Unsolved
This post is more than 5 years old
13 Posts
0
2472
April 12th, 2011 16:00
redirection malware problem
Trying to help a friend out here, having trouble with this laptop, it shows all Windows programs are gone, When accessing IE it redirects to websites other thatn what was specified. He ran Malware bytes this morning on it and it shows the following:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6312
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/12/2011 11:49:33 AM
mbam-log-2011-04-12 (11-49-33).txt
Scan type: Quick scan
Objects scanned: 190451
Time elapsed: 30 minute(s), 11 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 3
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
c:\documents and settings\all users\application data\antivirus antispyware 2011\AS2011.exe (Trojan.FakeAlert) -> 4700 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\SE2010 (Rogue.Securityessentials2010) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UqhCBsmkkJeHPx (Trojan.FakeAlert) -> Value: UqhCBsmkkJeHPx -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Rogue.AV) -> Value: Shell -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\updatesst (Trojan.FakeAlert) -> Value: updatesst -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\all users\application data\uqhcbsmkkjehpx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\jar_cache62513.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\will campbell\Desktop\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\will campbell\application data\microsoft\internet explorer\quick launch\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\antivirus antispyware 2011\AS2011.exe (Trojan.FakeAlert) -> Delete on reboot.
Here is what my Hijack This log contains:
see attached file
0 events found
dachill98684
13 Posts
0
April 13th, 2011 13:00
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:44:48 PM, on 4/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 206.151.165.27 ebiz5.standardsupplyco.com
O1 - Hosts: 216.240.133.193 www.google.com
O1 - Hosts: 216.240.133.193 google.com
O1 - Hosts: 216.240.133.193 google.com.au
O1 - Hosts: 216.240.133.193 www.google.com.au
O1 - Hosts: 216.240.133.193 google.be
O1 - Hosts: 216.240.133.193 www.google.be
O1 - Hosts: 216.240.133.193 google.com.br
O1 - Hosts: 216.240.133.193 www.google.com.br
O1 - Hosts: 216.240.133.193 google.ca
O1 - Hosts: 216.240.133.193 www.google.ca
O1 - Hosts: 216.240.133.193 google.ch
O1 - Hosts: 216.240.133.193 www.google.ch
O1 - Hosts: 216.240.133.193 google.de
O1 - Hosts: 216.240.133.193 www.google.de
O1 - Hosts: 216.240.133.193 google.dk
O1 - Hosts: 216.240.133.193 www.google.dk
O1 - Hosts: 216.240.133.193 google.fr
O1 - Hosts: 216.240.133.193 www.google.fr
O1 - Hosts: 216.240.133.193 google.ie
O1 - Hosts: 216.240.133.193 www.google.ie
O1 - Hosts: 216.240.133.193 google.it
O1 - Hosts: 216.240.133.193 www.google.it
O1 - Hosts: 216.240.133.193 google.co.jp
O1 - Hosts: 216.240.133.193 www.google.co.jp
O1 - Hosts: 216.240.133.193 google.nl
O1 - Hosts: 216.240.133.193 www.google.nl
O1 - Hosts: 216.240.133.193 google.no
O1 - Hosts: 216.240.133.193 www.google.no
O1 - Hosts: 216.240.133.193 google.co.nz
O1 - Hosts: 216.240.133.193 www.google.co.nz
O1 - Hosts: 216.240.133.193 google.pl
O1 - Hosts: 216.240.133.193 www.google.pl
O1 - Hosts: 216.240.133.193 google.se
O1 - Hosts: 216.240.133.193 www.google.se
O1 - Hosts: 216.240.133.193 google.co.uk
O1 - Hosts: 216.240.133.193 www.google.co.uk
O1 - Hosts: 216.240.133.193 google.co.za
O1 - Hosts: 216.240.133.193 www.google.co.za
O1 - Hosts: 216.240.133.193 www.google-analytics.com
O1 - Hosts: 216.240.133.193 www.bing.com
O1 - Hosts: 216.240.133.193 search.yahoo.com
O1 - Hosts: 216.240.133.193 www.search.yahoo.com
O1 - Hosts: 216.240.133.193 uk.search.yahoo.com
O1 - Hosts: 216.240.133.193 ca.search.yahoo.com
O1 - Hosts: 216.240.133.193 de.search.yahoo.com
O1 - Hosts: 216.240.133.193 fr.search.yahoo.com
O1 - Hosts: 216.240.133.193 au.search.yahoo.com
O1 - Hosts: 216.240.133.193 www.youtube.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hVpKspPwxiCbXa] C:\Documents and Settings\All Users\Application Data\hVpKspPwxiCbXa.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301692411703
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: itlnfw32 - Invalid registry found
O20 - Winlogon Notify: itlntfy - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1c9ebf56927500e) (gupdate1c9ebf56927500e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 10390 bytes
Bugbatter
4 Apprentice
•
20.5K Posts
0
April 13th, 2011 14:00
Welcome. Thank you for using Dell Community Forums.
I am reviewing your log. In the meantime, you can help me by addressing the following:
* Have you posted this issue on another forum? If so, please provide a link to the topic.
* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.
* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE.
* If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE.
* Please be aware that if your issue involves Windows error codes the chances of resolution may be slim because some of these infections corrupt .exe files. The presence of windows error codes may also indicate hardware problems and could limit the success of infection removal.
* If this computer belongs to someone else, do you have authority to apply the fixes we will use?
* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.
* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.
* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. *Please note also that not all of our tools work on 64-bit systems, so we may be limited in our procedures.
- Download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)- Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)- Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)- Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).If there is a problem after making changes to the system, to restore your registry, go to the folder and start ERUNT.exe
Let me know after you have installed ERUNT.
No Reply within 3 days will result in this topic being closed, and I will remove it from my subscriptions. If you require more time, please let me know.
Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.
dachill98684
13 Posts
0
April 13th, 2011 15:00
Hello, I have not posted this issue to any other forum. I am not sure how to find System Restore as all Programs in Windows appear to be gone, in other words, when I click on the Programs tab in strtup in says "Empty". All of the Icons on my desktop are grayed out. I was able to download and run ERUNT. This laptop is my business partners laptop and he is hoping like heck I can help him get it fixed with your help!!!
Bugbatter
4 Apprentice
•
20.5K Posts
0
April 13th, 2011 15:00
You may need to download our tools to a CD or USB stick and transfer them to the infected machine if you cannot download directly to the desktop of that one.
Please download to the desktop and run the following: http://download.bleepingcomputer.com/grinler/unhide.exe
Next, because AVG conflicts with some of our tools, thus giving you an incomplete malware removal, we'll need to remove AVG.
Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Open notepad - don't use any other text editor than notepad or the script will fail.
Disconnect from the internet....pull the plug!
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray.
Otherwise, they may interfere with running ComboFix.
Open Notepad and copy/paste the following text between the lines below.
Do not copy the dotted lines.
** Make sure you copy/paste ALL the text at once. Do not try to edit extra spaces.
It will copy correctly to Notepad if you highlight and copy as is.
-----------------------------------------------------------------------------------
:
REGISTRY::
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart]
[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray]
[-HKEY_CURRENT_USER\Software\Avg]
[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\.avgdx]
[-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}]
[-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}]
[-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} ]
[-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]
[-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}]
[-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
[-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}]
[-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\06DD9E4F7F3FF9C41BC2BD64A2CE18FE]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1]
[-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner]
[-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABED-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEE-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEF-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}]
[-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_CLASSES_ROOT\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\avgsecuritytoolbar]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_CURRENT_USER\Software\AppDataLow\Avg]
[-HKEY_CURRENT_USER\Software\AVG Security Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG Security Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgtray]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg]
[-HKEY_USERS\.DEFAULT\Software\Avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"=-
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"=-
"avg@igeared"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList]
"AVG"=-
DRIVER::
Avg
AVGIDSAgent
AVGIDSDriver
AVGIDSEH
AVGIDSFilter
AVGIDSShim
Avgldx86
Avgmfx86
Avgrkx86
Avgtdix
avgwd
AVG Security Toolbar Service
avg9emc
avg9wd
FOLDER::
%SYSTEMDRIVE%\$AVG
%COMMONAPPDATA%\AVG10
%COMMONAPPDATA%\MFAData
%COMMONPROGRAMS%\AVG 2011
%APPDATA%\AVG10
%PROGRAMFILES%\AVG
%SYSTEM%\drivers\AVG
%COMMONAPPDATA%\AVG Security Toolbar
%COMMONAPPDATA%\avg9
%COMMONPrograms%\AVG Free 9.0
File::
%COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat
%COMMONDESKTOP%\AVG 2011.lnk
%SYSTEM%\drivers\AVGIDSDriver.sys
%SYSTEM%\drivers\AVGIDSEH.sys
%SYSTEM%\drivers\AVGIDSFilter.sys
%SYSTEM%\drivers\AVGIDSShim.sys
%SYSTEM%\drivers\avgldx86.sys
%SYSTEM%\drivers\avgmfx86.sys
%SYSTEM%\drivers\avgrkx86.sys
%SYSTEM%\drivers\avgtdix.sys
%COMMONDesktop%\AVG Free 9.0.lnk
%PROGRAMFILES%\Mozilla Firefox\searchplugins\avg_igeared.xml
%SYSTEM%\avgrsstx.dll
SECCENTER::
AVG Anti-Virus Free
----------------------------------------------------------------------------
Save this as CFScript.txt
Referring to the picture above, drag CFScript into ComboFix.exe
If prompted to run ComboFix again, please do so..
CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.
When finished, a log is produced here: C:\ComboFix.txt
In your next reply, please post that log along with a new HijackThis log posted from Notepad.
dachill98684
13 Posts
0
April 14th, 2011 08:00
I have been unable to remove AVG, their Uninstall isn't removing it, and as you mentioned above it is conflicting with ComboFix. How can I remove AVG now?
Bugbatter
4 Apprentice
•
20.5K Posts
0
April 14th, 2011 09:00
Try the AVG removal tool: http://www.avg.com/filedir/util/support/avgremover_en.exe
Follow by deleting the AVG Folder from your Program Files if it still exists..
If you still have problems removing AVG, try App Remover: http://www.appremover.com/about/using-appremover.html
dachill98684
13 Posts
0
April 14th, 2011 12:00
Here are the results from ComboFix.txt
ComboFix 11-04-13.02 - Will Campbell 04/14/2011 10:59:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1701 [GMT -7:00]
Running from: c:\documents and settings\Will Campbell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Will Campbell\Desktop\CFScript.txt
AV: Antivirus AntiSpyware 2011 *Enabled/Updated* {651891A1-83CB-406D-A90F-81DF9EE05231}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Antivirus AntiSpyware 2011 *Enabled* {64D70931-8BD8-4C84-9FAD-22D6B710238E}
.
FILE ::
"c:\documents and settings\All Users\Application Data\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat"
"c:\documents and settings\All Users\Desktop\AVG 2011.lnk"
"c:\documents and settings\All Users\Desktop\AVG Free 9.0.lnk"
"c:\program files\Mozilla Firefox\searchplugins\avg_igeared.xml"
"c:\windows\system32\avgrsstx.dll"
"c:\windows\system32\drivers\AVGIDSDriver.sys"
"c:\windows\system32\drivers\AVGIDSEH.sys"
"c:\windows\system32\drivers\AVGIDSFilter.sys"
"c:\windows\system32\drivers\AVGIDSShim.sys"
"c:\windows\system32\drivers\avgldx86.sys"
"c:\windows\system32\drivers\avgmfx86.sys"
"c:\windows\system32\drivers\avgrkx86.sys"
"c:\windows\system32\drivers\avgtdix.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\$AVG
c:\$avg\$CHJW\1f581320-eba3-40e6-8e9a-d9a263bd0d78
c:\$avg\$CHJW\83965a85-4c0f-417c-b626-aa159f92325a
c:\$avg\$CHJW\d6eefeb2-1eb3-486d-9496-5d15f2bbf098
c:\$avg\$CHJW\d79b09fe-0e00-481e-b253-07122a288eaa
c:\$avg\$CHJW\f1c2716d-1056-4350-bf7b-5fdc9baac9f5
c:\$avg\$CHJW\fd235e99-5a2e-4815-a25f-2746b9601bc7
c:\$avg\$VAULT\V_00000003.fil
c:\$avg\$VAULT\V_00000004.fil
c:\$avg\$VAULT\V_00000005.fil
c:\$avg\$VAULT\V_00000006.fil
c:\$avg\$VAULT\V_00000007.fil
c:\$avg\$VAULT\V_00000008.fil
c:\$avg\$VAULT\V_00000009.fil
c:\$avg\$VAULT\V_00000010.fil
c:\$avg\$VAULT\V_00000011.fil
c:\$avg\$VAULT\V_00000012.fil
c:\$avg\$VAULT\V_00000013.fil
c:\$avg\$VAULT\V_00000014.fil
c:\$avg\$VAULT\V_00000015.fil
c:\$avg\$VAULT\V_00000016.fil
c:\$avg\$VAULT\V_00000017.fil
c:\$avg\$VAULT\V_00000018.fil
c:\$avg\$VAULT\V_00000019.fil
c:\$avg\$VAULT\V_00000020.fil
c:\$avg\$VAULT\V_00000021.fil
c:\$avg\$VAULT\vvfolder.idx
c:\documents and settings\All Users\Application Data\16113460.exe
c:\documents and settings\All Users\Application Data\AntiVirus AntiSpyware 2011
c:\documents and settings\All Users\Application Data\AntiVirus AntiSpyware 2011\82.mof
c:\documents and settings\All Users\Application Data\AntiVirus AntiSpyware 2011\weuxiuds\wejtwltjds.cfg
c:\documents and settings\All Users\Application Data\avg9
c:\documents and settings\All Users\Application Data\avg9\Cfg\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\erd.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\krnl.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\mail.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\malrep.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\scan.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\sched.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\update.cfg
c:\documents and settings\All Users\Application Data\avg9\Cfg\user.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\changecfgreg.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\falsealarm.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\krnlall.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\updateall.cfg
c:\documents and settings\All Users\Application Data\avg9\CfgAll\userall.cfg
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgcore.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgfrw.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgldr.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avglng.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgns.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgrs.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgscan.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgsched.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgsrm.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgtdi.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgui.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgupd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.10
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.8
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.9
c:\documents and settings\All Users\Application Data\avg9\Log\avgwd.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.3
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.4
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.5
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.6
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.7
c:\documents and settings\All Users\Application Data\avg9\Log\avgwdsvc.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\commonpriv.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log
c:\documents and settings\All Users\Application Data\avg9\Log\fixcfg.log.lock
c:\documents and settings\All Users\Application Data\avg9\Log\history.xml
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.1
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.2
c:\documents and settings\All Users\Application Data\avg9\Log\vault.log.lock
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000001.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000003.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000278.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000279.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000280.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000281.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000282.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000283.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000284.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000285.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000286.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000287.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000288.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000289.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000290.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000291.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000292.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000293.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000294.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000295.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000296.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000297.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000298.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000299.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000300.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000301.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000302.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000303.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000304.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000305.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000306.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000307.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000308.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000309.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000310.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000311.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000312.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000313.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000314.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000315.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000316.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000317.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000318.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000319.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000320.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000321.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000322.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000323.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000324.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000325.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000326.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000327.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000328.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000329.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000330.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000331.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000332.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000333.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000334.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000335.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000336.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000337.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000338.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000339.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000340.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000341.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000342.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000343.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000344.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000345.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000346.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000347.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000348.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000349.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000350.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000351.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000352.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000353.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000354.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000355.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000356.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000357.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000358.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000359.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000360.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000361.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000362.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000363.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000364.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000365.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000366.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000367.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000368.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000369.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000370.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000371.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000372.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000373.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000374.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000375.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000376.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000377.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000378.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000379.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000380.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000381.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000382.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000383.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000384.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000385.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000386.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000387.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000388.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000389.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000390.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000391.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000392.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000393.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000394.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000395.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000396.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000397.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000398.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000399.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000400.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000401.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000402.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000403.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000404.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000405.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000406.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000407.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000408.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000409.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000410.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000411.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000412.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000413.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000414.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000415.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000416.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000417.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000418.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000419.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000420.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000421.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000422.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000423.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000424.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000425.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000426.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000427.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000428.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000429.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000430.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000431.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000432.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000433.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000434.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000435.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000436.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000437.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000438.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000439.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000440.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000441.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000442.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000443.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000444.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000445.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000446.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000447.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000448.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000449.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000450.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000451.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000452.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000453.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000454.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000455.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000456.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000457.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000458.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000459.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000460.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000461.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000462.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000463.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000464.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000465.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000466.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000467.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000468.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000469.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000470.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000471.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000472.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000473.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000474.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000475.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000476.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000477.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000478.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000479.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000480.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000481.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000482.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000483.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000484.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000485.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000486.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000487.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000488.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000489.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000490.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000491.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000492.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000493.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000494.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000495.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000496.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000497.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000498.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000499.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000500.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000501.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000502.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000503.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000504.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000505.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000506.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000507.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000508.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000509.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000510.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000511.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000512.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000513.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000514.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000515.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000516.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000517.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000518.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000519.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000520.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000521.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000522.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000523.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000524.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000525.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000526.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000527.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000528.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000529.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000530.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000531.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000532.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000533.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000534.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000535.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000536.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000537.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000538.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000539.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000540.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000541.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000542.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000543.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000544.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000545.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000546.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000547.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000548.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000549.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000550.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000551.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000552.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000553.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000554.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000555.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000556.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000557.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000558.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000559.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000560.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000561.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000562.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000563.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000564.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000565.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000566.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000567.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000568.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000569.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000570.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000571.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000572.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000573.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000574.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000575.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000576.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000577.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000578.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000579.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000580.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000581.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000582.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000583.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000584.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000585.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000586.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000587.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000588.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000589.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000590.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000591.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000592.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000593.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000594.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000595.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000596.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000597.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000598.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000599.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000600.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000601.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000602.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000603.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000604.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000605.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000606.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000607.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000608.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000609.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000610.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000611.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000612.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000613.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000614.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000615.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\I_00000616.log
c:\documents and settings\All Users\Application Data\avg9\scanlogs\srm.idx
c:\documents and settings\All Users\Application Data\avg9\Temp\001ec82a-9592-4eb3-a791-2e382c0b6cbb-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\002e3695-7f5d-402d-b8f5-14e45bf325d0-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\008be49d-19de-4f6d-af49-cb0218d50dc9-678-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0135cb65-b7d2-4cfa-819a-34eb6198db50-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\01453fb1-288d-4f4d-97bd-2e5d399df804-650-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\01da5736-430a-4b29-adc7-f6a1ac552d9e-5e4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\02b29cdc-50cb-43cd-87c3-c3d598d833c1-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\02d17d9a-92b4-457c-a609-2ffd83132909-558-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\039d4228-6882-475c-adcb-eff6fa5113aa-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0417ddb9-0823-4bbc-807b-250440aeefba-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\04434189-9a9c-454d-b93b-145dbcdfe205-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0485b388-a17e-4b96-a79b-3632889958b3-64c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\057ed9e6-147a-4389-a611-7a6eb95539d6-650-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\05ce06db-53b6-4d65-84f7-1970a8f62095-6e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0698cf55-7182-4e5f-8204-6d5852a3a99d-604-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\07013f32-c096-4789-afab-1f7f9c3c610f-650-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0760e753-f87a-4591-a774-ccb80b00ca21-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0b2c5d3b-be8f-441c-a310-f143da1f25c5-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0bd744fe-81d6-4f49-bb95-650e7ddfd704-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0bda382c-d63b-40f6-85c1-c73bfb51b9b6-654-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0c45a129-a814-44ca-ac9b-fa86dc1a12c1-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0ce47f77-a685-458c-a801-dbcbf346d6ba-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0e69e4c4-5d55-440e-b08e-15c6147a032a-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0ecabfd2-74f4-426b-9391-a8e5586f061c-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0edbacc1-56cb-4017-9fcd-1e0b1924510c-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0f233fd3-9157-428e-9d37-83018f40d21c-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0f30c0eb-c849-4852-b070-913c0484ee9f-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0f30fbc2-e34d-4b40-95ff-7525cdd724ae-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0fa2c3bf-ddc2-4749-843e-7d6ad2817391-614-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\0fa5753b-7598-4011-9eda-72f2c3d1da14-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1099b52b-9757-4e88-9eb1-e8a288099d8b-640-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\10ba853d-8063-406a-bb2d-9650f09a2c2f-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\11d6ba65-8c12-4a88-bf61-16d339a53adb-5e4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\129403c7-75ec-44bf-ab34-5d816e0ea761-5b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\12aeff11-7f36-4e0e-921c-6f110977607e-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\12c21a0c-b8d8-4c37-85d1-b657f640e2af-620-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\12c50d40-f4a0-49c6-87bc-a38e5900e3e1-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\13f84b7e-cfd1-4fa5-b0ee-486bdab3a879-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1426a287-76be-4824-a563-191a5fa7b73e-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\151241ed-2cd9-4a7b-8ce0-3b5673011840-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\151e8927-6066-4170-82cc-da9e3aa3df33-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\153daba3-20ee-4744-842b-33933d518a72-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\165ccf13-1f66-4fd8-9300-0c5fb6aefae9-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\16671752-2ea0-472c-83b7-a0c62353dc25-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\167a77f8-3996-4217-8fc3-feb29a49b7eb-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1796667c-5954-4a55-b260-f2993e758c82-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1a1e743e-af5e-4c0c-8da9-e920c75cb161-5e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1bbe924b-3624-4d76-ab1c-4d1d35482f87-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1bca1949-ceb3-4573-bde0-643cf8accaf1-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1ca54b49-74af-46af-8dc5-95eb83208d26-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1cd79480-7db7-4a5e-8b59-5eb1c4d382d4-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1d3eca8b-8a74-42fa-8e3d-210eeb1b207f-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1e39e423-14e5-48dc-8968-47a0259a1e1c-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1e802835-b241-4174-a593-76385f94293b-12f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1f842aaa-01e4-483a-a8af-1715a8b7e730-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\1fce7612-76d1-4871-8cb6-fb50d3f114e3-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\200e3695-e5de-44f1-a07a-289dae5c220e-648-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\20fd8d57-babd-4fe9-a653-54275b234f31-630-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\21399970-3767-4cc3-8cc4-971eb4dd5021-5fc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\21d9fe15-ea0d-40cd-9745-078f3d57cb95-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\221d6901-316a-4400-aec1-a64ad57f944b-b28-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\22e38619-5d4a-4929-a3d4-14cda6bd8247-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\237acc83-4c57-4704-81c9-271c0718db59-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\23cdf82d-dd90-41a5-a56d-eb6393ee0866-574-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2448c8f0-2f40-4436-a3cd-eaf36a451fc0-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2448c8f0-2f40-4436-a3cd-eaf36a451fc0-5e4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2463be59-b19a-4dac-86f5-e8be5d91733f-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2472349f-3df2-441e-a359-582650477173-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\254c30ad-2a87-43a5-8e3a-afd05f887e80-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2700e518-4cfb-490f-92e7-bb76118d1f85-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\27110ddf-4ad6-4aa8-82b2-15859b96a085-630-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2732296f-cc14-4de5-8bbb-6f76aa22b095-5d4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\27f037ed-d9db-47ed-a076-52128be6ad43-650-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\28bbfa87-6fb9-470e-9ac3-92348d76d1ab-650-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\28feec03-8945-4ba6-8b3d-ba7a06afbab5-5fc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\29d5f6d7-54b0-42bd-bb75-99e4cee1a511-654-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\29f5d2a9-4d9a-4551-a271-701d86adfdf3-654-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2a100eb1-e138-4f49-ab66-056678d66e3e-5d4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2a5967df-41b0-4192-92b7-074b9a4d7f76-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2a5c5432-f489-4d48-90e2-dfbc54f11c09-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2ac117b4-3611-4782-ac4e-3687aa6b59ef-5dc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2af0ec40-d70b-4b33-9d9c-97afc12cfa8f-658-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2b2a0420-3e40-4a1f-8758-f8501123de05-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2b393f8e-ae94-4da3-802e-84cf3a86a729-644-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2b3c6ca0-ebc2-4901-9f66-dff84be9fdea-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2bd820cf-e040-46a2-8b16-500089152c23-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2cb6c96d-1cac-41d7-9849-08455638014d-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2cd52d9b-a579-4913-882c-63c926542af2-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2d0c97f2-a23a-4832-8954-eed99cb965ca-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2d10c304-df67-4490-a88c-4a03ad1bbc8b-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2dcecba2-633f-4dbe-b887-18d9e6c2549a-674-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2dd0c5bc-01a3-4c86-b9fc-0ff497a3d5b2-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2ed99364-60d0-46c2-a523-a8d0a6e8c479-5f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\2f23218a-535d-4a20-ac43-78d8e995a623-5e0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\300f7f38-6586-49af-aa72-a3668b7e6d76-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\31353d57-2461-4ee9-87ac-afffb39ef70d-5e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3187e8ca-80fb-4297-a7a1-e95c8d0a555f-640-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\31d4a302-b0b5-4352-8df8-158fe11b8dc9-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\32423df8-2d0d-403e-9089-43d35fb2c0b3-658-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\32cc48e9-f76a-48d7-8113-df644aa61b10-630-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\330627eb-5d3a-47f4-8e81-d112ecfbaaf6-620-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\330a4d1d-1278-4379-a8f9-187755409d18-5e4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\338d8480-1b0c-409c-afd0-1248e2cf89c6-604-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\33dcb655-e136-4b51-9176-c510798dd525-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\34f012db-60e1-4c63-9422-89d0f354c3f4-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\35cc7fb3-22e1-408c-8895-9e69481cbb39-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3616cb20-727c-4223-a667-77c319580434-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\36197d9c-0a51-4beb-8002-6c4b0aa86cb7-5e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\36a775db-acda-4edb-b5eb-eb2f093d495e-5f8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3764c323-f750-4b49-9f49-3bc18dc535cb-558-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\37816c02-2b1d-41a7-a24e-a30a8c12d24d-624-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\37d1df96-7b9c-4c04-a601-d98b798fd6d9-5e4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\381f5a0a-4755-4cb7-b180-8de6d1de3acd-5e0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\383c07cf-e973-4fcf-b104-94ff5d975a6d-568-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\384d6f55-71a3-4011-83dc-71c63e5e949b-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\386c58ed-5417-45b7-ae23-66a9ed68cf03-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\38ff3794-627a-4742-a9ec-29107432aad6-604-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3908ca64-a6a4-4e91-b185-df02b824648e-5ec-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3929a635-9f8d-4126-9881-b63b71f1bb6f-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3b5a65fc-41c3-4a14-b863-4bc7eb2729f4-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3b99700a-0a12-442f-aa3e-a47ff8dcf452-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3bcde84e-69e5-485b-8f4b-3d6566a32042-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3cc6c714-b100-4caf-a0b3-752d7dd00317-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3cf22be3-4379-4740-9973-6386f900f562-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3d924ae9-e4dc-4bc8-be27-3d79829e530a-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3e65e8ec-e9c5-46d8-ad1b-3e01e3ad2f77-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3e9a1f77-a5a5-473d-a9d9-df38df02c2b8-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3e9adfb3-42a3-4636-8d01-6761e241ed42-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3f137c44-d690-4e13-a2bd-0785ea51c61b-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3f24eaaa-e6ae-4f2e-b856-f812733764e7-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\3f947ac7-d209-41e6-8d54-fd798bf25903-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\401c4aec-35bd-4850-8ee4-a060f996b5e2-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\40fc6e1a-3cd3-45bb-a7e8-c92740ca5e00-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4108af73-e972-4bd7-9814-54a95e4ec054-64c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4109a98d-87d5-499f-998a-4ac5102f416d-630-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4125dfb6-9385-43be-9dbe-ca4859394f19-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4241d419-3b32-4bd5-861b-d3f4a583884f-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\42bf5812-46ad-4dd0-9fab-4d867315638c-5e4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\431c0713-fbcc-402f-9d41-799a4ca92b05-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\431ebf75-f53d-4b30-b667-78078b181270-604-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\432c7385-cbfa-4f8a-a763-ea505fdf049a-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\438cd402-17ed-4bb1-be94-0bec29c33497-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\43bb2b05-e42d-42d1-ba3f-e77b08b42813-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\43eb7b23-4fd1-48b9-b75e-b92598869da9-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\44a7ca6b-9948-4428-a1bc-09b71c0e8915-650-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\45428387-d7c5-4fe3-84b6-0ead8ca956b5-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\45602b60-31e5-44e1-8df0-80d8e5f3d8ef-608-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4592af76-3a53-485f-a8d1-b790d547222c-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\45fd9ed1-a7c4-4c5c-9687-04120aac5131-650-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\460c4c01-f592-4fdd-83c2-62953655dfbd-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\46297d3d-b943-4ae2-8fad-4e2a4cf24e02-5e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\468bcff4-2660-4079-a288-e7075ee59fb0-5d8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\46e883db-49cf-4f93-9e9c-b2ebc3e5ea48-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\47a4926b-e49e-4db9-a0b8-75e397b039cf-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\47e492a7-0253-4781-9dbe-30c922d8e5e0-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\48358484-2de4-41f3-9169-fb66315f136e-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\488d7e5b-e746-4228-a658-2da19e0952cd-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\489bb9cf-3248-460c-99f9-ae3f6e6e353b-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\49568f74-0ca1-4722-8d3e-821c0946f36b-5e4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\495b3a0a-41da-4fb1-a74f-6ec0ab76dc07-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4985a6b9-4f8d-4f99-a7db-dbf391782eb9-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4a921ff7-e4f3-4166-ad13-607242ed061c-5b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4a9fa10f-1ae6-472a-804c-6dacb732229e-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4abb56ae-5f91-4e3a-8dd0-fe8106b9865e-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4adb7824-436c-43af-9565-615764651655-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4be92e34-0d73-4b87-876c-3eb5fadf0448-5b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4c3358d2-57da-4b7e-8114-314b5b01bfeb-f0c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4c343303-5780-471f-bd64-167c0b8b33ad-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4d69ebd8-e3be-4c16-aa26-b7e5ea9debba-66c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4d826dbe-8046-440c-9f95-d228f069fef3-5dc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\4dbc051b-fa24-4148-8c6c-393aeddf54c4-610-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\50402ab0-024d-4281-acb6-e59c5e56e44f-624-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\50ed4a45-129f-4bbf-adf3-dd1b63b4b48b-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5177157d-2d55-440f-b73b-eb139dea7203-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\51b9cd1b-457b-4ad8-8b68-a5666881057e-64c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5273282f-542a-49b8-b3db-08c18949f0b9-604-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\52e431f0-b1a1-46c9-bef2-89dd8ab41311-624-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5417694e-04e4-4ccf-a264-1af5634a740b-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\54a5686c-23a6-4515-9d19-18b4ccafb01a-650-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\556c3db9-ed0e-4562-92fa-0a6ef7ea586f-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\557fe011-b593-4732-8e96-d500fc03ac64-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\55adb59e-558c-4be3-bfe5-362812c44d05-658-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\55aff556-0433-4a2c-a627-c3c1c281ebea-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\562d3991-875b-4c7f-9eaa-bb9a39540df8-630-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5690d3a7-025f-4899-93b1-668df511f31a-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\57123e13-39c5-4671-a5ab-a4cbd529074b-5d4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\57655e3c-b3c8-4edc-867c-2f04268af03c-5f8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5886ba52-a162-43a3-a4b0-11501c1251a0-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5a10ff2c-2180-4dca-a61c-061201ac381e-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5a245ae6-e477-4b9a-badf-d0114534737d-5b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5a7e15b9-4330-4d4b-af49-9af89f565a45-5b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5b1d7b64-d084-43b4-b496-0088cdd2f001-5e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5b68c2e5-d720-4631-9b1e-44f46ca19a96-668-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5b8a96d7-54d0-446f-bc4d-9d52ba9d910f-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5bb5c6a8-6cd2-400a-9d80-327c3049926a-630-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5bb8ad1c-98bc-4ce7-96ea-f62842cecc5e-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5bddb6fb-f325-4a7a-a253-336c66fc5eb8-5dc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5c7348e9-5612-4a0f-a5a1-e61c1353557e-5ec-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5d41ffb7-28b7-47bf-a1d7-137678a37b19-5e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5d7055bb-f5f8-4edf-9d81-ef0557956f95-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5d9e6c00-39e3-4657-b71e-48dbdfc7a9e4-650-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5da1e1ab-a1f2-4655-8464-af790ab8fdf2-5e0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5f06e2c9-d0f5-4d9c-9b0f-8ef05ccf01bd-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\5fb189cd-09e7-4921-9287-7e02a9d0face-618-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\602d594b-8942-4dd6-906f-99f6c45e72be-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\60efcfb3-ed3a-4629-a8f0-bba47fd9fa3c-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6183e611-857b-4489-9f6d-fdd2b3201d0d-648-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\62219261-fec0-4bd2-8552-efff867becdf-5d4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\627d078f-7188-4ca3-9924-2d493cbe9a91-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\62ae4ae7-f1a2-4079-92f8-e14ad5522ba1-624-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\633e7c04-9690-4337-a42e-cf2082895dd7-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\639d2325-ce74-403f-9cf8-7c59f14cc5e9-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\64035f16-3ece-4914-9e66-499a66b4e37c-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6485d53d-aa63-473f-bf16-bb43f105a4a1-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\64d7fb47-ac55-4f82-a5a6-5b42eb84f131-5e4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\65a3bedb-6886-4d44-a427-a5464611fa51-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\65ae061a-77c0-4599-95de-3aacb3b5dc8c-620-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\65be7a60-0fcd-478d-b037-3fffe4b8def8-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\65beb444-ebe0-47bb-874f-a311395c4fcf-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6627a3a5-32ff-4c17-afcf-e5b114c4991d-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\66bac7f6-12b5-4c64-83ef-c0be24bbcd85-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\67501340-88b0-4a19-a6a5-e7d22d348b36-614-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6762bb85-9934-4b03-998b-465264bb7e92-5e0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\67d2ca2c-5948-494c-a32d-d053b44620d2-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\67d70961-43ce-477d-a5c4-54c8b11b9d47-a6c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\686d4095-d835-4c22-9697-68a397be7443-cf0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\68dc5810-5473-4281-b47c-f157c6c93b22-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\69d966d5-3349-4910-b9d3-79167eba1a72-61c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6a30ecc2-8df6-4ccb-bccf-5437aaac81a2-668-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6ab596dc-bea8-462d-8176-35cfee7dfc26-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6b1d8b22-6863-4dc2-a982-81541804c65b-61c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6b8e93e3-c5da-49d3-b499-01701970e9b4-630-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6bfafcdb-bd06-4c47-a0a9-3f9c53362776-598-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6bfde92f-71df-49fc-9ed3-180e0ed9c409-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6cb55109-6a19-4aee-8992-991325de92c9-5e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6d11ff16-df47-4a8d-bab1-455089c3960b-5d8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6dc0d227-7bb9-4111-9696-9c6d4024ca94-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6dce0d9a-c5bb-46f5-8937-1d0a108aad01-614-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6efbec00-fc8c-431b-8892-7204accd8f8a-5f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6f507fb3-41c3-48e8-8eda-6bcfcefdd940-5f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\6f542b43-919a-4496-b12c-cb698cdea25c-608-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\70cb1558-9966-4e2e-aa40-0cefe1eb17e9-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\70fe59aa-40d2-41a4-a949-cbd0d47e8cb0-5f4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\717be389-adea-44d8-8165-4f46f02fe7d3-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\71ba6734-01f3-4d6b-b29a-98aa0247c0ef-604-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\721fa905-f83b-4719-b8c8-7ab01fcc4120-624-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\72f3463b-4170-4de7-b9d3-80774a9e6a1d-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\73984d75-1517-4fcf-9244-2e99cffa7e97-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\74079ce1-392d-4e20-b7bf-31711c47f54e-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7455d696-7b91-4f2b-a031-62141dd69f14-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7472845b-1eaf-4243-a1b4-692da98fc0b4-658-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\750d3796-d33e-4c25-bfee-5a5d710c29b5-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\75bfc4fd-a912-4069-8170-2fbedd8c0ae1-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\76b81e59-9685-4752-9874-cd2814ccdcf4-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\76b81e59-9685-4752-9874-cd2814ccdcf4-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\76ba592b-d7db-49e1-8237-bbf2371df6bb-5e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\772ee0f7-1d98-44ca-9712-ada26372c110-a94-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\77554a2b-fb20-4f4c-ba3e-bae43aa9386a-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\77c1ac42-6b5d-41e7-a28e-e34acc52128d-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\77c26c7e-085b-41df-87b5-6b73cf903d17-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\780bf9b0-bbf8-437d-805f-bca59d8e5a88-5b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\787efc7f-f5c4-4015-9a62-b3b4c589c332-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\788d6fd7-278e-40a9-a20f-2e4e27df1bad-5b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\79193423-06fa-4761-b300-3e426df43ef5-608-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\79583851-465b-41a3-a01b-8236d18ca4b5-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7baec617-4394-4855-b019-e612c14d4f04-65c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7beccb45-83f4-4198-9d34-2b0525e5b6c4-5b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7d4eda2a-91ce-406d-b935-923c30ed98de-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7d9c5a84-cbd7-4cdc-8134-e56614a880f0-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7d9c955c-e6db-4fc9-a5c2-c94fdefbb600-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7de0c59d-6f1e-40ec-b108-fe56924377b7-608-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7e557bba-d820-4ced-8c5a-dace87ce169c-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7f0583c8-ee0a-4266-80cc-8b1844b33b15-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\7f64ea2b-9c99-40c6-9788-b6995db7eaf9-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8010ca08-fd44-4abb-b183-1f7fb1581d51-61c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8104041d-72c2-48b7-a665-768874759772-620-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\81261bc1-ac02-4dda-b725-3b8b5093091b-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8264df37-4970-4355-bcf1-88d042bad62c-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\82725969-1dc6-47e1-909f-8c2669df72c7-5b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\836986b3-ce0c-426c-876c-cf668ebcee19-5b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\83aa3e56-c0e0-4995-9663-7dd8ff559cdc-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8444b7b3-7408-43a8-9850-00151931b14e-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\84649a6a-cf8e-4875-bed7-e133201d8717-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\84e41d58-26af-48b2-a3d2-7086a1ab2bc2-5ec-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\855eb402-59ff-4f57-b903-07c55a9c85b4-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\86abf3a4-e462-4d7d-99bf-cd568f99cee1-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\86ba2831-ccc7-4028-8dd5-450f10de3367-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\86dc3fd5-0607-454a-9f94-0a12ecfca410-608-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\870d0862-9f7c-4acc-80b6-53339bbcfa51-614-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\882d1f18-7479-4e8f-beca-8e7ea82dc10a-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\88aba8f1-07e4-4064-9c1a-1cd41edc01e5-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\88ade3c3-483a-42f2-87dd-0b9e412e1bac-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8959c4a0-a9e4-4ce7-a0d8-748496ce4e04-5e0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8a11e4e2-773d-4a38-9e88-e91593451e78-5e0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8a11eac2-ff2c-4a12-a348-fedb3c628216-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8b67b847-85b9-416c-9453-e56f82e3e793-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8b9da92e-55a9-41f1-af7a-f90ad95941bf-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8d2e8f93-436c-4637-8a40-41406fd18ab2-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8d68794f-de6b-44a7-a664-6859bb5fc58d-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8da1d226-e13a-44d6-bf1b-b026938ec7d2-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8e3bca0c-681c-4c7a-b6ac-b8fde5388968-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\8f861093-551a-4bd8-95f3-87726855527b-608-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\909a6733-6774-402f-9b1f-ad6355b0bd2d-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\910841e8-6d21-4dc3-bfbe-5d5f2907a944-608-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\911404be-21b3-47ad-b510-5868b6be7abd-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\91c65af4-5708-4583-aa4f-c426ef3726f1-5b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\925f4a45-0fb2-470b-9457-27dd39db43d1-618-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\92f12dde-4b76-4392-bf29-0a3cd762dd8a-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9327dfcd-7417-4651-ad60-a1c0685415b0-644-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\939cd4e2-8568-4f17-b6a1-fb4e2463d69b-630-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\93af7541-3350-4ec8-abfc-50e90cca4a10-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\93fd6e38-f814-49ae-b155-95bef5e740df-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\952ad3ce-6c93-4722-9e33-89b90153ca51-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\95adfd76-3ff7-44f2-9555-4f1fe4a90a0b-650-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\96ab0462-7c41-478a-8dab-4e22d9cba53b-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\96ec3d7c-9b5b-4122-a7fe-77fb1295a6da-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\97805bba-bb8b-4f5a-a33b-ceefeff92d4a-614-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\97e4e269-bcbd-4706-95e4-36f021224f69-630-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\982c7774-12e7-4d9c-9a8f-11ddb3efb1fa-640-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\98bb2df5-37cf-4c65-ac5e-a3f39a11d9aa-60c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9909a095-3ca9-4981-a4a8-c3b1d49314c7-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\99171bc6-1000-4d0c-b956-c708fab7b062-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\994479aa-597a-4a83-bacc-2171437a0447-654-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\994965fe-1808-41bb-b6ea-90cd3c6aa611-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\99f87ac7-586c-4c06-bc1e-de99653c7348-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9a7195db-e564-4015-8cb3-0f36fe1adefc-610-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9a804aeb-bb21-4370-bcae-817fd2e0cf26-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9b28445a-ca8f-42e7-970a-1cd8bbfee4d2-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9b7b637d-6ae4-48f3-be0f-b2f2665db17b-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9babf559-5228-4300-9d48-716b0fa2db07-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9bf8ed5c-d8fc-4c27-962a-3668820e0c9e-5f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9dc1bdbc-5965-4e59-93c1-94357bdb148d-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9e60d8e7-40d2-48e6-af8c-b897c41025a7-53c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9e9deebc-fe61-4f95-a3a6-c5e40650d7c2-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9f254731-31e9-4e65-bb94-6cedfff3ca9c-5d4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\9f516b42-390d-494e-9347-d78d246503b9-614-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a03c108e-51c4-4cdd-b84f-03ae87dee4a2-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a1a53eba-e247-4f22-b566-482f445622e6-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a1d3d675-5279-4a09-995f-1b6d94b8b011-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a38afd9d-836e-4993-959a-9ae3e04e006c-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a619704b-4813-419b-b191-fa52c184ba88-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a81f0521-5a35-4ec7-b401-0f786d2b8b51-604-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a87071cf-4718-46eb-ba29-3b140c890ff6-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a89dd0b2-9192-4362-bb9f-957e554c63da-604-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a8ae3c1e-8612-415e-8af7-1114c3802126-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\a9eace9b-7902-4ec1-b30d-636017d81359-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\aa500a8c-e85b-4796-b47b-30a18d4131eb-64c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\aa7fa14e-3ff0-4e5e-9133-8fe8c2f1de95-5ec-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ab1ad306-0728-4890-b387-858937edbaf2-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ab288ff0-7e71-4fe2-b084-818ecf83f03c-648-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ac370248-b13b-4f76-b831-fb2831d948b8-5b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ac6173de-2d3f-4c19-b43c-082aa4461e88-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ac853c03-d901-4c63-9962-b8d417b613fd-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\adfd202c-99cf-48e1-9b2d-646c3955e923-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ae1acef8-169b-4d58-967b-60a46b10250c-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\af31d713-c0ca-4b78-b543-7b1d49baf740-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\af32d12d-5d2e-493f-b6b8-7139fb9b7859-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\af404d59-4c22-41e9-92a8-ea853c71f574-644-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\af8204fd-49ab-4395-9f93-2fe1ec57a86f-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\af946b83-d1da-44d6-b16c-0ba9cc1ee29c-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\af961ff8-834d-41bd-9149-7627d9202aa0-644-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b07a2481-0f65-4c0f-9315-54771bf7403b-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b09df967-cc05-4d0b-81bb-2cacdea2fced-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b0b05b06-f198-4c14-9408-ff8f704ab734-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b0cf3dbe-4c1e-41e1-ba8f-e0ad78368efc-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b119cbe3-40ac-453e-81af-b1b6bbe470a6-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b1357f8f-4466-4a8f-80be-c2b395bc0f2e-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b2155d1f-3a39-4779-b3f4-53fdde129b7f-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b33c1558-9679-4a7a-91a4-56b1b713a52f-604-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b3ba9f31-2ae3-4c4f-aff4-e5082dc2e409-618-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b4145811-49ac-4c41-96e8-2f1812350699-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b415522b-e710-4a09-985d-2533c41586b2-5e4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b4a44969-8a99-4ef8-8c46-a517c3aa6359-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b4f53695-8a24-466d-9589-d6230f875a5a-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b56c20b0-6d9e-4163-8868-0cc80a96eb2f-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b591e8cf-3fb3-404e-b3c3-c753d704c45b-5b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b5d1a759-9423-48b0-8146-7faa96bdf205-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b689c98f-a16b-48c0-8c6c-741209e388b1-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b6eaa989-0008-4438-a7b8-9b1f80462a0a-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b77668f5-5786-4a17-b3e9-964e1d3de8b3-64c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b7bfba42-2e0f-4c87-957b-836e9697954d-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b8282f06-eb74-426c-80a1-d5636d9dd1dd-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b8deddbe-ed97-425b-97da-dc629a45408c-5e0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\b93951ed-6160-432c-abac-1aad4f88ee3f-604-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bace24a0-274e-43c8-8ad2-4535faa1b97b-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\baf0b9cd-3547-457c-9036-90d10d8ed848-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bb3b0054-2245-45da-b07d-604790aba15c-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bc3326b8-70ef-4e2d-a8be-99a267699dc7-614-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bc858c80-fb35-4619-af5c-bc59b8a8a285-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\be685830-6195-43fb-8da5-21d5f2df7fd9-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\be947b3b-8f0b-4d85-ab8d-9756714e9dae-640-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\be9bdd3a-aaf3-4938-b5fd-d76557e28e4f-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\beba7e39-6286-4a3f-b235-c0d4ec5ecb69-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bf438f10-8f80-4410-a24a-664a2571a5ad-584-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bf834e99-e3f0-4c71-b0cd-1ea0e42ad358-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bf95755b-071d-4cab-a6cd-8390c831390f-640-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\bfe3af16-30e3-4998-88fe-3f3dae0e0355-640-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c01fc010-357c-454c-b32f-97f9b0e668e3-5d8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c08ae949-a353-4917-be31-526d93eded77-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c1182246-c47b-412d-9634-bf1faaf57e15-5fc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c134d10b-5be5-49c2-98c3-304df8619b7f-62c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c1599f11-9b4b-4468-809d-8aa7523bf7c9-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c1ea43e6-6758-4465-91a3-5f44b5b3b8d5-65c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c34d14ff-2bcd-4652-990d-c39adeaba7f9-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c3c72f0d-de17-4802-afd8-ff18d187f665-67c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c3e65284-c3f2-4d77-b76c-62ee2e33865c-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c5d1f7d5-b556-4265-963f-832e37af818d-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c69bc150-d423-4260-954b-d716e15b0a95-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c7639796-b728-46cb-916d-3fc72847926b-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c7f388ef-f814-4882-87cb-b5c6d9bdef2b-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c8aca344-7d6f-47ba-8d32-9569a3c52138-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c9180c3c-759a-4a2e-ba42-d395dd8b5ffa-5ec-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c9273ae9-d611-4dff-a998-3789b6b35fe1-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\c9650539-150c-4772-ba65-0d896caa7011-650-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ca234d9b-fde6-42a9-a539-5337a112dd97-604-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ca2f0f77-97db-4874-944a-d9491318cd8f-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cae09ce4-475c-4e17-9096-a3c9259ac903-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cb2be26b-355b-4d76-afdd-733ea8b79217-654-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cb58c0cb-917e-4a3d-b46e-d2199ef95857-5b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cbfcd106-795e-46d7-9a00-2e2dc8a3bb67-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cc451e79-a3a6-48cd-b19d-fda640e21fab-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cca7b2e8-b4b6-412b-adc6-8e32c3460a07-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cd4eac63-787f-4261-bcb7-13c9f8685544-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cd9af8be-3911-40da-ac28-0cc6d69e4c65-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cdbe8125-5c7f-407c-af41-39b8f34e87ac-61c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ce0bfba5-e848-4d70-ac4a-6e3cd5ee2668-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ce8b38f4-2e25-4d2c-ab77-6611589ead46-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cee825bf-2ca8-4d74-bea4-950712436ab6-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cfb3ee34-70c7-4c0f-82e5-f4cf15edd775-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\cfe3ff93-5117-424e-9df7-43c14f0092dc-610-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d021bb3b-072e-44d2-a9d2-bc7ee902547a-c58-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d04b745c-e828-4a92-82e8-8ad6cc08eab5-5e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d0ab1597-be70-4662-bb27-2e2bedabd3e0-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d339c229-5f28-4e98-ad36-f2ac2185fed4-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d33cb55e-9af0-4b27-af20-dee38446ff06-5e4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d4844969-f019-41bc-b5cb-b9d016136097-5f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d498298c-0eb8-4cf7-84f2-1c2d3989adb9-620-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d4c68090-dbf9-4317-bf9c-f8bc187aa135-648-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d4c7ba6e-dc5e-42e6-9ce9-66afc61cf6c4-5b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d4d534a0-b0b5-4772-b098-6a05ec41935f-5b4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d4e4692d-991b-4a1d-a4ae-e2be6e86f7e5-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d5203b69-145f-4728-aed1-b7c2199ea345-608-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d66794a2-2932-4b2f-89b9-a3e6871aea0f-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d6d99c5d-abfc-46e1-9a05-2fe3e283f11f-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d6f9b8f3-08e8-4b7d-9dd9-7ef397121d77-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d7374484-be8e-4548-8c99-d13bf7497579-648-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d87af227-9d29-42bf-8d70-d2bbc394d4a7-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d8cc1637-847d-46e4-abbf-fdc3a16240b6-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\d999149e-8103-4634-9504-36912040649e-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\db5bc3c4-4b87-4dbb-a303-cc25303a4f62-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\db6b312f-3453-4f35-b367-b2d15f210977-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\db8ad909-8e73-4533-bda0-24fcb86c8ab1-620-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dc04b652-d206-4b59-b99e-52b9703a006f-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dc04f12a-ee0a-4e47-9d2d-35a2398d367f-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dca41511-2211-4e2b-8595-b945a994fcfc-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dcc726d5-d562-4374-9294-6a83dd950906-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dd4c09a5-843e-4e28-95fb-35f88f96c851-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dd51f013-d57a-49a6-949a-0484fc1ae6fd-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dd52e92d-73de-476d-950f-faa0adfa6716-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\de2aee1b-dcad-4c4b-87bd-d026270cd38a-640-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\de97494c-ea4e-4dad-b082-f0a86a952dc7-5b0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\df66ff15-e146-49fe-b2ed-27e228e33818-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\df935ef8-2bc0-4675-b364-824c71a68cfd-624-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\dfe196ba-3ae8-4e44-8d54-c9023bd276c2-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e06e94de-3f0d-446c-81c7-52ca8987d250-5f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e1168873-a13a-4369-912d-ce7d6f889ea6-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e14ac5de-e509-45a7-91ac-837a14fb9586-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e2b001cf-5563-4e7c-931a-50bb8963b318-5b8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e2b23ca1-96b9-400a-bdde-3e85acb5cddf-5e0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e30cf675-f572-42bb-b248-086c07d7b3a7-5f4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e38a3e95-e5ea-41c9-a74a-9f140b1559d3-5cc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e3a9e18f-b71b-46ee-abc4-fd79bb42766e-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e4237e19-715a-4d6c-86b5-a87e1d5133ff-640-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e4f36eba-900b-472d-aba3-598ce33e7897-5d0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e502e20c-dc73-4bdf-ba91-491c6145b193-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e54f6360-301a-4b6c-89d0-113d61b27926-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e5a2010c-a328-4e09-a57a-2df044e0f3f2-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e657b677-c59d-4373-aa27-3996f5e694f8-5d4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e72e0003-3faf-48d2-81a1-a6996ed51e39-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e770f47f-4d86-42e8-b428-38f4a8c2020c-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e81f4619-bcb1-46fd-85b1-14aa97f3e3b9-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e90838ef-22f5-4ca5-8adc-d64ced6b7b9e-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e92a0edb-b942-4e01-b34d-a3a057185399-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\e996302e-c57d-4095-bfc5-5530ec005846-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ea1f0146-6722-4abe-8dcc-78edcf547a5c-650-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\eaa4ab66-7381-457f-8d3e-4ea5b9271029-5e8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\eaeff1ed-6080-45de-ac85-1e1a3c44da3d-584-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\eb9e853f-739d-4cb9-a75c-f27f9ce65598-61c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ec55ed1f-4784-4e0a-8ce6-68a35aec3ea1-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ed1d031e-d931-40be-b04a-5ded5296645d-5f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ed40d22a-e890-4241-93fb-177c1326d8b8-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\edcfca69-8b18-4530-88e4-966012bab460-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\edd083c4-9f27-4450-a84c-0ac36ddb7c4b-600-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ee472d1b-1e9f-4e3f-8053-c8916c2938aa-614-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ee571dfd-35b1-4427-9b12-29a46441449b-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\eeeb792e-2282-4dc6-8a73-078e6027d1c9-63c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ef6516b9-dcc1-4544-a564-b293c1358e5a-658-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ef90c027-7f7d-4f57-84f2-38693c429d71-5f4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f0804ce1-e870-4e63-a999-33160a409b06-570-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f0cf7fb6-ae9a-4918-8b3f-e5dea2fee764-5f0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f145ef34-0759-4597-81c4-2ad898ac697c-648-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f187e790-a8d4-4a09-b7fe-67e3b902b525-5c8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f2037755-7888-4f75-8ea4-f43e24d48f30-5d8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f38c824c-1c92-496e-b9f8-85eeb5c905d5-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f3eafe09-85e5-4dfb-a089-7239cb113df5-6ec-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f4149a09-ab28-4477-a898-34493cfc5f01-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f5c07cdf-2670-428b-89d4-1325ac4f72d9-628-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f81ce426-061f-432b-b498-a3cfd2e54685-5e4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f85ba88f-e37d-4c66-86da-70eb3abcd8cf-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f94554c1-5dd0-412d-ab6e-a5f0eb55379f-5bc-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f9c597f0-2a9c-41c2-af5b-b28b1623231c-650-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\f9e6b380-addb-44ff-b764-0c7c24af332c-594-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fa30f90d-7587-45bc-9076-d0114dce1888-5c4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fa4fa2e6-cfa7-4bba-9aaf-433ca61999c2-640-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fa9154a4-5fde-40ab-aa1c-e8c9c993c89e-640-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fa919a42-7021-402c-90ea-7f47c770e56a-5c0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fb384e18-49fa-4082-be42-784157b2f892-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fb5d98af-4856-42db-b4f9-ad33ed50249a-5a8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fbdd9a2b-4cdd-4f09-8963-b83f4bb091b1-634-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fbe95b01-0c24-4575-bda9-483117b46662-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fc63fe6c-4e52-4ccd-9c5b-07fb20df8791-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fcb618b5-4066-435e-b86b-7e6fca230ce3-59c-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fd7db41d-2205-47fa-9740-782d636d3e2a-614-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fd80e710-e622-4431-bb37-e71d1ceef989-5a0-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fd8e5c62-3389-48e4-8b25-d7ad9af53186-5ec-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fd9dd2a7-bee1-4e55-a88a-47158dab2fba-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\fdb0382e-51c6-4a19-b856-b9c7acbf6d1f-5d8-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ff279be6-bffa-4487-aa90-e017ac300cb1-614-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ff712811-98e9-45c6-a96f-3c29d42c0eda-5ac-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ff75155f-7115-401c-adce-1f7ce8cd9024-5a4-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\ffaeb983-d67e-406a-9def-a437dc80ca7b-638-oopp.tmp
c:\documents and settings\All Users\Application Data\avg9\Temp\file9514.tmp
c:\documents and settings\All Users\Application Data\avg9\update\backup\incavi.avm
c:\documents and settings\All Users\Application Data\avg9\update\backup\sb.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\sb.dat.xcd
c:\documents and settings\All Users\Application Data\avg9\update\backup\sb2.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\sc.dat
c:\documents and settings\All Users\Application Data\avg9\update\backup\sc.dat.xcd
c:\documents and settings\All Users\Application Data\avg9\update\prepare\temp\cty.cty
c:\documents and settings\All Users\Application Data\hVpKspPwxiCbXa .exe
c:\documents and settings\All Users\Application Data\hVpKspPwxiCbXa.exe
c:\documents and settings\All Users\Application Data\KbEkKJuBmaVdP.exe
c:\documents and settings\Will Campbell\Application Data\Adobe\plugs
c:\documents and settings\Will Campbell\WINDOWS
C:\Windows Restore
c:\windows restore\Uninstall Windows Restore.lnk
c:\windows restore\Windows Restore.lnk
c:\windows\system32\drivers\fad.sys
c:\windows\system32\itlnfw32.dll
c:\windows\system32\itlpfw32.dll
c:\windows\winhelp.ini
.
.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ITLPERF
-------\Legacy_SRV139C
-------\Service_itlperf
-------\Service_srv139C
.
.
((((((((((((((((((((((((( Files Created from 2011-03-14 to 2011-04-14 )))))))))))))))))))))))))))))))
.
.
2011-04-14 17:33 . 2011-04-14 17:40 -------- d-----w- C:\32788R22FWJFW
2011-04-14 16:56 . 2011-04-14 16:56 -------- d-----w- C:\AVGTemp
2011-04-13 20:49 . 2011-04-13 20:52 -------- d-----w- c:\program files\ERUNT
2011-04-12 21:16 . 2011-04-12 21:16 388096 ----a-r- c:\documents and settings\Will Campbell\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-12 21:16 . 2011-04-12 21:16 -------- d-----w- c:\program files\Trend Micro
2011-04-12 20:07 . 2011-04-12 20:07 378 ----a-w- c:\windows\system32\drivers\kteaovvo.dat
2011-04-11 16:16 . 2011-04-11 16:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-04-11 01:38 . 2011-04-11 01:38 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-04-09 04:49 . 2011-04-09 04:49 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC205C4A-8CE4-4115-8C85-0FE5E5BE974E}\MpKsl84ef9398.sys
2011-04-07 15:50 . 2011-04-07 15:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-04-07 15:50 . 2011-04-07 15:50 -------- d-----w- C:\Adobe
2011-04-02 18:23 . 2011-04-02 18:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-04-01 21:25 . 2011-04-01 21:25 -------- d-----w- c:\documents and settings\Will Campbell\Local Settings\Application Data\Mozilla
2011-04-01 20:54 . 2011-03-23 17:11 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC205C4A-8CE4-4115-8C85-0FE5E5BE974E}\mpengine.dll
2011-04-01 20:54 . 2011-02-03 01:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-01 20:28 . 2011-04-10 18:57 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-01 20:24 . 2011-04-01 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-01 19:32 . 2011-04-01 19:32 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-01 19:31 . 2011-04-01 19:31 -------- d-----w- c:\documents and settings\Will Campbell\Application Data\52D3B45905C56554A4F1F41C038F31D1
2011-04-01 19:12 . 2011-04-01 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-04-01 18:22 . 2011-04-01 19:32 -------- d-----w- c:\documents and settings\Will Campbell\Application Data\Spyware Terminator
2011-04-01 18:21 . 2011-04-01 19:32 -------- d-----w- c:\program files\Spyware Terminator
2011-04-01 18:15 . 2011-04-01 18:15 -------- d-----w- c:\program files\Sunbelt Software
2011-04-01 18:12 . 2011-04-14 00:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-01 18:08 . 2011-04-01 19:32 -------- d-----w- c:\program files\Malware Eraser
2011-04-01 18:07 . 2011-04-01 19:32 -------- dc----w- c:\documents and settings\All Users\Application Data\{870E601A-FE70-4098-94B2-6E9963FCAA51}
2011-04-01 18:06 . 2011-04-01 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-01 18:06 . 2011-04-01 18:06 -------- d-----w- c:\program files\Lavasoft
2011-03-30 03:35 . 2011-03-30 03:35 -------- d-sh--w- c:\documents and settings\All Users\Application Data\BMFIYGP
2011-03-30 03:34 . 2011-03-30 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\1849fc
2011-03-27 04:52 . 2011-03-27 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\dIpBgGaPdPe28601
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-11 23:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 23:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-11 23:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-11 23:11 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-11 23:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-03-18 17:53 . 2011-04-01 21:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime"
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2003-11-10 34832]
"hVpKspPwxiCbXa"="c:\documents and settings\All Users\Application Data\hVpKspPwxiCbXa.exe" [N/A]
"KbEkKJuBmaVdP"="c:\documents and settings\All Users\Application Data\KbEkKJuBmaVdP.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Desktop Application Director 8.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel Desktop Application Director 8.LNK
backup=c:\windows\pss\Corel Desktop Application Director 8.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-04-07 20:07 496752 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-09-13 22:33 155648 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-09-01 23:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
c:\windows\system32\dla\tfswctrl.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 14:04 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-01-25 08:05 168448 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 21:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 21:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 21:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
c:\program files\iTunes\iTunesHelper.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-04-10 01:48 72708 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-18 20:08 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 10:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-16 13:18 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xextrpku]
c:\docume~1\WILLCA~1\LOCALS~1\Temp\ruxplnfpr\dgxfpvausbs.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"MsMpSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
" \\\\termserver\\pb\\pb.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [1/25/2006 12:43 AM 87936]
S1 MpKsl5a6d9c04;MpKsl5a6d9c04;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC205C4A-8CE4-4115-8C85-0FE5E5BE974E}\MpKsl5a6d9c04.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC205C4A-8CE4-4115-8C85-0FE5E5BE974E}\MpKsl5a6d9c04.sys [?]
S1 MpKsl679b102c;MpKsl679b102c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC205C4A-8CE4-4115-8C85-0FE5E5BE974E}\MpKsl679b102c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC205C4A-8CE4-4115-8C85-0FE5E5BE974E}\MpKsl679b102c.sys [?]
S1 MpKsl84ef9398;MpKsl84ef9398;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC205C4A-8CE4-4115-8C85-0FE5E5BE974E}\MpKsl84ef9398.sys [4/8/2011 9:49 PM 28752]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate1c9ebf56927500e;Google Update Service (gupdate1c9ebf56927500e);c:\program files\Google\Update\GoogleUpdate.exe [6/13/2009 12:05 AM 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 07:01]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 07:05]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 07:05]
.
2011-04-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Will Campbell\Application Data\Mozilla\Firefox\Profiles\4il84ilt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8893
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-itlntfy - itlnfw32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 11:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1004)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(1616)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\brss01a.exe
c:\windows\System32\SCardSvr.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\basfipm.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-04-14 11:21:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-14 18:21
.
Pre-Run: 79,629,934,592 bytes free
Post-Run: 80,135,872,512 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 567DCA1F5E644FD4A86F241D485D5035
and my HijackThis Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:27:26 AM, on 4/14/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [hVpKspPwxiCbXa] C:\Documents and Settings\All Users\Application Data\hVpKspPwxiCbXa.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [KbEkKJuBmaVdP] C:\Documents and Settings\All Users\Application Data\KbEkKJuBmaVdP.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301692411703
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1c9ebf56927500e) (gupdate1c9ebf56927500e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Unknown owner - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
--
End of file - 6402 bytes
What do I do next?
Bugbatter
4 Apprentice
•
20.5K Posts
0
April 14th, 2011 13:00
You have quite a mess there with more than one infection. You may have to reinstall some programs, but I'll see what can be cleaned up first. I will have to write some script for you to run. In the meantime we need to see some additional information about what is happening in your machine.
Please download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
-----------------------------------------------------
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.
dachill98684
13 Posts
0
April 14th, 2011 14:00
Here is the DDS.txt
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Will Campbell at 12:53:14.81 on Thu 04/14/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1584 [GMT -7:00]
.
AV: Antivirus AntiSpyware 2011 *Enabled/Updated* {651891A1-83CB-406D-A90F-81DF9EE05231}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Antivirus AntiSpyware 2011 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Will Campbell\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask .exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [hVpKspPwxiCbXa] c:\documents and settings\all users\application data\hVpKspPwxiCbXa.exe
dRun: [KbEkKJuBmaVdP] c:\documents and settings\all users\application data\KbEkKJuBmaVdP.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301692411703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\willca~1\applic~1\mozilla\firefox\profiles\4il84ilt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8893
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-1-25 87936]
S1 MpKsl5a6d9c04;MpKsl5a6d9c04;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec205c4a-8ce4-4115-8c85-0fe5e5be974e}\mpksl5a6d9c04.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec205c4a-8ce4-4115-8c85-0fe5e5be974e}\MpKsl5a6d9c04.sys [?]
S1 MpKsl679b102c;MpKsl679b102c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec205c4a-8ce4-4115-8c85-0fe5e5be974e}\mpksl679b102c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec205c4a-8ce4-4115-8c85-0fe5e5be974e}\MpKsl679b102c.sys [?]
S1 MpKsl84ef9398;MpKsl84ef9398;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ec205c4a-8ce4-4115-8c85-0fe5e5be974e}\MpKsl84ef9398.sys [2011-4-8 28752]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate1c9ebf56927500e;Google Update Service (gupdate1c9ebf56927500e);c:\program files\google\update\GoogleUpdate.exe [2009-6-13 133104]
.
=============== Created Last 30 ================
.
2011-04-14 17:46:56 -------- d-sha-r- C:\cmdcons
2011-04-14 17:40:54 98816 ----a-w- c:\windows\sed.exe
2011-04-14 17:40:54 89088 ----a-w- c:\windows\MBR.exe
2011-04-14 17:40:54 256512 ----a-w- c:\windows\PEV.exe
2011-04-14 17:40:54 161792 ----a-w- c:\windows\SWREG.exe
2011-04-14 16:56:59 -------- d-----w- C:\AVGTemp
2011-04-12 21:16:25 388096 ----a-r- c:\docume~1\willca~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-12 21:16:23 -------- d-----w- c:\program files\Trend Micro
2011-04-12 20:07:02 378 ----a-w- c:\windows\system32\drivers\kteaovvo.dat
2011-04-09 04:49:44 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{ec205c4a-8ce4-4115-8c85-0fe5e5be974e}\MpKsl84ef9398.sys
2011-04-07 15:50:23 -------- d-----w- C:\Adobe
2011-04-01 20:54:42 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{ec205c4a-8ce4-4115-8c85-0fe5e5be974e}\mpengine.dll
2011-04-01 20:54:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-01 20:28:57 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-01 20:24:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2011-04-01 19:32:51 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-01 19:32:51 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-01 19:31:59 -------- d-----w- c:\docume~1\willca~1\applic~1\52D3B45905C56554A4F1F41C038F31D1
2011-04-01 19:12:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2011-04-01 18:22:16 -------- d-----w- c:\docume~1\willca~1\applic~1\Spyware Terminator
2011-04-01 18:21:32 -------- d-----w- c:\program files\Spyware Terminator
2011-04-01 18:15:19 -------- d-----w- c:\program files\Sunbelt Software
2011-04-01 18:12:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-01 18:08:03 -------- d-----w- c:\program files\Malware Eraser
2011-04-01 18:07:19 -------- dc----w- c:\docume~1\alluse~1\applic~1\{870E601A-FE70-4098-94B2-6E9963FCAA51}
2011-04-01 18:06:49 -------- d-----w- c:\program files\Lavasoft
2011-03-30 03:35:31 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\BMFIYGP
2011-03-30 03:34:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\1849fc
2011-03-27 04:52:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\dIpBgGaPdPe28601
2011-03-18 18:36:50 -------- d-----w- c:\docume~1\willca~1\locals~1\applic~1\Threat Expert
2011-03-18 18:19:13 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-03-18 18:19:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-03-18 17:57:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-03-18 17:55:20 -------- d-----w- c:\docume~1\willca~1\applic~1\IObit
2011-03-18 17:55:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2011-03-18 17:55:12 -------- d-----w- c:\program files\IObit
2011-03-15 21:32:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\dKcNjIp06504
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
============= FINISH: 12:53:28.85 ===============
and here is the Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/31/2006 7:20:26 PM
System Uptime: 4/14/2011 11:14:41 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0H8384
Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 1729/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 74.739 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 3/13/2011 2:08:18 PM - System Checkpoint
RP2: 3/15/2011 11:48:01 AM - System Checkpoint
RP3: 3/17/2011 6:54:08 AM - System Checkpoint
RP4: 3/18/2011 7:43:58 AM - Restore Operation
RP5: 3/18/2011 12:45:46 PM - PC Tools AntiVirus Free: Cleaning Threats
RP6: 3/21/2011 7:17:25 AM - System Checkpoint
RP7: 3/22/2011 7:24:11 AM - System Checkpoint
RP8: 3/23/2011 10:07:58 PM - System Checkpoint
RP9: 3/25/2011 7:17:01 AM - System Checkpoint
RP10: 3/26/2011 9:44:23 AM - System Checkpoint
RP11: 3/28/2011 8:06:12 AM - System Checkpoint
RP12: 3/29/2011 9:33:26 AM - System Checkpoint
RP13: 3/30/2011 10:49:43 AM - System Checkpoint
RP14: 3/31/2011 12:38:06 PM - System Checkpoint
RP15: 4/1/2011 11:15:12 AM - Installed VIPRE Antivirus.
RP16: 4/1/2011 12:31:23 PM - Restore Operation
RP17: 4/1/2011 12:40:27 PM - Installed VIPRE Antivirus.
RP18: 4/1/2011 1:27:59 PM - Removed VIPRE Antivirus.
RP19: 4/2/2011 5:17:40 PM - System Checkpoint
RP20: 4/2/2011 8:38:26 PM - Microsoft Antimalware Checkpoint
RP21: 4/4/2011 8:07:10 AM - System Checkpoint
RP22: 4/6/2011 7:31:51 AM - System Checkpoint
RP23: 4/7/2011 12:38:06 PM - System Checkpoint
RP24: 4/9/2011 8:38:26 AM - System Checkpoint
RP25: 4/10/2011 10:32:38 AM - Microsoft Antimalware Checkpoint
RP26: 4/11/2011 1:25:30 PM - System Checkpoint
RP27: 4/12/2011 9:05:29 AM - Microsoft Antimalware Checkpoint
RP28: 4/14/2011 7:21:04 AM - System Checkpoint
.
==== Installed Programs ======================
.
Abacast Client
Accounting 101 - Receivables Processing (CommerceCenter)
Accounting 103 - Payables Processing (CommerceCenter)
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0 Standard
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
Advanced SystemCare 3
ALPS Touch Pad Driver
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Toolbar
AOL Uninstaller
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belarc Advisor 8.1
Bluetooth Stack for Windows by Toshiba
Bonjour
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
Brother Internet Print 1.63
Brother MFC-5440CN
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon EOS 5D WIA Driver
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.3
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Compatibility Pack for the 2007 Office system
Conexant D110 MDC V.9x Modem
Corel WordPerfect Suite 8
Critical Update for Windows Media Player 11 (KB959772)
Dell Printer Software
Dell Software Uninstall
Dell Wireless WLAN Card
Digital Line Detect
Download Updater (AOL LLC)
ERUNT 1.1j
FastStone Photo Resizer 2.7
Google AFE
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel RSX 3D
Intel(R) Graphics Media Accelerator Driver for Mobile
Internal Network Card Power Management
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Modem Helper
Mozilla Firefox 4.0 (x86 en-US)
MultiView 2000
NetWaiting
PowerDVD 5.1
QuickSet
QuickTime
RealPlayer Basic
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic RecordNow! Plus
Sonic Update Manager
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
VuePrint
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
4/9/2011 7:47:45 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/9/2011 7:47:45 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/9/2011 7:47:45 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/9/2011 7:47:45 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/9/2011 7:46:18 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
4/8/2011 9:26:34 PM, error: Dhcp [1002] - The IP address lease 192.168.1.68 for the Network Card with network address 00197D67A2AB has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
4/8/2011 8:18:26 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer OD2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{474D400D-B847-4C6A-88A3. The master browser is stopping or an election is being forced.
4/8/2011 7:16:24 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/8/2011 7:16:24 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/8/2011 7:16:24 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/8/2011 7:16:24 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/8/2011 7:09:11 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
4/13/2011 9:49:39 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
4/13/2011 9:49:39 AM, error: Service Control Manager [7023] - The srv139C service terminated with the following error: Invalid access to memory location.
4/13/2011 9:49:09 AM, error: SRService [104] - The System Restore initialization process failed.
4/12/2011 5:19:22 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/12/2011 5:19:22 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/12/2011 5:18:50 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
4/11/2011 5:01:38 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
4/10/2011 8:09:38 PM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: Access is denied.
4/10/2011 8:09:37 PM, error: Rasman [20035] - Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.
4/10/2011 5:41:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
4/10/2011 5:41:50 PM, error: Service Control Manager [7000] - The NICCONFIGSVC service failed to start due to the following error: The system cannot find the file specified.
4/10/2011 5:40:55 PM, error: Dhcp [1002] - The IP address lease 192.168.0.10 for the Network Card with network address 00197D67A2AB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/10/2011 2:24:34 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/10/2011 2:24:34 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/10/2011 2:24:34 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/10/2011 2:24:34 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6702.0&avdelta=1.101.633.0&asdelta=1.101.633.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
4/10/2011 2:20:37 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.633.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
4/10/2011 12:00:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde SBRE
4/10/2011 11:45:05 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer JERRYARMSTRO-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DE7FDFAB-E89. The master browser is stopping or an election is being forced.
4/10/2011 10:38:59 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
.
==== End Of File ===========================
Bugbatter
4 Apprentice
•
20.5K Posts
0
April 14th, 2011 15:00
There is a lot of outdated stuff in there. Please go to Add/Remove and uninstall Microsoft Antimalware. Make sure you do not remove Miicrosoft Security Essentials!
Now we will run Combofix again but we need to disable Microsoft Security Essentials and any other anti-spyware applications tht may be running this time around.
Disconnect from the internet....pull the plug!
To disable your AntiVirus and AntiSpyware applications, it's usually via a right click on the System Tray.
Otherwise, they may interfere with running ComboFix. For MSSE, Open Microsoft Security Essentials >Settings>Realtime Protection >UNcheck the realtime protection reboot.
Open Notepad and copy/paste the following text between the lines below.
Do not copy the dotted lines.
** Make sure you copy/paste ALL the text at once. Do not try to edit extra spaces.
It will copy correctly to Notepad if you highlight and copy as is.
-----------------------------------------------------------------------------------
File::
c:\documents and settings\All Users\Application Data\hVpKspPwxiCbXa.exe
c:\documents and settings\All Users\Application Data\KbEkKJuBmaVdP.exe
Folder::
C:\AVGTemp
c:\docume~1\WILLCA~1\LOCALS~1\Temp\ruxplnfpr
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"hVpKspPwxiCbXa"=-
"KbEkKJuBmaVdP"=-
RenV::
c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Microsoft Security Client\msseces .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
c:\program files\QuickTime\qttask .exe
----------------------------------------------------------------------------
Save this as CFScript.txt
Referring to the picture above, drag CFScript into ComboFix.exe
You will be prompted to run Combofix again.
Follow the same instructions you did before for running ComboFix.
CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.
When finished, a log is produced here: C:\ComboFix.txt
In your next reply, please post that log along with all others requested as follows:
Configure to show all files/folders:
Go to Start>Search and at the top select Tools>Folder Options
Select the View tab
Display the contents of system folders
Show hidden files and folders
Uncheck: Hide protected operating system files
Click on Apply.
Next go to the side of the Search box and select All files and folders. Go down to More advanced options.
Be sure the first three boxes are selected:
Search System folders
Search Hidden Files and folders
Search SubFolders
Finally, if you can find it, please upload the following file:
c:\windows\system32\drivers\kteaovvo.dat
to Virus Total for analysis here: http://www.virustotal.com/
At the top of the page you will see:
Select file>Browse>Send
Just follow the prompts.
The submission will then be tested against many different AV vendors’ scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.
When you get the report, please post back the exact results.
When finished, please go back and rehide files:
Start>Search and at the top select Tools>Folder Options
Select the View tab
Display the contents of system folders
Show hidden files and folders
/check: Hide protected operating system files
Click on Apply.
Download CKScanner from here: http://downloads.malwareremoval.com/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
To summarize:
* You will include:
1.Your Combofix log.
2..Your report from Virus Total
3. Your CK Scanner report
dachill98684
13 Posts
0
April 14th, 2011 16:00
Your instructions say to go to Add/Remove and uninstall Microsoft Antimalware, I'm thinking Add/Remove software in Control Panel, right?, but I don't see anything with that name in there. Also Microsoft Security Essentials is an Empty Program, when I double click on the shortcut nothing happens.
Bugbatter
4 Apprentice
•
20.5K Posts
0
April 14th, 2011 17:00
DDS scan of Add/Remove shows these as being installed:
Microsoft Security Essentials
Malwarebytes' Anti-Malware
The ComboFix log shows this as installed and enabled but outdated:
AV: Microsoft Security Essentials *Enabled/Outdated*
Microsoft Anti-Malware is not listed in Add/Remove programs?
One of the corrupt files is Microsoft Security Essentials, so that may be why it won't open.
You can try running ComboFix without disabling MSSE, but it is a risk.
dachill98684
13 Posts
0
April 14th, 2011 18:00
ComboFix 11-04-13.02 - Will Campbell 04/14/2011 17:12:27.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1586 [GMT -7:00]
Running from: c:\documents and settings\Will Campbell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Will Campbell\Desktop\CFScript.txt
AV: Antivirus AntiSpyware 2011 *Enabled/Updated* {651891A1-83CB-406D-A90F-81DF9EE05231}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Antivirus AntiSpyware 2011 *Enabled* {64D70931-8BD8-4C84-9FAD-22D6B710238E}
.
FILE ::
"c:\documents and settings\All Users\Application Data\hVpKspPwxiCbXa.exe"
"c:\documents and settings\All Users\Application Data\KbEkKJuBmaVdP.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-03-15 to 2011-04-15 )))))))))))))))))))))))))))))))
.
.
2011-04-13 20:49 . 2011-04-13 20:52 -------- d-----w- c:\program files\ERUNT
2011-04-12 21:16 . 2011-04-12 21:16 388096 ----a-r- c:\documents and settings\Will Campbell\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-12 21:16 . 2011-04-12 21:16 -------- d-----w- c:\program files\Trend Micro
2011-04-12 20:07 . 2011-04-12 20:07 378 ----a-w- c:\windows\system32\drivers\kteaovvo.dat
2011-04-11 16:16 . 2011-04-11 16:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2011-04-11 01:38 . 2011-04-11 01:38 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2011-04-07 15:50 . 2011-04-07 15:50 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-04-07 15:50 . 2011-04-07 15:50 -------- d-----w- C:\Adobe
2011-04-02 18:23 . 2011-04-02 18:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-04-01 21:25 . 2011-04-01 21:25 -------- d-----w- c:\documents and settings\Will Campbell\Local Settings\Application Data\Mozilla
2011-04-01 20:54 . 2011-02-03 01:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-01 20:28 . 2011-04-14 23:53 -------- d-----w- c:\program files\Microsoft Security Client
2011-04-01 20:24 . 2011-04-01 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-01 19:32 . 2011-04-01 19:32 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-01 19:31 . 2011-04-01 19:31 -------- d-----w- c:\documents and settings\Will Campbell\Application Data\52D3B45905C56554A4F1F41C038F31D1
2011-04-01 19:12 . 2011-04-01 19:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2011-04-01 18:22 . 2011-04-01 19:32 -------- d-----w- c:\documents and settings\Will Campbell\Application Data\Spyware Terminator
2011-04-01 18:21 . 2011-04-01 19:32 -------- d-----w- c:\program files\Spyware Terminator
2011-04-01 18:15 . 2011-04-01 18:15 -------- d-----w- c:\program files\Sunbelt Software
2011-04-01 18:08 . 2011-04-01 19:32 -------- d-----w- c:\program files\Malware Eraser
2011-04-01 18:07 . 2011-04-01 19:32 -------- dc----w- c:\documents and settings\All Users\Application Data\{870E601A-FE70-4098-94B2-6E9963FCAA51}
2011-04-01 18:06 . 2011-04-01 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-01 18:06 . 2011-04-01 18:06 -------- d-----w- c:\program files\Lavasoft
2011-03-30 03:35 . 2011-03-30 03:35 -------- d-sh--w- c:\documents and settings\All Users\Application Data\BMFIYGP
2011-03-30 03:34 . 2011-03-30 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\1849fc
2011-03-27 04:52 . 2011-03-27 04:53 -------- d-----w- c:\documents and settings\All Users\Application Data\dIpBgGaPdPe28601
2011-03-26 04:37 . 2011-03-26 04:37 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2011-03-26 04:37 . 2011-03-26 04:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2011-03-18 18:36 . 2011-03-18 18:36 -------- d-----w- c:\documents and settings\Will Campbell\Local Settings\Application Data\Threat Expert
2011-03-18 18:19 . 2011-04-14 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-03-18 18:11 . 2011-04-01 21:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2011-03-18 17:57 . 2011-03-18 19:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-03-18 17:55 . 2011-04-14 00:55 -------- d-----w- c:\documents and settings\Will Campbell\Application Data\IObit
2011-03-18 17:55 . 2011-03-18 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2011-03-18 17:55 . 2011-03-18 18:09 -------- d-----w- c:\program files\IObit
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-11 23:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 23:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-11 23:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-11 23:11 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-11 23:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-03-18 17:53 . 2011-04-01 21:25 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-15_00.00.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 23:00 . 2011-04-15 00:09 74048 c:\windows\system32\perfc009.dat
- 2004-08-11 23:00 . 2011-04-14 23:37 74048 c:\windows\system32\perfc009.dat
+ 2004-08-11 23:00 . 2011-04-15 00:09 447690 c:\windows\system32\perfh009.dat
- 2004-08-11 23:00 . 2011-04-14 23:37 447690 c:\windows\system32\perfh009.dat
+ 2006-01-25 08:00 . 2011-04-15 00:07 3777536 c:\windows\Installer\99e8.msi
- 2006-01-25 08:00 . 2011-04-14 16:46 3777536 c:\windows\Installer\99e8.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime"
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk
backup=c:\windows\pss\AOL Companion.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel Desktop Application Director 8.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Corel Desktop Application Director 8.LNK
backup=c:\windows\pss\Corel Desktop Application Director 8.LNKCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Wireless Manager UI]
c:\windows\system32\WLTRAY
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2004-04-07 20:07 496752 ----a-w- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-09-13 22:33 155648 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-09-01 23:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-04-26 14:04 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-01-25 08:05 168448 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 21:32 77824 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 21:36 114688 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 21:35 94208 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-04-14 15:22 72712 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2006-03-18 20:08 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 10:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-16 13:18 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)
"MsMpSvc"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
" \\\\termserver\\pb\\pb.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [1/25/2006 12:43 AM 87936]
S1 MpKsl5a6d9c04;MpKsl5a6d9c04;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC205C4A-8CE4-4115-8C85-0FE5E5BE974E}\MpKsl5a6d9c04.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC205C4A-8CE4-4115-8C85-0FE5E5BE974E}\MpKsl5a6d9c04.sys [?]
S1 MpKsl679b102c;MpKsl679b102c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC205C4A-8CE4-4115-8C85-0FE5E5BE974E}\MpKsl679b102c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC205C4A-8CE4-4115-8C85-0FE5E5BE974E}\MpKsl679b102c.sys [?]
S1 MpKsl84ef9398;MpKsl84ef9398;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC205C4A-8CE4-4115-8C85-0FE5E5BE974E}\MpKsl84ef9398.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EC205C4A-8CE4-4115-8C85-0FE5E5BE974E}\MpKsl84ef9398.sys [?]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate1c9ebf56927500e;Google Update Service (gupdate1c9ebf56927500e);c:\program files\Google\Update\GoogleUpdate.exe [6/13/2009 12:05 AM 133104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
itlsvc REG_MULTI_SZ itlperf
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
2011-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 07:01]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 07:05]
.
2011-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 07:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Will Campbell\Application Data\Mozilla\Firefox\Profiles\4il84ilt.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 8893
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-14 17:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(828)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3368)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-04-14 17:17:10
ComboFix-quarantined-files.txt 2011-04-15 00:17
ComboFix2.txt 2011-04-15 00:02
ComboFix3.txt 2011-04-14 18:21
.
Pre-Run: 80,301,518,848 bytes free
Post-Run: 80,275,369,984 bytes free
.
- - End Of File - - 4583677B9ACE6FC1BF323B2F124D9E33
Antivirus Version Last update Result
AhnLab-V3 2011.04.14.00 2011.04.14 -
AntiVir 7.11.6.129 2011.04.14 -
Antiy-AVL 2.0.3.7 2011.04.14 -
Avast 4.8.1351.0 2011.04.14 -
Avast5 5.0.677.0 2011.04.14 -
AVG 10.0.0.1190 2011.04.14 -
BitDefender 7.2 2011.04.15 -
CAT-QuickHeal 11.00 2011.04.14 -
ClamAV 0.97.0.0 2011.04.15 -
Commtouch 5.2.11.5 2011.04.15 -
Comodo 8344 2011.04.15 -
DrWeb 5.0.2.03300 2011.04.15 -
Emsisoft 5.1.0.5 2011.04.14 -
eSafe 7.0.17.0 2011.04.13 -
eTrust-Vet 36.1.8272 2011.04.14 -
F-Prot 4.6.2.117 2011.04.14 -
F-Secure 9.0.16440.0 2011.04.15 -
Fortinet 4.2.257.0 2011.04.14 -
GData 22 2011.04.15 -
Ikarus T3.1.1.103.0 2011.04.14 -
Jiangmin 13.0.900 2011.04.13 -
K7AntiVirus 9.96.4382 2011.04.13 -
Kaspersky 7.0.0.125 2011.04.15 -
McAfee 5.400.0.1158 2011.04.15 -
McAfee-GW-Edition 2010.1D 2011.04.14 -
Microsoft 1.6702 2011.04.14 -
NOD32 6042 2011.04.15 -
Norman 6.07.07 2011.04.13 -
Panda 10.0.3.5 2011.04.14 -
PCTools 7.0.3.5 2011.04.14 -
Prevx 3.0 2011.04.15 -
Rising 23.53.03.06 2011.04.14 -
Sophos 4.64.0 2011.04.15 -
SUPERAntiSpyware 4.40.0.1006 2011.04.14 -
Symantec 20101.3.2.89 2011.04.15 -
TheHacker 6.7.0.1.173 2011.04.13 -
TrendMicro 9.200.0.1012 2011.04.14 -
TrendMicro-HouseCall 9.200.0.1012 2011.04.15 -
VBA32 3.12.16.0 2011.04.13 -
VIPRE 9015 2011.04.15 -
ViRobot 2011.4.14.4410 2011.04.14 -
VirusBuster 13.6.305.0 2011.04.14 -
MD5: 1940ddef1fb73b6e9c6a0407c36855ea
SHA1: 984cedd31d0cab26eace74f74e09e7a57ffa35d2
SHA256: 54e57af86c37b426cf9c9f1b5c439a4f1b639ca39671b8d14fff2b38e110b4ac
File size: 378 bytes
Scan date: 2011-04-15 00:18:45 (UTC)
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\will campbell\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
c:\documents and settings\will campbell\my documents\my music\itunes\itunes music\arthur fiedler & boston pops orchestra\christmas at the pops\05 the nutcracker _ waltz of the flo.m4p
scanner sequence 3.AA.11
----- EOF -----
Bugbatter
4 Apprentice
•
20.5K Posts
0
April 15th, 2011 01:00
Please update Malwarebytes Anti-Malware and run that again. Let it remove what it finds, and please post the log. Please let me know how things are running at that point before we do more fixing.
dachill98684
13 Posts
0
April 15th, 2011 14:00
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6370
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
4/15/2011 1:21:26 PM
mbam-log-2011-04-15 (13-21-26).txt
Scan type: Quick scan
Objects scanned: 159427
Time elapsed: 3 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)