Solved Safe Mode Not Working (nor anything else)

hawk22 · 2008/07/09

[Resolved] Safe Mode Not Working (nor anything else)

Hi, can not decide whether this should be here or hardware or Viruses, as it contains the lot.
A mate at work asked me to have a look at his Laptop
"Compaq Presario C300" Windows XP Home this is about all that I can find out.
What is happening is this: Start PC will take very long time before a desktop comes up then message will pop up windows can not find " C:\Windows\System32\proper.exe "
then next will pop up Not enough memory page file to low.
Programs installed will not open not enough system memory, Safe Mode options will appear when starting in safe mode but then neither option will start it just sits at the options. I have not opened the machine as I don't know yet if he has warranty on it, tried to load from USB stick siw or everest to see how much Ram is installed but it will not recognize any USB stick.
Now comes the nasty part when I managed to have a look in programs I noticed that "Antivirus 2008" was installed now I wonder if a Virus is causing all this and it is not really short on Ram.
I assume that the second partition apart from the C drive is the recovery but it will not open to have a look at.
Any ideas on a remedy.
hawk22

mickzer · 2008/07/09

I think it would be better to go to Removing Spyware & Viruses forum first and get cleaned up.Proper.exe seems to be a virus.:http://www.prevx.com/filenames/17814090321396834-10850436/PROPER.EXE.html

mickzer.

PeteC · 2008/07/09

hawk22

Not only is proper.exe undesirable so is Antivirus 2008 so read this and post the logs here in this thread which I have moved to the Removing Spyware & Viruses forum.

noahdfear · 2008/07/09

Hi hawk22,

I can make a recommendation just on the information you've provided that will get things moving along a bit faster. So, here goes.

Download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

The ComboFix log will be located at C:\ComboFix.txt

After you've run ComboFix, see if safe mode will boot successfully and let me know.

hawk22 · 2008/07/10

Hi and thanks for the help so far, unfortunately I have been unable to perform any task, as the page file error is preventing me from executing tasks.
When I try to open Internet Explorer I get the following error.
"The paging file is to small for this operation to complete "
USB sticks it will not recognize, it will load a CD and let me look at the contents of the CD but when it comes to open anything or like the files like ComboFix or Deckard's it is the same answer paging file is to small for this operation to complete.
I don't know how much Ram the machine has installed and if upping it would help, unfortunately the poor bugger got called up for Jury Duty and I can not contact him, but I don't think he would know anyway.
Besides I have never opened a Laptop before to do a manual check.
Also it is preventing me from opening Device Manager.
Any hope for this thing ??????
I have just found some basic info on this thing. Standard Ram is 256MB of DDR2533 (maybe that is what's in it)
Video Ram up to 128 MB shared video memory
Supports up to 2 GB DDR2 memory.

noahdfear · 2008/07/10

Right click My Computer and select Properties
Select the Advanced tab
Click Settings in the Performance section
Select Adjust for best performance
Click Apply
Click OK then OK to exit

Try running ComboFix again, with All other programs shut down.

hawk22 · 2008/07/11

thanks Dave, no joy yet, comes up with: The operation has been cancelled due to restrictions in effect on this computer.
Please contact your system administrator.
Most of the time when I boot up the Log On screen does not come up but on the odd occasion it does with the option of his name or change user but not Administrator and Control Panel is not present.
Any way to get around that??
hawk22

noahdfear · 2008/07/11

This zip file contains an inf file. Extract the inf file, then right click it and select Install.
Immediately run ComboFix.

If still noy joy, download SafeBootKeyRepair
Save it to your desktop.
Double click to run it then see if the computer will boot into safe mode and run ComboFix from there.

hawk22 · 2008/07/12

Hi Dave, I have downloaded the combo fix from this PC to try and transfer it to the desktop of the sic Laptop but on my PC the file is locked security as it comes from another PC but I do have a option to unlock is that the normal procedure I thought I ask you first before I go ahead with it.
hawk22

noahdfear · 2008/07/13

Quite alright to unlock it if necessary.

hawk22 · 2008/07/15

Hi, I have had a look inside the machine and believe it or not it only has 256mb of ram. I will not try more now until I can upgrade the ram to 1Gig. I am sure that we can make progress then.
hawk22

hawk22 · 2008/07/20

Hi Dave I am back, sorry for the delay but I had to wait for approval for the Ram upgrade. Well I put an extra 1 Gig in the Machine and that made all the difference I have now Safe Mode back came back with the extra ram and all the programs including the Internet is now working.
To let you know what I have done so far I ran BitDefender and that cleaned out a stack of infected Files I then run Kaspersky Trail that cleared some more so did ComboFix I then went back to Kaspersky as there is one stubborn file that will not be removed and that is:
C:\Windows\system32\catsr.dll
Kaspersky recommend IceSword and use Force Delete to remove the file.
I did find a similar file after unhiding files and folders they are: catsrv.dll,- catsrvps.dll,- and catsrvut.dll
now I did not delete those files as I don't know if they are related to catsr.dll and safe to delete.
I also have found two more files I don't know if to delete or not
dcsm.exe belonging to Drive Cleaner (Virus or Trojan)
dmap.rpt belonging to Error Digger also (Virus or Trojan)
I would greatly appreciate your guidance to finish cleaning this up.
hawk22

hawk22 · 2008/07/20

This is the ComboFix Report Log

ComboFix 08-07-19.1 - PAUL McVILLY 2008-07-20 23:41:35.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.654 [GMT 10:00]
Running from: C:\Documents and Settings\PAUL McVILLY\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.

2008-07-20 11:52 . 2008-07-20 11:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-19 23:18 . 2008-07-19 23:32 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-19 23:18 . 2008-07-19 23:32 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-19 23:17 . 2008-07-19 23:17 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-19 23:17 . 2008-07-20 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-19 23:17 . 2008-07-20 23:45 1,895,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-19 23:17 . 2008-07-20 13:49 26,084 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-19 23:17 . 2008-07-20 23:44 12,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-19 23:17 . 2008-07-20 13:49 1,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-19 22:49 . 2008-07-19 22:49 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-19 22:48 . 2008-07-19 22:48 <DIR> d-------- C:\kav
2008-07-19 19:52 . 2008-07-19 19:52 <DIR> d-------- C:\Deckard
2008-07-19 19:20 . 2008-07-19 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-19 17:43 . 2008-07-19 18:45 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-19 16:22 . 2008-07-19 20:07 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-19 16:15 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 13:32 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-19 12:23 --------- d-----w C:\Program Files\PasswordInspector (Paid)
2008-07-19 09:46 --------- d-----w C:\Program Files\ErrorDigger (Paid Edition)
2008-07-19 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\System Doctor Free
2008-07-19 08:13 --------- d-----w C:\Program Files\Common Files\ErrClean
2008-07-19 07:10 3,756 ----a-w C:\Documents and Settings\PAUL McVILLY\Application Data\wklnhst.dat
2008-06-27 08:58 2,615 ----a-w C:\Documents and Settings\PAUL McVILLY\mpr2.dat
2008-06-27 08:58 2,615 ----a-w C:\Documents and Settings\PAUL McVILLY\mpr.dat
2008-06-19 08:40 --------- d-----w C:\Documents and Settings\PAUL McVILLY\Application Data\System Doctor Free
2008-06-19 08:24 --------- d-----w C:\Documents and Settings\PAUL McVILLY\Application Data\Sellmosoft
2008-06-16 09:48 --------- d-----w C:\Program Files\Common Files\DriveCleaner Freeware
2008-06-06 09:37 --------- d-----w C:\Documents and Settings\PAUL McVILLY\Application Data\SysCleaner
2008-05-22 09:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 09:07 --------- d-----w C:\Documents and Settings\PAUL McVILLY\Application Data\AdobeUM
2007-10-11 06:52 34,205 ----a-w C:\Documents and Settings\PAUL McVILLY\last_report.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-19_21.10.32.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-28 09:51:04 195,344 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-12-13 03:28:40 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-02-08 08:35:42 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
+ 2008-02-08 08:37:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
- 2004-09-16 17:51:01 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
+ 2004-12-06 23:11:00 258,352 ----a-w C:\WINDOWS\system32\unicows.dll
+ 2006-09-11 00:56:00 526,184 ----a-w C:\WINDOWS\system32\XceedCry.dll
+ 2006-12-21 04:18:00 497,496 ----a-w C:\WINDOWS\system32\XceedZip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01FAF5A4-915B-406F-8D70-084643200489}]
C:\WINDOWS\system32\adsld.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant "= "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 15:58 458752]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 22:13 77824]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-23 16:43 102400]
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11 49152]
"Cpqset "= "C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 12:50 40960]
"High Definition Audio Property Page Shortcut "= "CHDAudPropShortcut.exe" [2006-06-03 01:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\\Program Files\\uTorrent\\utorrent.exe "=
"C:\\Program Files\\BitTorrent\\bittorrent.exe "=
"C:\\Program Files\\DNA\\btdna.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe "=

R0 nqsgbjac;nqsgbjac;C:\WINDOWS\system32\drivers\jwaxykhj.dat [2007-12-07 15:58]
R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2007-12-12 12:28]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 08:40:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-20 13:10:06 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-26 10:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - PAUL McVILLY.job "
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-05-18 05:41:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job "
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-05 22:19:03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job "
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 23:45:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???X_??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nqsgbjac]
"ImagePath "= "system32\drivers\jwaxykhj.dat "
.
Completion time: 2008-07-20 23:46:11
ComboFix-quarantined-files.txt 2008-07-20 13:46:07
ComboFix2.txt 2008-07-19 11:11:39

Pre-Run: 38,557,691,904 bytes free
Post-Run: 38,552,604,672 bytes free

127 --- E O F --- 2008-02-13 06:14:29

noahdfear · 2008/07/20

First, please post the contents of C:\Qoobox\ComboFix2.txt

Then, highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
File::
C:\Windows\system32\catsr.dll
C:\Documents and Settings\PAUL McVILLY\mpr2.dat
C:\Documents and Settings\PAUL McVILLY\mpr.dat
C:\WINDOWS\system32\drivers\jwaxykhj.dat
Folder::
C:\Program Files\PasswordInspector (Paid)
C:\Program Files\ErrorDigger (Paid Edition)
C:\Documents and Settings\All Users\Application Data\System Doctor Free
C:\Program Files\Common Files\ErrClean
C:\Documents and Settings\PAUL McVILLY\Application Data\System Doctor Free
C:\Documents and Settings\PAUL McVILLY\Application Data\Sellmosoft
C:\Program Files\Common Files\DriveCleaner Freeware
C:\Documents and Settings\PAUL McVILLY\Application Data\SysCleaner
Driver::
nqsgbjac
Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nqsgbjac]
[-HKEY_CURRENT_USER\Software\ErrorDigger]
[-HKEY_LOCAL_MACHINE\SOFTWARE\ErrorDigger]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ErrorDigger (Paid Edition)]
[-HKEY_CURRENT_USER\Software\Sellmosoft\ErrorDigger]
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

hawk22 · 2008/07/20

Thanks Dave,
The C:\Qoobox\ComboFix2.txt is double the size than I can post here.
Do you want me to try to send it in halves.
hawk22

Dave the new log will not fit it is too big as well

noahdfear · 2008/07/20

Yes, just split the log up into 2 or more posts.

hawk22 · 2008/07/20

OK First halfe

ComboFix 08-07-19.1 - PAUL McVILLY 2008-07-21 11:15:01.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.646 [GMT 10:00]
Running from: C:\Documents and Settings\PAUL McVILLY\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\PAUL McVILLY\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\PAUL McVILLY\mpr.dat
C:\Documents and Settings\PAUL McVILLY\mpr2.dat
C:\Windows\system32\catsr.dll
C:\WINDOWS\system32\drivers\jwaxykhj.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\System Doctor Free
C:\Documents and Settings\PAUL McVILLY\Application Data\Sellmosoft
C:\Documents and Settings\PAUL McVILLY\Application Data\Sellmosoft\PasswordInspector\PiMofuleFileHashes.pp
C:\Documents and Settings\PAUL McVILLY\Application Data\Sellmosoft\PasswordInspector\PiProtector.pp
C:\Documents and Settings\PAUL McVILLY\Application Data\SysCleaner
C:\Documents and Settings\PAUL McVILLY\Application Data\SysCleaner\settings.dat
C:\Documents and Settings\PAUL McVILLY\Application Data\System Doctor Free
C:\Documents and Settings\PAUL McVILLY\Application Data\System Doctor Free\Logs\update.log
C:\Documents and Settings\PAUL McVILLY\mpr.dat
C:\Documents and Settings\PAUL McVILLY\mpr2.dat
C:\Program Files\Common Files\DriveCleaner Freeware
C:\Program Files\Common Files\DriveCleaner Freeware\dcsm.exe
C:\Program Files\Common Files\ErrClean
C:\Program Files\ErrorDigger (Paid Edition)
C:\Program Files\ErrorDigger (Paid Edition)\dmap.rpt
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\001_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\001_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\003_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\003_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\006_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\006_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\007_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\007_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\009_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\009_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\011_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\011_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\013_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\013_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\016_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\016_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\017_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\017_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\020_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\020_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\023_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\023_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\027_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\027_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\030_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\030_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\031_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\031_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\033_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\033_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\040_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\040_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\042_edbak.reg
C:\Program Files\ErrorDigger (Paid Edition)\EdTweaks\042_eddat.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\edbak_date.dat
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\edbak_desc.dat
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\edbak_path.dat
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\edrep_date.dat
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\edrep_desc.dat
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\edrep_file.dat
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\edrep_ploc.dat
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo00103207617477678283756886560532004D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo002235317216523346603117458101800030.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo012817263028658153787557831310480041.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo016442136050677848410313086730310005.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo017604080687374744383642200817100053.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo023477485618215255376847584764270064.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo034246727446766143233755564064840034.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo035221731743332307103553802033560046.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo037826426440353154127138120125100025.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo04740862830836350842365808163240005D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo05175367266216074162224848268320005B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo05180142041160165210361758634138002B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo052601007475543552224464048244620074.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo053804716372616272732562483766520073.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo05603654754101385081011644731786006B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo060083284272117072018732064273780075.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo060435876378400567667305323366170001.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo062064457331720220356034181342720021.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo065817316404600773382726406771230004.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo068577126138726470461244654755070067.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo071531388362537656706785733013610004.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo07305147417713882631553714250010006B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo074562603827285207011504343716610012.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo075283345671172313503742760188330060.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo08235401008514858171518464235771001B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo084237037043424210528853345640640012.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo08515682740341440562226834476644000E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo087113087380176114373114223707570047.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo087842208632028412627841038375250022.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo115546620348441582201240232802240008.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo118652612444641465157775587726510009.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo120430326718326876500835020516320058.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo120624120057837622385431010086410070.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo125342484004468187006248636474640011.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo12541727652441418275204561732588001C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo127533227507601183650455418880280037.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo13473804867583385277583645545217002F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo137603650560807458005451170826400011.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo14075034702222504770884002417375001B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo14148377048145872137125226217782001C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo148434318350044672176768521475520013.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo151451887648574064652431157660630045.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo154383567275040684523310234820510038.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo15602022463521170144488504622445004F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo15628744256266620154253515543843003D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo158636562256507787125710711104320074.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo16035207257236870463376385216223005C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo175377667213807362402415562536340058.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo177838317446273073776548663715250007.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo183646347764438527315206132187230050.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo184253734136366025800674167655120029.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo184434112760536361416578263540470020.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo207733258825724250280240861075370001.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo21530133646323457537548735203830001D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo220026322582534757206035851248410044.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo22056774657234324266823428558273005D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo227377148682615346115370266284460035.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo231466775321483672873511204707420002.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo233823024463762015662623272667630039.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo23415701883520800856667572628310001A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo236713660441721137150332332212810054.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo237645427261231450343577854444130036.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo238834512734165315485232136130670028.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo241180026626248218141577471632660052.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo24267357176181152645022300275752001A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo244180181422570047641446758146770007.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo250576381032573744724585342703610015.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo255141855674021167864627441437730022.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo258485524226363046642578175186710043.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo26376345811710560638834028647541004B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo26388223337140111780803734710045001D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo265011222158818365512342520457720071.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo267846666041063451810547080643830057.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo26834083615350058721000307753056006F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo270278143710250186532812012646430054.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo271048204877724623248482102281180062.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo271080163146688673448677206651510048.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo274054600268364821613306150674660026.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo27542202388112680385543358653780003D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo284824411056123070635367727812520043.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo285410684017787425158061288332770002.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo285533483167846735261628872870020016.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo286265026473105513261043728456260039.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo28682202471522562805674624133021000F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo30462285014088385063260624444030000A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo306404560618803255322874435677050042.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo31138217155211034478411016846525006A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo314702482218447216561334742253810019.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo316417838754174182430533804324710031.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo32373336376382786525207816770387005C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo324700604815145488137362140402840056.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo32488271887186047456622862636126002E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo32662303406885313051805375138056000B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo327225850855460326355687730537210026.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo327360054375422680446323027022550069.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo32867631620583663837043731858136000F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo33121431055354138041174743773866003F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo33313364847450054723720867401121002C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo33564814224001104532348664185311005E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo33883254764346882613673340860587002B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo341650631225371026332650563373130008.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo342510364722686764547711675273670028.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo35001706162382733840111115131084000A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo35184004700233431610876458367682004B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo355672517750480660244262336315430072.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo361852665311781302033382304018860020.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo363823546578042866888615278777850065.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo372206383247330562282624186717870000.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo377318112758130582340303746741170071.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo377852165852330762471583303471260047.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo37852715063533487606323187477781003C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo38482305203256721657540418420833004A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo386650142221361740604038867502750033.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo388835114561148633361115446124850023.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo38888680821740637520344744373283004A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo407222680510505868542443781070680029.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo410147612157376208216606707654180037.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo41088756488768435143503014615021004C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo41351454056536317882211128228282000C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo415617003540084573737808823808820006.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo421702876346285314327802286631080017.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo427218133553658336672570647058050014.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo43105526155683344731326727664261004E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo434633647571166331178716481686320063.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo435331825325723843680033368611870050.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo435528637381085586585343245047340070.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo43830774241308672301107250404726002A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo440851504651416403514375074460160066.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo44836843838483625120726866537776003E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo46284037087365652522523207084416006E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo463744172415213617078078818187010065.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo46424587540113701201741051854788003A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo465767051363778083105380718383370053.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo465862068348708441025654434573760066.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo46636817042437556834683872633174006C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo47853253418531132582442475446181003B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo48506482701526175246877578686115006F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo485507643700445688026104347363660000.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo487507072608407534705380354528350023.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo50328815154110344045102008853762003E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo504684625131610354048267128221170010.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo50534212362322383625560136267385001F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo50825466423213756434273845406118000D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo510172651831006033128552017248430024.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo51053235554833816742138843413860002F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo512841562656278745131187500685220051.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo521515410184371485120321425677630052.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo522470181164186428132174421140620059.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo522521508047301013376073043650720049.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo52444170266027755030445510710118002E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo528787723730736544127636357711410005.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo532610123405752586121166177473740072.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo53306031216723808785856875608133004F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo534807663052450717818476153078580027.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo53728316244355128054530202881887004E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo542062447280351547358004260212530018.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo54225566266084408568016881767583005A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo543783333125263430530006161746550040.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo545258062716463136171460387114870027.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo551821564202370774373582202066770057.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo55271465172468035357322128177326006D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo557632055630230384062704055574130049.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo563172784248000155306155587863880061.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo567024061853031355657585815182830034.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo578870364736772602857832621448840018.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo581666484515774425046062814100440042.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo582303501741733535485145568504480009.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo58301818142330600612625283022855000E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo586440058084673675231480786417800036.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo587753031526852134472668781168100068.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo617105762374346245160336034450640041.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo622304233138243000544631241654770031.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo633256176538756245350621783765270013.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo641107155878021077738031805362650016.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo647181124286338080727850886230340017.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo647403123773086470448618134278530035.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo65271270641330021378438413453866003B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo653130212386177807817820568372700064.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo65360767837175448567635586547028000B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo65453686067031358305043226425718005A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo662602373053244571637373585707440067.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo665153546328176121677503555353700068.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo66772261265513474356534773111183003F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo668683466365075052125703283402270046.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo670408684128845187787114234156830002.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo670416683636787120541585347473400055.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo671702320601373758327387162172150021.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo672678360066766668483865266540080045.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo68476007760701731400175546568726002D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo686177687776706610335872134652310014.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo686477768481338213838525362417560006.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo686813858453784477476685164352620015.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo70650672576332424338238635011106003A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo710665751876064846032518357535010025.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo71233244344743683272454408644150003C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo71335800213786255638062332277458004C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo718715121123522333752116576515650003.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo720432810017888025016874062551620060.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo725456013403726670668637028360410002.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo72747172136636033885383620261433000D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo731585010508818885862534761461620001.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo733574151572634402687377335261080055.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo734521157831667151741640018610030075.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo74013443835787251654830708665342006E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo743670153275024312673404843603750032.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo744552017200687578303683350234480003.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo746551713565273157453455285265670033.reg

hawk22 · 2008/07/20

OK second halfe,

C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo75075482772203588483528707432831005B.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo754422225020003281152672350551570061.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo756873645486242471883351855688060003.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo757787182678274663643621080083200000.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo75822325125788512122685701117527001F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo771646212683328222764016236420800000.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo773770680258123005185855325225110059.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo77635631404615734524123201180175005E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo781883005568642160435577851128340069.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo78346016665664070524624278256278006A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo784455523315250561263086343471840073.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo786154225635203564142506436464030010.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo788303467881506888617414774063450056.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo800124541717813385156214455456480062.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo801160305164371804632871305753210019.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo804821722014560088011021344142740030.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo806404726386427145365150038765040063.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo808823562521440035366643503165160040.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo824340387383100871744023733702740024.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo827554154716304504325301716183610048.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo82818784675414885814323316816585002D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo836481407081736182623118080113600044.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo84040504050756405625711603153412005F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo84401742765243136146707472426203000C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo845733031020335136003662045481810001.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo85087250288407821875766643403357006D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo85114608304747825344880210417174001E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo85168100125822846616178434684787001E.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo85730766340310475231355342423887005F.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo86085264588886453405223222257313002C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo86464273424154857556471683326416004D.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo871345014483734715476211110001570032.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo87458400555688116262044732652462002A.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo880777441016828403141873868484380038.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo88263422052547372821310651012820006C.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo884848736776013610302002871060780003.reg
C:\Program Files\ErrorDigger (Paid Edition)\Undo_Data\undo888322321127013246628072072566480051.reg
C:\Program Files\PasswordInspector (Paid)
C:\Program Files\PasswordInspector (Paid)\BtfToWd.dll
C:\Program Files\PasswordInspector (Paid)\btwapi.dll
C:\Program Files\PasswordInspector (Paid)\CReader.dll
C:\Program Files\PasswordInspector (Paid)\license.txt
C:\Program Files\PasswordInspector (Paid)\passinsp.chm
C:\Program Files\PasswordInspector (Paid)\passinsp.exe
C:\Program Files\PasswordInspector (Paid)\PcidCrc.dll
C:\Program Files\PasswordInspector (Paid)\pibho.dll
C:\Program Files\PasswordInspector (Paid)\picapbtn.dll
C:\Program Files\PasswordInspector (Paid)\piffbho.xpi
C:\Program Files\PasswordInspector (Paid)\pikeeper.dll
C:\Program Files\PasswordInspector (Paid)\pipcact.dll
C:\Program Files\PasswordInspector (Paid)\piprot.dll
C:\Program Files\PasswordInspector (Paid)\piprotdb.dll
C:\Program Files\PasswordInspector (Paid)\piprotui.dll
C:\Program Files\PasswordInspector (Paid)\piprtrun.exe
C:\Program Files\PasswordInspector (Paid)\pires.dll
C:\Program Files\PasswordInspector (Paid)\readme.txt
C:\Program Files\PasswordInspector (Paid)\Sellmsft.dll
C:\Program Files\PasswordInspector (Paid)\unins000.dat
C:\Program Files\PasswordInspector (Paid)\unins000.exe
C:\Program Files\PasswordInspector (Paid)\unzip32.dll
C:\WINDOWS\system32\drivers\jwaxykhj.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NQSGBJAC
-------\Service_nqsgbjac

((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))
.

2008-07-20 11:52 . 2008-07-20 11:52 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-19 23:18 . 2008-07-19 23:32 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-19 23:18 . 2008-07-19 23:32 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-19 23:17 . 2008-07-19 23:17 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-07-19 23:17 . 2008-07-20 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-19 23:17 . 2008-07-21 11:26 2,060,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-19 23:17 . 2008-07-21 11:25 28,628 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-19 23:17 . 2008-07-21 11:25 24,608 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-19 23:17 . 2008-07-21 11:25 3,380 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-19 22:49 . 2008-07-21 00:10 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-19 22:48 . 2008-07-19 22:48 <DIR> d-------- C:\kav
2008-07-19 19:52 . 2008-07-19 19:52 <DIR> d-------- C:\Deckard
2008-07-19 19:20 . 2008-07-19 23:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-07-19 17:43 . 2008-07-19 18:45 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-19 16:22 . 2008-07-19 20:07 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-19 16:15 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 14:03 --------- d-----w C:\Program Files\Qtrax_20080125
2008-07-19 13:32 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-07-19 07:10 3,756 ----a-w C:\Documents and Settings\PAUL McVILLY\Application Data\wklnhst.dat
2008-05-22 09:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 09:07 --------- d-----w C:\Documents and Settings\PAUL McVILLY\Application Data\AdobeUM
2007-10-11 06:52 34,205 ----a-w C:\Documents and Settings\PAUL McVILLY\last_report.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-19_21.10.32.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-28 09:51:04 195,344 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2007-12-13 03:28:40 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-02-08 08:35:42 23,604 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
+ 2008-02-08 08:37:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01FAF5A4-915B-406F-8D70-084643200489}]
C:\WINDOWS\system32\adsld.dll [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant "= "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 15:58 458752]
"igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 22:13 77824]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-23 16:43 102400]
"HP Software Update "= "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11 49152]
"Cpqset "= "C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 12:50 40960]
"AVP "= "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]
"High Definition Audio Property Page Shortcut "= "CHDAudPropShortcut.exe" [2006-06-03 01:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"C:\\Program Files\\uTorrent\\utorrent.exe "=
"C:\\Program Files\\BitTorrent\\bittorrent.exe "=
"C:\\Program Files\\DNA\\btdna.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe "=

R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2007-12-12 12:28]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
.
Contents of the 'Scheduled Tasks' folder
"2008-01-02 08:40:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-21 01:10:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job "
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-26 10:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - PAUL McVILLY.job "
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-05-18 05:41:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job "
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-01-05 22:19:03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job "
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 11:26:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ???X_??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
.
**************************************************************************
.
Completion time: 2008-07-21 11:30:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-21 01:29:52
ComboFix2.txt 2008-07-20 13:46:12
ComboFix3.txt 2008-07-19 11:11:39

Pre-Run: 38,556,483,584 bytes free
Post-Run: 38,510,682,112 bytes free

456 --- E O F --- 2008-02-13 06:14:29

noahdfear · 2008/07/20

Looks good. Can you just zip the qoobox folder and email it to me? I'd like to see what registry items were removed with ErrorDigger, among other things. Looks like he paid for those rogue apps. Too bad there's no recourse for gettin those $$ back.

You'd be doing him a favor to uninstall the torrents.

Run another Kaspersky scan, save the report and post it here please.

hawk22 · 2008/07/21

thanks Dave, yes he told me it cost him over 200 Dollars, but everyone is using either UTorrent or Limewire to download stuff, they will not learn.
Which is in your opinion the better Kaspersky or BitDefender they both have the online scan.
hawk22

Log in or Sign up

Solved Safe Mode Not Working (nor anything else)

hawk22 Geek Member Thread Starter

mickzer Well-Known Member

PeteC SuperGeek Staff

noahdfear Inactive

hawk22 Geek Member Thread Starter

noahdfear Inactive

hawk22 Geek Member Thread Starter

noahdfear Inactive

hawk22 Geek Member Thread Starter

noahdfear Inactive

hawk22 Geek Member Thread Starter

hawk22 Geek Member Thread Starter

hawk22 Geek Member Thread Starter

noahdfear Inactive

hawk22 Geek Member Thread Starter

noahdfear Inactive

hawk22 Geek Member Thread Starter

hawk22 Geek Member Thread Starter

noahdfear Inactive

hawk22 Geek Member Thread Starter

Share This Page

Log in or Sign up

Solved Safe Mode Not Working (nor anything else)

hawk22 Geek Member Thread Starter

mickzer Well-Known Member

PeteC SuperGeek Staff

noahdfear Inactive

hawk22 Geek Member Thread Starter

noahdfear Inactive

hawk22 Geek Member Thread Starter

noahdfear Inactive

hawk22 Geek Member Thread Starter

noahdfear Inactive

hawk22 Geek Member Thread Starter

hawk22 Geek Member Thread Starter

hawk22 Geek Member Thread Starter

noahdfear Inactive

hawk22 Geek Member Thread Starter

noahdfear Inactive

hawk22 Geek Member Thread Starter

hawk22 Geek Member Thread Starter

noahdfear Inactive

hawk22 Geek Member Thread Starter

Share This Page

Useful Searches