txt:\realmedia.com.855b46d;"Found Tracking cookie.Realmedia";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@realmedia[2].txt;"Found Tracking cookie.Realmedia";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@questionmarket[1].txt:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@questionmarket[1].txt:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@questionmarket[1].txt;"Found Tracking cookie.Questionmarket";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@pointroll[1].txt:\pointroll.com.f2d5a6f6;"Found Tracking cookie.Pointroll";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@pointroll[1].txt:\pointroll.com.72c0abc9;"Found Tracking cookie.Pointroll";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@pointroll[1].txt;"Found Tracking cookie.Pointroll";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@msnportal.112.2o7[1].txt;"Found Tracking cookie.2o7";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@mediaplex[2].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@mediaplex[2].txt:\mediaplex.com.dc30fb3c;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@mediaplex[2].txt;"Found Tracking cookie.Mediaplex";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@liveperson[1].txt:\liveperson.net.8db0737c;"Found Tracking cookie.Liveperson";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@liveperson[1].txt;"Found Tracking cookie.Liveperson";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@fastclick[1].txt:\fastclick.net.fac3d6f0;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@fastclick[1].txt:\fastclick.net.94ca190b;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@fastclick[1].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@fastclick[1].txt:\fastclick.net.6fd479aa;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@fastclick[1].txt:\fastclick.net.57e8da10;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@fastclick[1].txt;"Found Tracking cookie.Fastclick";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@casalemedia[1].txt:\casalemedia.com.987e6b46;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@casalemedia[1].txt:\casalemedia.com.80ad4799;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@casalemedia[1].txt:\casalemedia.com.350339d4;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@casalemedia[1].txt:\casalemedia.com.2d37ad26;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@casalemedia[1].txt:\casalemedia.com.1773afc;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@casalemedia[1].txt:\casalemedia.com.12e6c053;"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@casalemedia[1].txt;"Found Tracking cookie.Casalemedia";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@burstnet[2].txt:\burstnet.com.c4fe2ebb;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@burstnet[2].txt:\burstnet.com.a3218a37;"Found Tracking cookie.Burstnet";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@burstnet[2].txt;"Found Tracking cookie.Burstnet";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@bs.serving-sys[1].txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@bs.serving-sys[1].txt;"Found Tracking cookie.Serving-sys";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@atdmt[2].txt:\atdmt.com.f4b86dca;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@atdmt[2].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@atdmt[2].txt:\atdmt.com.9e6d7fd3;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@atdmt[2].txt:\atdmt.com.74c5668;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@atdmt[2].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@atdmt[2].txt;"Found Tracking cookie.Atdmt";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@advertising[2].txt:\advertising.com.f62113d5;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@advertising[2].txt:\advertising.com.b624fa46;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@advertising[2].txt:\advertising.com.893d35c2;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@advertising[2].txt:\advertising.com.525a5fb9;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@advertising[2].txt:\advertising.com.203aa218;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@advertising[2].txt:\advertising.com.1dfa2206;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@advertising[2].txt:\advertising.com.1820df7a;"Found Tracking cookie.Advertising";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@advertising[2].txt;"Found Tracking cookie.Advertising";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@adbrite[2].txt:\adbrite.com.f796fd05;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@adbrite[2].txt:\adbrite.com.d5e309c2;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@adbrite[2].txt:\adbrite.com.44f92a69;"Found Tracking cookie.Adbrite";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@adbrite[2].txt;"Found Tracking cookie.Adbrite";"Healed"
C:\Documents and Settings\Pennie\Cookies\pennie@247realmedia[1].txt:\247realmedia.com.855b46d;"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
C:\Documents and Settings\Pennie\Cookies\pennie@247realmedia[1].txt;"Found Tracking cookie.247realmedia";"Healed"
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt;"Found Tracking cookie.Questionmarket";"Healed"
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt;"Found Tracking cookie.2o7";"Healed"
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt:\mediaplex.com.f652b123;"Found Tracking cookie.Mediaplex";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt;"Found Tracking cookie.Mediaplex";"Healed"
C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@m.webtrends[2].txt;"Found Tracking cookie.Webtrends";"Healed"
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt:\fastclick.net.c38980e4;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt:\fastclick.net.94ca190b;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt:\fastclick.net.8a6435e9;"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt;"Found Tracking cookie.Fastclick";"Healed"
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt:\bluestreak.com.bf396750;"Found Tracking cookie.Bluestreak";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt;"Found Tracking cookie.Bluestreak";"Healed"
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt:\atdmt.com.b3e33b5f;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt:\atdmt.com.7247c262;"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt;"Found Tracking cookie.Atdmt";"Healed"
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt:\ad.yieldmanager.com.557bf2b0;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt:\ad.yieldmanager.com.539b0606;"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt;"Found Tracking cookie.Yieldmanager";"Healed"

#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:30 PM

Posted 29 October 2010 - 01:30 AM

Yes, the virus vault is quarantine

you can empty that now.

Cookies are normal to find, every time you go on the internet, you will get cookies, nothing o be concerned about.

How is the machine running?

Are there any outstanding issues?

please post a fresh DDS log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 rascott

rascott
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 PM

Posted 29 October 2010 - 11:29 AM

Thank you!!!
Everything seems to be in order and working great.
Deleted all files in AVG vault and old notifications of virus's were wiped away. Yeah.

Any more instructions?

Questions: How do I prevent this from happening again? Or is that possible?
Update and scan how often? What elese should I do to help keep things clean?


Current reports follow:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/1/2010 10:40:12 PM
System Uptime: 10/29/2010 9:02:54 AM (0 hours ago)

Motherboard: | | K8M800-8237
Processor: AMD Sempron™ Processor 3000+ | Socket 754 | 1799/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 60.992 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP83: 10/28/2010 5:14:06 PM - ruby

==== Installed Programs ======================

5600
5600_Help
5600Trb
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
AiO_Scan
AiOSoftware
Ask Toolbar
AVG Free 9.0
BufferChm
CCleaner
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Destinations
DeviceManagementQFolder
DocProc
eSupportQFolder
Fax
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
Java Auto Updater
Java™ 6 Update 22
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 6-9 Converter
MSN Toolbar Setup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewCopy
PrintKey2000
ProductContext
Readme
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
SolutionCenter
Status
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA/S3G Display Driver
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
XML Paper Specification Shared Components Pack 1.0
Zynga Toolbar

==== Event Viewer Messages From Past Week ========

10/28/2010 8:51:56 PM, error: i8042prt [23] - Could not set the mouse resolution.
10/28/2010 8:44:48 PM, error: i8042prt [22] - Could not set the mouse sample rate.
10/28/2010 5:07:48 PM, error: i8042prt [34] - An error occurred while trying to determine the number of mouse buttons.
10/28/2010 5:05:39 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
10/28/2010 5:05:39 PM, error: Service Control Manager [7034] - The MSN Toolbar Setup service terminated unexpectedly. It has done this 1 time(s).
10/28/2010 5:05:39 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/28/2010 5:05:39 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/27/2010 9:17:40 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/27/2010 7:05:34 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
10/27/2010 7:05:34 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================



DDS (Ver_10-10-21.02) - NTFSx86
Run by Ross at 9:12:46.65 on Fri 10/29/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.494.115 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSN\Toolbar\4.0.0412.0\mstbsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\AVG\AVG9\avgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Ross\Desktop\dds 10 29 10.com

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn0.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [VTTimer] VTTimer.exe
mRun: [VTTrayp] VTtrayp.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-3 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-3 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-3 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 mstbsvc;MSN Toolbar Setup;c:\program files\msn\toolbar\4.0.0412.0\mstbsvc.exe [2010-4-6 102752]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-9 135664]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 517448]

=============== Created Last 30 ================

2010-10-27 14:45:22 -------- d-sha-r- C:\cmdcons
2010-10-27 14:42:35 79872 ----a-w- c:\windows\MBR.exe
2010-10-27 14:42:35 256512 ----a-w- c:\windows\PEV.exe
2010-10-27 14:42:35 161792 ----a-w- c:\windows\SWREG.exe
2010-10-27 14:42:34 98816 ----a-w- c:\windows\sed.exe
2010-10-19 18:40:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-30 14:19:34 -------- d-----w- c:\windows\pss

==================== Find3M ====================

2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

============= FINISH: 9:13:19.67 ===============

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:30 PM

Posted 29 October 2010 - 05:18 PM

HI

just some house keeping to do now.

Please do the following:

You can delete the MBRCheck, DDS and RKU logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image



If there are any logs/tools remaining > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Should you wish to contribute to my ongoing fight against malware, donations are being accepted Here


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 rascott

rascott
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:30 PM

Posted 30 October 2010 - 11:47 AM

Followed instructions, Downloaded WOT ERUNT

All went well. So far everything seems to be in working order.
Thank you so very much for all of your time, energy and effort with this mess.

It has been such a pleasure working with you. Again, I am a novice at all of this and your instructions were clear and easy to follow makeing this process smooth and simple. I am not currently in a financial position to contribute to your cause but I will certainly keep your contact to do so at a later date. It is no telling how much you saved me from have a local tech do this job and I feel that it has been done more deeply than they would have.
I can not thank you enough.

It is my belief that helping other is the rent we pay here on earth.

Ross

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:30 PM

Posted 30 October 2010 - 11:59 AM

You are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users