PC playing random sounds and ads/redirects/more...maybe

[igiveup]

Would very much appreciate help. I have been trying to clean this for a couple of weeks cannot isolate always returns in scans. Cannot run tdsskiller or avast MBR. Thanks in advance! Logs....

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by KittyMau at 23:04:00 on 2012-08-24

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1293 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Program Files\Microsoft LifeCam\MSCamS64.exe

C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\Windows\SysWOW64\WinService.exe

C:\Program Files (x86)\SimpleHelpService\SimpleService.exe

C:\Program Files (x86)\Java\jre6\bin\javaw.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\vVX3000.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Program Files (x86)\AVG\AVG2012\avgcsrvx.exe

C:\Program Files (x86)\Pidgin\pidgin.exe

C:\Windows\system32\AUDIODG.EXE

C:\Program Files (x86)\Winamp\winamp.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe

C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

uWindow Title = KittyMau is the best

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {CDAF5C19-3271-4E4E-8A5B-D1A2538652E3} - No File

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [AdobeBridge]

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab

DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} - hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://clubgames.pogo.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.youplay.com/games/3rdParty/YouPlay/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130

TCP: Interfaces\{0DF92702-D9E5-40A4-810F-C7A3BF292516} : DhcpNameServer = 167.206.245.129 167.206.245.130

TCP: Interfaces\{284AE3AF-0083-4E50-83F9-CF5EA1A07A21} : DhcpNameServer = 167.206.245.130 167.206.245.129

TCP: Interfaces\{A39D5087-1EA5-47AE-92BB-428E253BB1A8} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB-X64: {CDAF5C19-3271-4E4E-8A5B-D1A2538652E3} - No File

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 SCM_Service;SCM_Service;C:\Windows\SysWOW64\WinService.exe [2010-8-1 186848]

R2 SimpleHelpSimpleGatewayService;SimpleHelp SimpleGateway Service;C:\Program Files (x86)\SimpleHelpService\SimpleService.exe [2002-2-1 98712]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]

R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2002-2-1 927840]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S?2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-2 135664]

S2 MBAMService;MBAMService;C:\Program Files (x86)\xyz\mbamservice.exe [2012-8-14 655944]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-2 135664]

S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam 905(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-1-7 63304]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 prwntdrv;prwntdrv;C:\Windows\System32\prwntdrv.sys [2012-8-18 13704]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v2.sys --> C:\Windows\system32\DRIVERS\wg111v2.sys [?]

S3 SaiH8000;SaiH8000;C:\Windows\system32\DRIVERS\SaiH8000.sys --> C:\Windows\system32\DRIVERS\SaiH8000.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

.

=============== Created Last 30 ================

.

2012-08-19 01:45:37 98696 ----a-w- C:\Windows\SysWow64\setupprwdrv03.exe

2012-08-19 01:45:37 96648 ----a-w- C:\Windows\System32\setupprwdrvx64.exe

2012-08-19 01:45:37 16776 ----a-w- C:\Windows\System32\prwntdrv.sys

2012-08-19 01:45:37 13704 ----a-w- C:\Windows\SysWow64\prwntdrv.sys

2012-08-19 01:45:34 -------- d-----w- C:\Program Files (x86)\EASEUS

2012-08-17 23:37:59 -------- d-----w- C:\Users\KittyMau\AppData\Roaming\ieSpell

2012-08-17 22:46:38 -------- d-----w- C:\Program Files\HitmanPro

2012-08-17 22:33:10 -------- d-----w- C:\MGtools

2012-08-17 22:29:44 -------- d-----w- C:\Program Files\CCleaner

2012-08-17 04:58:59 53248 ----a-r- C:\Users\KittyMau\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-08-15 01:07:28 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys

2012-08-15 00:48:21 2 ----atr- C:\Windows\winstart.bat

2012-08-15 00:48:14 -------- d-----w- C:\Program Files (x86)\UnHackMe

2012-08-15 00:38:32 -------- d-----w- C:\ProgramData\HitmanPro

2012-08-15 00:22:55 -------- d-----w- C:\Users\KittyMau\AppData\Roaming\Anvisoft

2012-08-15 00:22:42 -------- d-----w- C:\ProgramData\Anvisoft

2012-08-15 00:22:40 -------- d-----w- C:\Program Files (x86)\Anvisoft

2012-08-14 21:48:49 -------- d-----w- C:\Users\KittyMau\AppData\Roaming\Malwarebytes

2012-08-14 21:48:36 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-14 21:48:35 -------- d-----w- C:\Program Files (x86)\xyz

2012-08-14 05:29:54 -------- d-----w- C:\ProgramData\AVAST Software

2012-08-14 05:29:54 -------- d-----w- C:\Program Files\AVAST Software

2012-08-14 05:12:01 -------- d-----w- C:\Windows\SysWow64\%APPDATA%

2012-08-14 05:03:32 -------- d-----w- C:\Users\KittyMau\AppData\Local\{44362561-6CCD-D51D-C4D8-0D2EA46240B9}

2012-08-14 01:25:37 -------- d-----w- C:\Program Files (x86)\Winamp Detect

2012-08-12 22:23:18 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9F6F923B-C0A9-4B3C-8688-08A32750F4F9}\mpengine.dll

2012-08-11 22:24:54 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-07 01:35:34 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive

2012-08-07 01:35:33 -------- d-----r- C:\Users\KittyMau\SkyDrive

2012-08-07 01:35:20 -------- d-----w- C:\ProgramData\Microsoft SkyDrive

2012-08-06 01:18:35 -------- d-----w- C:\Program Files (x86)\SoulseekNS

2012-07-30 21:52:13 103904 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-08-22 00:40:43 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-22 00:40:43 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-17 04:58:35 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 23:12:49.70 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 8/1/2010 2:55:05 AM

System Uptime: 8/24/2012 7:04:13 PM (4 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5Q SE PLUS

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | LGA775 | 2403/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 98 GiB total, 30.788 GiB free.

D: is FIXED (NTFS) - 128 GiB total, 19.747 GiB free.

E: is CDROM (CDFS)

F: is FIXED (NTFS) - 833 GiB total, 832.871 GiB free.

G: is FIXED (NTFS) - 170 GiB total, 166.645 GiB free.

I: is FIXED (NTFS) - 466 GiB total, 4.418 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SBRE

Device ID: ROOT\LEGACY_SBRE\0000

Manufacturer:

Name: SBRE

PNP Device ID: ROOT\LEGACY_SBRE\0000

Service: SBRE

.

==== System Restore Points ===================

.

RP643: 8/18/2012 12:11:44 AM - Scheduled Checkpoint

RP644: 8/18/2012 8:06:51 PM - Windows Backup

RP645: 8/19/2012 2:29:30 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.

RP646: 8/19/2012 2:45:35 AM - StopZILLA! Restore Point.

RP648: 8/19/2012 7:00:32 PM - Windows Backup

RP649: 8/19/2012 7:51:52 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader 9.5.2

Alarm Clock v1.0

Apple Application Support

Apple Software Update

ArcSoft Print Creations

ArcSoft Print Creations - Album Page

ArcSoft Print Creations - Funhouse

ArcSoft Print Creations - Greeting Card

ArcSoft Print Creations - Photo Book

ArcSoft Print Creations - Photo Calendar

ArcSoft Print Creations - Scrapbook

ArcSoft Print Creations - Slimline Card

Auto Movie Creator 3.2

Bid-O-Matic v2.14.8

CameraHelperMsi

CCScore

Cisco Network Magic

Combined Community Codec Pack 2009-09-09

D3DX10

DivX Setup

EASEUS Partition Recovery 5.0.1

EPSON Scan

eReg

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSTOOLS

essvatgt

EzGenerator 3.0

fflink

FileZilla Client 3.3.5.1

Google Apps

Google Chrome

Google Earth

Google Quick Search Box

Google Talk (remove only)

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

ID3-TagIT 3

ieSpell

IIS 7.5 Express

IrfanView (remove only)

Java Auto Updater

Java 6 Update 31

Kodak EasyShare software

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft ASP.NET Web Pages

Microsoft Corporation

Microsoft Expression Blend 3 SDK

Microsoft Expression Blend 4

Microsoft Expression Blend SDK for .NET 4

Microsoft Expression Blend SDK for Silverlight 4

Microsoft Expression Design 4

Microsoft Expression Encoder 4

Microsoft Expression Encoder 4 Screen Capture Codec

Microsoft Expression Studio 4

Microsoft Expression Web 4

Microsoft Expression Web 4 Service Pack 2

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Silverlight 3 SDK

Microsoft Silverlight 4 SDK

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Compact 4.0 Web Tools ENU

Microsoft SQL Server System CLR Types

Microsoft UI Engine

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WebMatrix

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

mIRC

Mp3 Folder Structure Maker

Mp3tag v2.50

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MySQL Connector Net 6.2.3

netbrdg

NETGEAR WG111v2 wireless USB 2.0 adapter

Network Magic

NVIDIA PhysX

OfotoXMI

PDF Settings CS5

Picasa 3

Pidgin

Platform

Pure Networks Platform

QuickTime

Safari

SecondLifeViewer2 (remove only)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Expression Design 4 (KB2667730)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

SFR

SHASTA

skin0001

SKINXSDK

Skype™ 5.9

SoulSeek 157 NS 13e

staticcr

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Script Editor Help (KB963671)

VC80CRTRedist - 8.0.50727.6195

VIA Platform Device Manager

Visual Studio 2008 x64 Redistributables

VPRINTOL

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WIRELESS

WPF Toolkit February 2010 (Version 3.5.50211.1)

Xvid 1.2.1 final uninstall

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

Yawcam 0.3.7

.

==== Event Viewer Messages From Past Week ========

.

8/24/2012 7:07:54 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

8/24/2012 7:07:54 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

8/24/2012 7:06:04 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/24/2012 7:06:04 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/24/2012 7:05:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE

8/24/2012 7:05:10 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/24/2012 7:05:07 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/24/2012 7:05:07 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/24/2012 7:02:33 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/23/2012 9:21:56 PM, Error: Service Control Manager [7030] - The ShTemporaryService79426942 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/23/2012 11:24:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/23/2012 11:24:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/23/2012 11:24:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/23/2012 11:24:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/23/2012 11:24:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/23/2012 11:24:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/23/2012 11:24:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SBRE spldr tdx vwififlt Wanarpv6 WfpLwf

8/23/2012 11:24:22 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/23/2012 11:24:22 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/23/2012 11:24:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/23/2012 11:24:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/23/2012 11:24:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/23/2012 11:24:22 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/23/2012 11:24:22 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/23/2012 11:24:22 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/23/2012 11:24:22 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/23/2012 11:24:22 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/20/2012 7:05:17 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

8/20/2012 7:05:17 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

8/19/2012 8:00:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service.

8/19/2012 2:25:28 AM, Error: Service Control Manager [7034] - The SCM_Service service terminated unexpectedly. It has done this 1 time(s).

8/19/2012 1:20:01 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

8/18/2012 9:40:57 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 2@01010013

8/18/2012 9:17:40 PM, Error: Service Control Manager [7030] - The ShTemporaryService59260859 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/18/2012 10:36:55 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

8/18/2012 10:36:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache MpFilter spldr Wanarpv6

8/17/2012 10:42:12 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

.

==== End Of File ===========================

[Maurice Naggar]

Hello and welcome to MalwareBytes forum.

What antivirus was installed on this system before MS Security Essentials ?

Did it used to have AVG 2012 before ? remainders of it show up in the logs.

Was this system ever without an antivirus ?

Did the pc when purchased come with a pre-installed antivirus ?

Was McAfee or Norton/Symantec ever installed on this system ?

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Go to your Desktop
  
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.
  

Step 3

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Do NOT press any Fix button.
  
• Exit/Close RogueKiller
  

Step 4

• Please download CKScanner from >>Here<<
  
• Important: - Save it to your desktop.
  
• Right-click CKScanner.exe & select Run as administrator to start.
  
• then click Search For Files.
  
• After a very short time, when the cursor hourglass disappears, click Save List To File.
  
• A message box will verify the file saved. Please Run the program only once.
  
• Copy/paste the contents of CKFiles.txt in your next reply.

[igiveup]

Thanks for replying!! To answer your first questions:

What antivirus was installed on this system before MS Security Essentials ? When the infection occurred I had Clam installed. After the infection I tried a few different av's to try to clean the infection. Such as Avast, AVG and probably some thing I am forgetting. I then also tried MS security to clean. Currently aVG is installed.

Did it used to have AVG 2012 before ? remainders of it show up in the logs. I had AVG installed about a year ago. Uninstalled bc it slows everything down so much and then reinstalled after the infection. And it is currently installed.

Was this system ever without an antivirus ? Possibly for a very brief time between trying av products.

Did the pc when purchased come with a pre-installed antivirus ? This is a home built machine.

Was McAfee or Norton/Symantec ever installed on this system ? Not that I recall but it may have been for a brief time here or there.

Now the logs:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: KittyMau [Admin rights]

Mode: Scan -- Date: 08/25/2012 19:49:55

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103SJ ATA Device +++++

--- User ---

[MBR] 7ea2830e55ba21efb372aa15fac06f2e

[bSP] 0a53618fb4d0ac4bb87c6ba18a50d2fb : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 100768 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206579712 | Size: 852985 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 0928adee96dc776ebc7c6d5be82c366b

[bSP] 0a53618fb4d0ac4bb87c6ba18a50d2fb : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 100768 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206579712 | Size: 852985 Mo

3 - [ACTIVE] NTFS (0x17) [HIDDEN!] Offset (sectors): 1953495040 | Size: 10 Mo

+++++ PhysicalDrive1: WDC WD3200AAKS-00G3A0 ATA Device +++++

--- User ---

[MBR] 7ea2830e55ba21efb372aa15fac06f2e

[bSP] 0a53618fb4d0ac4bb87c6ba18a50d2fb : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 100768 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206579712 | Size: 852985 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 97d5555a99a8d83cfb11aadfd4cc3a6e

[bSP] 77b385bdd0dd92989b8f2f7420cb05bc : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131061 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 268414976 | Size: 174180 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Please note the first time I tried to run CKSCANNER it stopped responding so I did have to rerun. Also the virus clip kicked in right after I saved the file. Not sure if it triggered it or if it was coincidence.

CKScanner - Additional Security Risks - These are not necessarily bad

c:\users\kittymau\appdata\roaming\macromedia\flash player\#sharedobjects\hn2npkfy\crackle.com\cracklesettings.sol

c:\users\kittymau\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol

scanner sequence 3.LB.11.TCNAKU

----- EOF -----

[Maurice Naggar]

Hello igiveup.

Stop switching antivirus apps. Switching during a malware infection is highly ill-advised. And under normal circumstances switching is not simple; one must insure the previous A_V is totally removed and often, an uninstaller used.

The DDS log showed you have MSE. You indicate you have AVG. Just please no more switching. First, we need to search & hunt down the malware infection.

These steps are for igiveup only. If you are a casual viewer, do NOT try this on your system!

If you are not igiveup and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!

Please follow my guidance, and do NOT do anything else on your own. {no changes/no additions/no websurfing}

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

• 
  

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 2

1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
   
2. Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
   On Windows 7, press Windows-key, then start typing in text box

   Malwarebytes

   then select/click Malwarebytes Anti-Malware Chameleon
   

3. Once the Help file opens, click on a Chameleon button (starting with #1)
   
4. If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
   
5. You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. 1.62 at the top
   
6. Press any key to continue as it says in the window {space-bar will do}
   
7. If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
   
8. Have infinite patience during this process
   
9. Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
   
10. Once the update completes and it says your database is updated, click on OK button so that process can continue
    
11. Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
    
12. After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
    
13. A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
    
14. Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
    
15. If prompted to restart your computer to complete the removal process, click Yes
    
16. If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
    
17. After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats
    

[igiveup]

Thank you for the advice. I love learning the hard way I ran both and they appeared to find no problems.I did have to runt he renamed file for rkill if that helps. The first box in Chameleon ran fine. What's next? Thanks again

[Maurice Naggar]

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member igiveup only. If you are a casual viewer, do NOT try this on your system!

If you are not igiveup and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Reply & Copy/paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Security Check tool

Download Security Check by screen317 from here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please Copy/paste the contents of that document.
  

Edited August 28, 2012 by Maurice Naggar

[igiveup]

The virus related sound clips and ads played after I ran combofix and restarted. What next? Logs:

ComboFix 12-08-28.03 - KittyMau 08/28/2012 17:35:55.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2153 [GMT -4:00]

Running from: c:\users\KittyMau\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\93Cddh6rPZl2Fk

c:\programdata\TorrentEasy\fdmbtsupp.dll

C:\programfiles

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\admin.ini

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\bookmarks.txt

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\C_Category.fld

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\C_State.fld

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\catalog.dat

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\Catalog.xml

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\contacts.dat

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\Contacts.xml

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\country.fld

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\Default.cma

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\Default.cmp

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\English_sitemap.txt

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\history.txt

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\ifactory.ini

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_Back.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_back_ezg_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_Buy.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_Checkout_ezg_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_Contact_Form.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_Delete.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_PAYPAL_ezg_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_RESET.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_Reset_ezg_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_search_ezg_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_search_ezg_9.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_SEND.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_Submit.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_Subscribe_ezg_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\btn_Unsubscribe_ezg_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\building.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field__ezg_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field__ezg_6.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_Address.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_ADDRESS_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_Address_ezg_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_City.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_COUNTRY.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_Country_ezg_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_email.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_Email_ezg_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_Givenname.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_Last_Name.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_name.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_Name_ezg_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_night_phone_a.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_night_phone_b_ezg_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_night_phone_c.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_NOTES.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_Payment_Method_ezg_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_Phone_ezg_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_Place.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_Place_ezg_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_State.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_Telephone Private.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_ZIP.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\field_ZIP_ezg_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\htmlcode.JPG

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\P_ImageFull_5.png

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\P_ImageFull_6.png

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\P_ImageFull_empty.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\RSS.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\show.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\slides_back1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\slides_next1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\images\stop.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\mirrors.ini

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\onserver.txt

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\P_Category.fld

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\P_GroupBy.fld

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\patterns.ini

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\ppages\1.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\ppages\4.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\ppages\5.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\ppages\6.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\sitemap.txt

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\sp.ini

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\22.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\26.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\27.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\28.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\29.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\30.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\31.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\32.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\34.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\35.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\37.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\38.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\about.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\contact_request.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\faq.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\news.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\documents\newsletter.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\26_orderid.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\26_orders.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\26_paypal.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\26_pending_orders.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\36_confirmed_sub.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\36_log.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\36_news_log.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\36_settings.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\36_unconfirmed_sub.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\36_unsubscribed.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\centraladmin.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\centraladmin_conf.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\centraladmin_reglog.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\centraladmin_sec.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\search_db_1.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\ezg_data\tell_friend_log.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\i.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempdoc\index.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempimages\banner.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempimages\kittyback.png

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempimages\temp_main.png

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\il.bmp

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\arrow.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\banner.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\banner.map

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\banner.src

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\bg.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\bullet1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\bullet2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\button.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\button_m_over.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\l_arrow.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\l_button.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\l_button_m_over.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\l_pageheader.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\l_sub.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\mb.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\mmstart.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\mmstop.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\pageheader.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\r_arrow.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\r_button.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\r_button_m_over.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\r_pageheader.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\r_sub.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\r_sub_button.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\sbg.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\smstart.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\smstop.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\sub.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\sub_button.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t1b.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t1bl.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t1br.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t1l.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t1m.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t1r.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t1t.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t1tl.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t1tr.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t2b.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t2bl.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t2br.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t2l.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t2m.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t2r.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t2t.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t2tl.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t2tr.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t3b.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t3bl.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t3br.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t3l.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t3m.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t3r.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t3t.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t3tl.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\t3tr.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\images\white_bg.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\noframes.def

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\noframes.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\screenshot.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\site.ini

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\styles.css

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\styles.def

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\textstyles.css

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\textstyles.def

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template\textstyles.ini

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template_user\banner.ini

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template_user\images\banner.usr

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template_user\images\banner_home.usr

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template_user\pimages\buble.png

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template_user\pimages\undo.png

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template_user\pimages\wrench.png

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template_user\presets\preset4.png

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template_user\presets\preset5.png

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template_user\presets\presets.ini

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\template_user\user.ini

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempmenus\English\Contact.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempmenus\English\Contact_Request.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempmenus\English\Home.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempmenus\English\LEVEL1MENU

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempmenus\English\LEVEL2MENU

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempmenus\English\More.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempmenus\English\noframes.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\tempmenus\English\Shop.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\updates.ini

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\upload_log.txt

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\used_images.txt

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web.dat

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web.ini

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web.xml

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\22.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\26.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\26_0.dat

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\26_1.dat

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\26_2.dat

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\27.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\28.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\29.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\30.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\31.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\32.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\34.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\35.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\37.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\38.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\about.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\AC_RunActiveContent.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_Back.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_back_ezg_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_Buy.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_Checkout_ezg_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_Contact_Form.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_Delete.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_PAYPAL_ezg_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_RESET.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_Reset_ezg_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_search_ezg_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_search_ezg_9.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_SEND.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_Submit.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_Subscribe_ezg_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\btn_Unsubscribe_ezg_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\building.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\centraladmin.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\contact_request.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\ezgmail_33.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\faq.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\htmlMimeMail.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\mimePart.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\news.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\newsletter.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\nf.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\P_ImageFull\5050_P_ImageFull_5.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\P_ImageFull\5050_P_ImageFull_6.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\P_ImageFull\5050_P_ImageFull_empty.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\RSS.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\scripts.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\search.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\shop_page.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\tell_friend.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\textstyles_in.css

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\textstyles_nf.css

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\documents\utils.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\extdocs\rssReader.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\extimages\scripts\mootools.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\.htaccess

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\26_orderid.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\26_orders.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\26_paypal.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\26_pending_orders.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\36_confirmed_sub.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\36_log.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\36_news_log.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\36_settings.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\36_unconfirmed_sub.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\36_unsubscribed.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\ca_lang_set.txt

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\centraladmin.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\centraladmin_conf.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\centraladmin_reglog.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\centraladmin_sec.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\colorpicker.png

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\csmall.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\functions.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\index.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\mysql.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\search_db_1.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\sub_lang_set.txt

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\ezg_data\tell_friend_log.ezg.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\i.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\arrow.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\banner.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\banner.map

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\banner.src

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\bg.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\bullet1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\bullet2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\button.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\button_m_over.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\ca_13144c4a0.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\ca_13144c4a0_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\ca_208daaa78.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\ca_208daaa78_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\ca_d5354f3d.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\ca_d5354f3d_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\ca_da35543d.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\ca_da35543d_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\ca_e0405136.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\ca_e0405136_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\English_ezg_logo.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\English_ezg_logo_home.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\l_arrow.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\l_button.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\l_button_m_over.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\l_pageheader.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\l_sub.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mb.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_23.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_23_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_24.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_24_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_26.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_26_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_33.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_33_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_36.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_36_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_39.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_39_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_40.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mi_40_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mic_26_1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mic_26_1_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mic_26_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mic_26_2_2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mmstart.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\mmstop.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\pageheader.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\r_arrow.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\r_button.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\r_button_m_over.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\r_pageheader.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\r_sub.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\r_sub_button.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\sbg.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\smstart.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\smstop.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\sub.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\sub_button.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t1b.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t1bl.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t1br.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t1l.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t1m.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t1r.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t1t.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t1tl.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t1tr.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t2b.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t2bl.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t2br.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t2l.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t2m.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t2r.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t2t.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t2tl.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t2tr.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t3b.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t3bl.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t3br.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t3l.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t3m.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t3r.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t3t.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t3tl.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\t3tr.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\images\white_bg.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\index.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\areaedit.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\assetmanager.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\bg.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\button.png

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\download.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\folderdel.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\folderdel_.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\foldernew.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\blank.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_asp.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_bmp.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_css.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_doc.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_exe.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_folder.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_gif.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_htm.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_jpg.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_js.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_mdb.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_mov.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_mp3.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_pdf.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_png.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_ppt.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_sound.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_swf.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_txt.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_unknown.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_vbs.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_video.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_xls.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\images\ico_zip.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\language\english\asset.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\language\english\folderdel.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\language\english\folderdel_.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\language\english\foldernew.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\settings.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assetmanager\style.css

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assets\flower_red.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assets\flower_yellow.jpg

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\assets\iwe_flash.swf

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\innovaeditor.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\license.txt

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\blank.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\bookmark.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\border.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\border\border_bottom.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\border\border_left.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\border\border_none.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\border\border_outside.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\border\border_right.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\border\border_top.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\box.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\characters.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\color_picker.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\color_picker.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\color_picker_bg.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\color_picker_fg.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\dropbtn.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\editor.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\flash.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\form_button.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\form_check.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\form_file.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\form_form.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\form_hidden.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\form_list.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\form_radio.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\form_text.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\hyperlink.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\bg.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\blank.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\brkspace.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnAbsolute.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnBackColor.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnBold.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnBookmark.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnBoxFormatting.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnCenter.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnClean.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnClose.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnClose2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnContentBlock.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnCopy.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnCustom1.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnCustom2.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnCustom3.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnCustom4.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnCustom5.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnCustom6.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnCustom7.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnCustomCss.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnCustomObject.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnCut.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnDelete.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnEditCell.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnEditTable.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnFlash.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnForeColor.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnForm.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnFull.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnFullScreen.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnGuideline.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnHyperlink.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnImage.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnIndent.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnInternalImage.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnInternalLink.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnItalic.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnLeft.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnLine.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnList.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnListFormatting.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnLTR.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnMedia.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnNumber.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnOpenAsset.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnOutdent.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnParagraphFormatting.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnPaste.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnPasteClip.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnPasteText.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnPasteWord.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnPreview.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnPrint.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnRedo.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnRemoveFormat.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnRight.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnRTL.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnSave.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnSearch.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnSource.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnSpellCheck.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnStrikethrough.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnStyle.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnStyleSelect.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnSubscript.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnSuperscript.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnSymbol.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnTable.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnTableEdit.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnTableSize.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnTextFormatting.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnUnderline.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\btnUndo.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\decrease.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\decrease_.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\dialogbg.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\english\btnCustomObject.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\english\btnCustomTag.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\english\btnFlash.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\english\btnFontName.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\english\btnFontSize.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\english\btnInternalLink.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\english\btnMedia.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\english\btnParagraph.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\increase.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\icons\increase_.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\image.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\image_background.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\img.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\img_reset.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\istoolbar.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\apply_tooltip.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\bookmark.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\border.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\box.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\characters.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\color.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\editor_lang.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\flash.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\form_button.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\form_check.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\form_file.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\form_form.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\form_hidden.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\form_list.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\form_radio.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\form_text.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\hyperlink.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\image.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\image_background.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\length.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\list.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\media.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\paragraph.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\paste_text.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\paste_word.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\percent.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\preview.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\search.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\source_html.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\spellcheck.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\styles.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\styles_cssText.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\styles_cssText2.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\table_edit.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\table_editCell.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\table_insert.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\table_size.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\text1.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\text2.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\language\english\url.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\list.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\list.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\media.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\openAsset.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\paragraph.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\paste_word.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\preview.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\quick\ie\main.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\quick\ie\main_xhtml.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\quick\ie\xhtmleditor.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\quick\moz\main.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\quick\moz\main_xhtml.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\quick\moz\xhtmleditor.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\search.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\search2.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\source_html.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\source_html_full.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\source_xhtml.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\source_xhtml_full.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\spellcheck.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\spellcheck2.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\button.png

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\editor.css

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\istoolbar.css

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\bottom.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\bottomleft.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\bottomright.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\left.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\right.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\tab_bottom.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\tab_bottomleft.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\tab_bottomright.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\tab_left.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\tab_right.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\tab_tabcenter.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\tab_tableft.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\tab_tabright.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\tab_top.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\tab_topleft.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\tab_topright.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\top.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\topleft.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\style\silver\topright.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\styles_cssText.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table\dec_colspan.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table\dec_rowspan.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table\del_column.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table\del_row.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table\inc_colspan.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table\inc_rowspan.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table\ins_column_left.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table\ins_column_right.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table\ins_row_above.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table\ins_row_below.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table_edit.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table_editCell.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table_insert.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\table_size.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\text1.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\text2.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts\webdrop.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\blank.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\bookmark.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\border.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\box.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\characters.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\color_picker.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\color_picker.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\color_picker_bg.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\color_picker_fg.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\default_edit.css

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\dropbtn.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\editor.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\flash.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\form_button.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\form_check.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\form_file.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\form_form.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\form_hidden.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\form_list.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\form_radio.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\form_text.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\hyperlink.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\image.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\image_background.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\img.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\img_reset.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\list.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\list.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\media.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\openAsset.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\paragraph.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\paste_text.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\paste_word.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\preview.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\search.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\search2.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\source_html.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\source_html_full.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\source_xhtml.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\source_xhtml_full.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\spellcheck2.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\styles_cssText.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\table.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\table_edit.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\table_editCell.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\table_insert.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\table_size.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\text1.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\text2.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_moz\webdrop.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\blank.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\bookmark.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\border.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\box.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\characters.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\color_picker.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\color_picker.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\color_picker_bg.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\color_picker_fg.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\default_edit.css

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\dropbtn.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\editor.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\flash.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\form_button.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\form_check.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\form_file.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\form_form.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\form_hidden.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\form_list.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\form_radio.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\form_text.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\hyperlink.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\image.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\image_background.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\img.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\img_reset.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\list.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\list.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\media.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\openAsset.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\paragraph.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\paste_text.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\paste_word.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\preview.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\search.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\search2.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\source_html.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\source_html_full.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\source_xhtml.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\source_xhtml_full.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\spellcheck2.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\styles_cssText.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\table.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\table_edit.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\table_editCell.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\table_insert.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\table_size.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\text1.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\text2.htm

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\innovaeditor\scripts_saf\webdrop.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\nf.html

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\overlib.js

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\sitemap.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\subscribe\subscribe_36.php

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\subscribe\subscribe_down.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\web\subscribe\subscribe_up.gif

c:\programfiles\ezgenerator\data\MSKITTYTOYS.COM\webupload.txt

c:\users\KittyMau\Desktop\Internet Explorer.lnk

c:\windows\Downloaded Program Files\popcaploader.dll

c:\windows\Downloaded Program Files\popcaploader.inf

c:\windows\SysWow64\winservice.exe

c:\windows\XSxS

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_SCM_Service

.

.

((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-28 )))))))))))))))))))))))))))))))

.

.

2012-08-28 23:37 . 2012-08-28 23:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-27 18:34 . 2012-08-27 18:34 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-25 23:33 . 2012-08-25 23:33 -------- d-----w- c:\program files (x86)\ERUNT

2012-08-19 01:45 . 2010-08-26 13:32 98696 ----a-w- c:\windows\SysWow64\setupprwdrv03.exe

2012-08-19 01:45 . 2010-08-26 13:32 96648 ----a-w- c:\windows\system32\setupprwdrvx64.exe

2012-08-19 01:45 . 2010-08-25 23:39 16776 ----a-w- c:\windows\system32\prwntdrv.sys

2012-08-19 01:45 . 2010-08-25 23:39 13704 ----a-w- c:\windows\SysWow64\prwntdrv.sys

2012-08-19 01:45 . 2012-08-19 01:45 -------- d-----w- c:\program files (x86)\EASEUS

2012-08-17 23:37 . 2012-08-17 23:37 -------- d-----w- c:\users\KittyMau\AppData\Roaming\ieSpell

2012-08-17 22:46 . 2012-08-17 22:46 -------- d-----w- c:\program files\HitmanPro

2012-08-17 22:33 . 2012-08-19 00:34 -------- d-----w- C:\MGtools

2012-08-17 22:29 . 2012-08-20 03:22 -------- d-----w- c:\program files\CCleaner

2012-08-17 04:58 . 2012-08-17 04:58 53248 ----a-r- c:\users\KittyMau\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-08-15 01:07 . 2012-08-15 01:07 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2012-08-15 00:48 . 2012-08-15 00:48 2 ----atr- c:\windows\winstart.bat

2012-08-15 00:48 . 2002-02-02 01:47 -------- d-----w- c:\program files (x86)\UnHackMe

2012-08-15 00:38 . 2012-08-15 00:39 -------- d-----w- c:\programdata\HitmanPro

2012-08-15 00:22 . 2002-02-01 16:21 -------- d-----w- c:\users\KittyMau\AppData\Roaming\Anvisoft

2012-08-15 00:22 . 2012-08-15 00:22 -------- d-----w- c:\programdata\Anvisoft

2012-08-15 00:22 . 2002-02-01 16:21 -------- d-----w- c:\program files (x86)\Anvisoft

2012-08-14 21:48 . 2012-08-14 21:48 -------- d-----w- c:\users\KittyMau\AppData\Roaming\Malwarebytes

2012-08-14 21:48 . 2012-08-14 21:48 -------- d-----w- c:\programdata\Malwarebytes

2012-08-14 05:30 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-08-14 05:29 . 2012-08-14 05:29 -------- d-----w- c:\program files\AVAST Software

2012-08-14 05:29 . 2002-02-01 16:22 -------- d-----w- c:\programdata\AVAST Software

2012-08-14 05:12 . 2012-08-14 05:12 -------- d-----w- c:\windows\SysWow64\%APPDATA%

2012-08-14 01:25 . 2012-08-14 01:25 -------- d-----w- c:\program files (x86)\Winamp Detect

2012-08-14 01:25 . 2012-08-20 23:40 -------- d-----w- c:\users\KittyMau\AppData\Roaming\Winamp

2012-08-12 22:23 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F6F923B-C0A9-4B3C-8688-08A32750F4F9}\mpengine.dll

2012-08-11 22:24 . 2012-06-29 10:04 9133488 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-07 01:35 . 2012-08-07 01:35 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive

2012-08-07 01:35 . 2012-08-15 01:12 -------- d-----r- c:\users\KittyMau\SkyDrive

2012-08-07 01:35 . 2012-08-07 01:35 -------- d-----w- c:\programdata\Microsoft SkyDrive

2012-08-06 01:18 . 2012-08-06 01:18 -------- d-----w- c:\program files (x86)\SoulseekNS

2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-22 00:40 . 2012-03-29 23:07 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-22 00:40 . 2011-05-13 22:13 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-19 00:34 . 2012-08-17 22:33 401925 ----a-w- C:\MGlogs.zip

2012-08-17 04:58 . 2010-08-01 22:04 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-08-03 08:27 . 2010-08-01 04:11 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-06-12 03:08 . 2012-07-10 22:52 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-10 22:45 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-10 22:45 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-10 22:45 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-10 22:44 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-10 22:45 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-10 22:45 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-10 22:45 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-22 16:11 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 16:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 16:11 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 16:11 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 16:11 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 16:11 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 16:11 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-22 16:11 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-22 16:11 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 12:49 . 2012-07-10 22:47 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-10 22:47 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-10 22:47 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-10 22:47 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-10 22:47 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-10 22:47 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-10 22:47 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-10 22:47 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-10 22:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-10 22:47 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-10 22:47 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-10 22:47 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-10 22:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-10 22:47 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-10 22:47 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-10 22:47 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-10 22:47 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-10 22:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-10 22:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50 . 2012-07-10 22:45 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-10 22:45 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-10 22:45 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-10 22:45 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-10 22:45 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-10 22:45 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-10 22:45 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-10 22:45 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-10 22:45 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2002-02-02 02:07 2045024 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2002-02-02 2045024]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-08-07 01:35 220624 ----a-w- c:\users\KittyMau\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-08-07 01:35 220624 ----a-w- c:\users\KittyMau\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-08-07 01:35 220624 ----a-w- c:\users\KittyMau\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-02 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2002-02-02 1162848]

"ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2002-02-02 1020512]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]

@=""

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 135664]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]

R3 cpuz134;cpuz134;c:\users\KittyMau\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-02 135664]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-04-30 30232]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]

R3 LVUVC64;Logitech Webcam 905(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-01-07 63304]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 16776]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2010-04-06 450048]

R3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [2008-04-04 178560]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2002-02-02 31080]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 SimpleHelpSimpleGatewayService;SimpleHelp SimpleGateway Service;c:\program files (x86)\SimpleHelpService\SimpleService.exe [2002-02-01 98712]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]

S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [2002-02-02 927840]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-07-10 1222144]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-28 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-08-02 04:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2012-08-07 01:35 244688 ----a-w- c:\users\KittyMau\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2012-08-07 01:35 244688 ----a-w- c:\users\KittyMau\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2012-08-07 01:35 244688 ----a-w- c:\users\KittyMau\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"combofix"="c:\combofix\CF30729.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM

TCP: DhcpNameServer = 167.206.245.129 167.206.245.130

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll

DPF: {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} - hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

SafeBoot-79039048.sys

SafeBoot-MsMpSvc

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]

"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Java\jre6\bin\javaw.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe

.

**************************************************************************

.

Completion time: 2012-08-28 20:15:10 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-29 00:14

.

Pre-Run: 32,015,278,080 bytes free

Post-Run: 32,529,928,192 bytes free

.

- - End Of File - - 0EC3B433EA521C382F9B571DD0E4E061

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Results of screen317's Security Check version 0.99.48

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2012

Microsoft Security Essentials

Antivirus up to date! (On Access scanning disabled!)

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 6 Update 31

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 21.0.1180.79

Google Chrome 21.0.1180.83

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgtray.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

[Maurice Naggar]

Do not do any websurfing, nor online games, nor online transactions. Only go to this forum and the websites I guide you to.

Questions for you: 1) Is MS Security Essentials your current antivirus program ?

2) What antivirus program was installed before ?

3) Did you have AVG 2012 at some prior time ? was it fully uninstalled ?

4) Was this system ever without an antivirus ?

Make very sure that you uninstall any 'torrent utility off this system

Your logs showed some peer-to-peer filesharing apps: Torrenteasy

Filesharing/downloading from unknown sources is one of the leading causes of transmission of malware.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

NEXT

Delete any prior copy of TDSSKILLER.exe

Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step 1. Close and save any open documents, and exit programs that you started.

Step 2. Download TDSSKiller.exe and SAVE it to a special folder

http://support.kaspe.../tdsskiller.exe

and be sure to SAVE it in this folder --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4

Please read carefully and follow these steps.

• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Please Copy & Paste that log in reply.

[igiveup]

Never got a black DOS box. Putting that line in the run box only opened the folder. When I tried running TDSSKiller from the folder as admin, I got a brief hourglass (or whatever you call it in Win7) then nothing. This is the same thing that has happened every time I try to run this app.

[igiveup]

also tried in safe mode...no luck

[Maurice Naggar]

Your system is WIN7, so are you very sure you followed my outline of steps?

You are sure you got the command-prompt-windows started in an elevated access (with admin rights) ??

Restart Windows 7 fresh (new start) in Normal mode.

I need for you to run RKILL one more time.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Step 3

Here's another tool to use: MSRT from Microsoft.

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft.com/downloads/details.aspx?familyid=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.microsoft.com/?kbid=890830

If no infections were found, you will see in your log

Results Summary:

----------------

No infection found.

Step 4

Download Dr.Web CureIt to the desktop.

• Turn OFF your antivirus program.
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, chose the Complete Scan.
  
• Select all drives. A red dot shows which drives have been chosen.
  
• Click the green arrow at the right, and the scan will start.
  
• Click 'Yes to all' if it asks if you want to cure/move the file.
  
• When the scan has finished, look and see if you can click the following icon next to the files found:
  
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  
• Save the report to your desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
  
• Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
  

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Also, tell me, How is the system now ?

[Maurice Naggar]

How's it going? Kindly provide status update. Do you still need help?

[igiveup]

Sorry was out of town for a couple days. Dr Cure seemed to do it!!!!! No evidence of any infection for a day!!!! Turned on AVG. All seems well for now. I want to thank you so much for all your help! Is there somewhere I can give you a good rating or soemthing like that?

[Maurice Naggar]

Very good

You may leave comments on my profile feed page http://forums.malwar...p?showuser=2622

Adobe Reader

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Java runtime

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Accept the EULA & Download the latest version of >> Windows Offline << from here
  or >> from here <<
  and save it to your desktop.
  
• Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
  How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  
• Close any programs you may have running - especially your web browser(s).
  
• Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-7u7-windows-i586.exe to install the newest version.
  ( jre-7u7-windows-x64.exe if this is a 64-bit Windows o.s.)
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    
    • 
      Applications and Applets
      Trace and Log Files
      

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Cleanups

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix ),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

• Highlight the line in this CODEBOX.
  Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
  

  c:\users\KittyMau\Desktop\ComboFix.exe /uninstall

  
  

• Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
  Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
  Then tap Enter
  

IF in the case Combofix un-install has an issue, skip that step.

NEXT

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

aswMBR.exe

CKScanner.exe

RKILL

RogueKiller.exe

SecurityCheck.exe

Stinger.exe

TDSSKILLER.exe

DrWeb Cure-It

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Critical Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacools...areblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winh...02/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
  Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
  or Paragon Backup & Recovery http://www.paragon-s...e/download.html
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  ESET Online Scanner
  BitDefender Quickscan
  Trend Micro Housecall
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.

Edited September 2, 2012 by Maurice Naggar

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!