Jump to content

My HJT Log I have a Trojan ?


darkeyes
 Share

Recommended Posts

<p> </p>

<div>MBRCheck, version 1.2.3</div>

<div>© 2010, AD</div>

<div> </div>

<div>Command-line:<span class="Apple-tab-span" style="white-space:pre"> </span></div>

<div>Windows Version:<span class="Apple-tab-span" style="white-space:pre"> </span>Windows XP Professional</div>

<div>Windows Information:<span class="Apple-tab-span" style="white-space:pre"> </span>Service Pack 3 (build 2600)</div>

<div>Logical Drives Mask:<span class="Apple-tab-span" style="white-space:pre"> </span>0x000007fc</div>

<div> </div>

<div>Kernel Drivers (total 148):</div>

<div>  0x804D7000 WINDOWSsystem32ntkrnlpa.exe</div>

<div>  0x806E5000 WINDOWSsystem32hal.dll</div>

<div>  0xF7A42000 WINDOWSsystem32KDCOM.DLL</div>

<div>  0xF7952000 WINDOWSsystem32BOOTVID.dll</div>

<div>  0xF7413000 ACPI.sys</div>

<div>  0xF7A44000 WINDOWSsystem32DRIVERSWMILIB.SYS</div>

<div>  0xF7402000 pci.sys</div>

<div>  0xF7542000 isapnp.sys</div>

<div>  0xF7552000 ohci1394.sys</div>

<div>  0xF7562000 WINDOWSsystem32DRIVERS1394BUS.SYS</div>

<div>  0xF7B0A000 pciide.sys</div>

<div>  0xF77C2000 WINDOWSsystem32DRIVERSPCIIDEX.SYS</div>

<div>  0xF7A46000 viaide.sys</div>

<div>  0xF7A48000 intelide.sys</div>

<div>  0xF7572000 MountMgr.sys</div>

<div>  0xF73E3000 ftdisk.sys</div>

<div>  0xF7A4A000 dmload.sys</div>

<div>  0xF73BD000 dmio.sys</div>

<div>  0xF77CA000 PartMgr.sys</div>

<div>  0xF7582000 VolSnap.sys</div>

<div>  0xF73A5000 atapi.sys</div>

<div>  0xF72D0000 iaStor.sys</div>

<div>  0xF7592000 SMPLSCSI.SYS</div>

<div>  0xF72B8000 WINDOWSSystem32driversSCSIPORT.SYS</div>

<div>  0xF7275000 ftsata2.sys</div>

<div>  0xF75A2000 disk.sys</div>

<div>  0xF75B2000 WINDOWSsystem32DRIVERSCLASSPNP.SYS</div>

<div>  0xF7255000 fltmgr.sys</div>

<div>  0xF7243000 sr.sys</div>

<div>  0xF75C2000 Lbd.sys</div>

<div>  0xF75D2000 bb-run.sys</div>

<div>  0xF77D2000 PxHelp20.sys</div>

<div>  0xF722C000 KSecDD.sys</div>

<div>  0xF719F000 Ntfs.sys</div>

<div>  0xF7172000 NDIS.sys</div>

<div>  0xF75E2000 Combo-Fix.sys</div>

<div>  0xF7158000 Mup.sys</div>

<div>  0xF75F2000 gagp30kx.sys</div>

<div>  0xF77DA000 avgrkx86.sys</div>

<div>  0xF7956000 AVGIDSEH.Sys</div>

<div>  0xF7642000 SystemRootsystem32DRIVERSnic1394.sys</div>

<div>  0xF69FF000 SystemRootsystem32DRIVERSintelppm.sys</div>

<div>  0xF67EC000 SystemRootsystem32DRIVERSati2mtag.sys</div>

<div>  0xF67D8000 SystemRootsystem32DRIVERSVIDEOPRT.SYS</div>

<div>  0xF784A000 SystemRootsystem32DRIVERSusbohci.sys</div>

<div>  0xF67B4000 SystemRootsystem32DRIVERSUSBPORT.SYS</div>

<div>  0xF7852000 SystemRootsystem32DRIVERSusbehci.sys</div>

<div>  0xF69EF000 SystemRootsystem32DRIVERSimapi.sys</div>

<div>  0xF69DF000 SystemRootsystem32DRIVERScdrom.sys</div>

<div>  0xF69CF000 SystemRootsystem32DRIVERSredbook.sys</div>

<div>  0xF6791000 SystemRootsystem32DRIVERSks.sys</div>

<div>  0xF6769000 SystemRootsystem32DRIVERSHDAudBus.sys</div>

<div>  0xF785A000 SystemRootsystem32DRIVERSfdc.sys</div>

<div>  0xF6755000 SystemRootsystem32DRIVERSparport.sys</div>

<div>  0xF69BF000 SystemRootsystem32DRIVERSi8042prt.sys</div>

<div>  0xF7862000 SystemRootsystem32DRIVERSPS2.sys</div>

<div>  0xF786A000 SystemRootsystem32DRIVERSkbdclass.sys</div>

<div>  0xF7A9A000 SystemRootsystem32DRIVERSarkbcfltr.sys</div>

<div>  0xF7872000 SystemRootsystem32DRIVERSaracpi.sys</div>

<div>  0xF6649000 SystemRootsystem32DRIVERSAGRSM.sys</div>

<div>  0xF787A000 SystemRootSystem32DriversModem.SYS</div>

<div>  0xF6636000 SystemRootsystem32DRIVERSRtlnicxp.sys</div>

<div>  0xF695E000 SystemRootsystem32DRIVERSarpolicy.sys</div>

<div>  0xF7B64000 SystemRootsystem32DRIVERSaudstub.sys</div>

<div>  0xF69AF000 SystemRootsystem32DRIVERSrasl2tp.sys</div>

<div>  0xF695A000 SystemRootsystem32DRIVERSndistapi.sys</div>

<div>  0xF661F000 SystemRootsystem32DRIVERSndiswan.sys</div>

<div>  0xF699F000 SystemRootsystem32DRIVERSraspppoe.sys</div>

<div>  0xF698F000 SystemRootsystem32DRIVERSraspptp.sys</div>

<div>  0xF7882000 SystemRootsystem32DRIVERSTDI.SYS</div>

<div>  0xF660E000 SystemRootsystem32DRIVERSpsched.sys</div>

<div>  0xF697F000 SystemRootsystem32DRIVERSmsgpc.sys</div>

<div>  0xF788A000 SystemRootsystem32DRIVERSptilink.sys</div>

<div>  0xF7892000 SystemRootsystem32DRIVERSraspti.sys</div>

<div>  0xF65DE000 SystemRootsystem32DRIVERSrdpdr.sys</div>

<div>  0xF77A2000 SystemRootsystem32DRIVERStermdd.sys</div>

<div>  0xF789A000 SystemRootsystem32DRIVERSmouclass.sys</div>

<div>  0xF7AA2000 SystemRootsystem32DRIVERSswenum.sys</div>

<div>  0xF6580000 SystemRootsystem32DRIVERSupdate.sys</div>

<div>  0xF693E000 SystemRootsystem32DRIVERSmssmbios.sys</div>

<div>  0xF7652000 SystemRootSystem32DriversNDProxy.SYS</div>

<div>  0xF76A2000 SystemRootsystem32DRIVERSusbhub.sys</div>

<div>  0xF7AA8000 SystemRootsystem32DRIVERSUSBD.SYS</div>

<div>  0xF1EF9000 SystemRootsystem32driversRtkHDAud.sys</div>

<div>  0xF1ED5000 SystemRootsystem32driversportcls.sys</div>

<div>  0xF76E2000 SystemRootsystem32driversdrmk.sys</div>

<div>  0xF1D6A000 SystemRootsystem32DRIVERSavgmfx86.sys</div>

<div>  0xF7AE8000 SystemRootSystem32DriversFs_Rec.SYS</div>

<div>  0xF0FE2000 SystemRootSystem32DriversNull.SYS</div>

<div>  0xF7A7C000 SystemRootSystem32DriversBeep.SYS</div>

<div>  0xF1698000 SystemRootSystem32driversvga.sys</div>

<div>  0xF7A7E000 SystemRootSystem32Driversmnmdd.SYS</div>

<div>  0xF7A80000 SystemRootSystem32DRIVERSRDPCDD.sys</div>

<div>  0xF123F000 SystemRootSystem32DriversMsfs.SYS</div>

<div>  0xF1237000 SystemRootSystem32DriversNpfs.SYS</div>

<div>  0xF1C80000 SystemRootsystem32DRIVERSrasacd.sys</div>

<div>  0xF0CEB000 SystemRootsystem32DRIVERSipsec.sys</div>

<div>  0xF0C92000 SystemRootsystem32DRIVERStcpip.sys</div>

<div>  0xF0C4B000 SystemRootsystem32DRIVERSavgtdix.sys</div>

<div>  0xF0C25000 SystemRootsystem32DRIVERSipnat.sys</div>

<div>  0xF1445000 SystemRootsystem32DRIVERSwanarp.sys</div>

<div>  0xF1435000 SystemRootsystem32DRIVERSarp1394.sys</div>

<div>  0xF0BFD000 SystemRootsystem32DRIVERSnetbt.sys</div>

<div>  0xF0BDB000 SystemRootSystem32driversafd.sys</div>

<div>  0xF1425000 SystemRootsystem32DRIVERSnetbios.sys</div>

<div>  0xF0BB9000 ??C:Program FilesSuperAntiSpywareSASKUTIL.sys</div>

<div>  0xF122F000 ??C:Program FilesSuperAntiSpywareSASDIFSV.SYS</div>

<div>  0xF0B8E000 SystemRootsystem32DRIVERSrdbss.sys</div>

<div>  0xF0B1E000 SystemRootsystem32DRIVERSmrxsmb.sys</div>

<div>  0xF13E5000 SystemRootSystem32DriversFips.SYS</div>

<div>  0xF1E6A000 SystemRootsystem32DRIVERShidusb.sys</div>

<div>  0xF13C5000 SystemRootsystem32DRIVERSHIDCLASS.SYS</div>

<div>  0xF121F000 SystemRootsystem32DRIVERSHIDPARSE.SYS</div>

<div>  0xF1217000 SystemRootsystem32DRIVERSarhidfltr.sys</div>

<div>  0xF1207000 SystemRootsystem32DRIVERSusbprint.sys</div>

<div>  0xF11FF000 SystemRootsystem32DRIVERSUSBSTOR.SYS</div>

<div>  0xF1E5E000 SystemRootsystem32DRIVERSmouhid.sys</div>

<div>  0xF7A8A000 SystemRootsystem32DRIVERSarmoucfltr.sys</div>

<div>  0xEB44C000 SystemRootsystem32DRIVERSavgldx86.sys</div>

<div>  0xEB428000 SystemRootSystem32DriversFastfat.SYS</div>

<div>  0xEB410000 SystemRootSystem32Driversdump_atapi.sys</div>

<div>  0xF7AE0000 SystemRootSystem32Driversdump_WMILIB.SYS</div>

<div>  0xBF800000 SystemRootSystem32win32k.sys</div>

<div>  0xED9F1000 SystemRootSystem32driversDxapi.sys</div>

<div>  0xF0F89000 SystemRootSystem32watchdog.sys</div>

<div>  0xBF000000 SystemRootSystem32driversdxg.sys</div>

<div>  0xF7BC3000 SystemRootSystem32driversdxgthk.sys</div>

<div>  0xBF012000 SystemRootSystem32ati2dvag.dll</div>

<div>  0xBF051000 SystemRootSystem32ati2cqag.dll</div>

<div>  0xBF08A000 SystemRootSystem32atikvmag.dll</div>

<div>  0xBF0BF000 SystemRootSystem32ati3duag.dll</div>

<div>  0xBF30C000 SystemRootSystem32ativvaxx.dll</div>

<div>  0xBF39F000 SystemRootSystem32ATMFD.DLL</div>

<div>  0xF6558000 SystemRootsystem32DRIVERSndisuio.sys</div>

<div>  0xB85D3000 SystemRootsystem32driverswdmaud.sys</div>

<div>  0xF2518000 SystemRootsystem32driverssysaudio.sys</div>

<div>  0xB8583000 SystemRootsystem32DRIVERSmrxdav.sys</div>

<div>  0xF7AC8000 SystemRootSystem32DriversASPI32.SYS</div>

<div>  0xB852C000 SystemRootsystem32DRIVERSAVGIDSShim.Sys</div>

<div>  0xB83FF000 SystemRootSystem32DriversHTTP.sys</div>

<div>  0xB828F000 SystemRootsystem32DRIVERSsrv.sys</div>

<div>  0xF7912000 SystemRootsystem32DRIVERSAVGIDSFilter.Sys</div>

<div>  0xB8067000 SystemRootsystem32DRIVERSAVGIDSDriver.Sys</div>

<div>  0xF78AA000 ??C:ComboFixcatchme.sys</div>

<div>  0xF7ADC000 ??C:WINDOWSsystem32DriversPROCEXP113.SYS</div>

<div>  0xB7386000 ??C:DOCUME~1HP_ADM~1LOCALS~1Tempaxloiuod.sys</div>

<div>  0xB735B000 SystemRootsystem32driverskmixer.sys</div>

<div>  0x7C900000 WINDOWSsystem32ntdll.dll</div>

<div> </div>

<div>Processes (total 78):</div>

<div>       0 System Idle Process</div>

<div>       4 System</div>

<div>     696 C:WINDOWSsystem32smss.exe</div>

<div>    1124 csrss.exe</div>

<div>    1240 C:WINDOWSsystem32winlogon.exe</div>

<div>    1412 C:WINDOWSsystem32services.exe</div>

<div>    1432 C:WINDOWSsystem32lsass.exe</div>

<div>    1732 C:WINDOWSsystem32ati2evxx.exe</div>

<div>    1792 C:WINDOWSsystem32svchost.exe</div>

<div>    1912 svchost.exe</div>

<div>    1960 C:WINDOWSsystem32svchost.exe</div>

<div>    2024 svchost.exe</div>

<div>     592 svchost.exe</div>

<div>    1008 C:WINDOWSsystem32spoolsv.exe</div>

<div>     464 svchost.exe</div>

<div>    1572 C:WINDOWSsystem32ati2evxx.exe</div>

<div>    1160 C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe</div>

<div>    1256 C:WINDOWSarservice.exe</div>

<div>    1328 C:Program FilesAVGAVG2012avgwdsvc.exe</div>

<div>    1492 C:Program FilesBonjourmDNSResponder.exe</div>

<div>    1992 C:WINDOWSehomeehrecvr.exe</div>

<div>     680 C:WINDOWSehomeehSched.exe</div>

<div>    2176 C:Program FilesJavajre6binjqs.exe</div>

<div>    2316 C:Program FilesKodakAiOCenterekdiscovery.exe</div>

<div>    2396 C:Program FilesCommon FilesLightScribeLSSrvc.exe</div>

<div>    2496 C:PROGRA~1McAfeeSITEAD~1McSACore.exe</div>

<div>    2540 C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE</div>

<div>    2580 C:WINDOWSsystem32spooldriversw32x863HPZIPM12.EXE</div>

<div>    2648 svchost.exe</div>

<div>    2708 C:WINDOWSsystem32svchost.exe</div>

<div>    2752 C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe</div>

<div>    2820 C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe</div>

<div>    2884 mcrdsvc.exe</div>

<div>    3708 C:WINDOWSsystem32rundll32.exe</div>

<div>    3784 alg.exe</div>

<div>    1488 C:WINDOWSehomeehtray.exe</div>

<div>    2228 C:WINDOWSarpwrmsg.exe</div>

<div>    2528 C:Program FilesDISCDISCover.exe</div>

<div>    2444 C:Program FilesDISCDISCUpdateMgr.exe</div>

<div>    1188 C:Program FilesHPHP Software Updatehpwuschd2.exe</div>

<div>    1132 C:WINDOWSehomeehmsas.exe</div>

<div>    3000 C:Program FilesepsonCreativity SuiteEvent ManagerEEventManager.exe</div>

<div>    3204 C:WINDOWSsystem32spooldriversw32x863EKIJ5000MUI.exe</div>

<div>    3148 C:Program FilesCommon FilesArcSoftConnection ServiceBinACDaemon.exe</div>

<div>    3556 C:Program FilesAVGAVG2012avgtray.exe</div>

<div>    1588 C:Program FilesCommon FilesJavaJava Updatejusched.exe</div>

<div>    3688 C:Documents and SettingsAll UsersApplication DataAd-Aware Browsing Protectionadawarebp.exe</div>

<div>    3744 C:Program FilesAVG Secure Searchvprot.exe</div>

<div>    1320 C:Program FilesSuperAntiSpywareSUPERANTISPYWARE.EXE</div>

<div>    4060 C:Program FilesHPDigital Imagingbinhpqtra08.exe</div>

<div>     204 C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe</div>

<div>    1944 C:Program FilesMcAfee Security Scan2.0.181SSScheduler.exe</div>

<div>     980 C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe</div>

<div>    3900 wmiprvse.exe</div>

<div>    4084 C:WINDOWSsystem32dllhost.exe</div>

<div>    2904 C:Program FilesDISCDiscStreamHub.exe</div>

<div>    3944 C:WINDOWSsystem32ctfmon.exe</div>

<div>    3640 C:hpKBDkbd.exe</div>

<div>    3216 C:WINDOWSRTHDCPL.EXE</div>

<div>     672 C:WINDOWSexplorer.exe</div>

<div>    2404 C:Program FilesATI TechnologiesATI Control Panelatiptaxx.exe</div>

<div>    2308 C:WINDOWSsystemhpsysdrv.exe</div>

<div>    1844 C:WINDOWSsystem32wscntfy.exe</div>

<div>    2092 C:Program FilesAVGAVG2012AVGIDSAgent.exe</div>

<div>    3864 C:Program FilesAVGAVG2012avgnsx.exe</div>

<div>    2144 C:PROGRA~1AVGAVG2012avgrsx.exe</div>

<div>    1448 C:Program FilesAVGAVG2012avgcsrvx.exe</div>

<div>     724 C:Program FilesGoogleChromeApplicationchrome.exe</div>

<div>    1900 C:Program FilesGoogleChromeApplicationchrome.exe</div>

<div>     476 C:Program FilesGoogleChromeApplicationchrome.exe</div>

<div>     152 C:Program FilesGoogleChromeApplicationchrome.exe</div>

<div>    2604 C:Program FilesGoogleChromeApplicationchrome.exe</div>

<div>     804 C:Program FilesGoogleChromeApplicationchrome.exe</div>

<div>    2052 C:Program FilesGoogleChromeApplicationchrome.exe</div>

<div>    3276 C:Program FilesGoogleChromeApplicationchrome.exe</div>

<div>    3836 C:Program FilesGoogleChromeApplicationchrome.exe</div>

<div>     564 C:Documents and SettingsHP_AdministratorDesktopgmer.exe</div>

<div>    3732 C:Documents and SettingsHP_AdministratorMy DocumentsDownloadsMBRCheck.exe</div>

<div> </div>

<div>.C: --> .PhysicalDrive0 at offset 0x00000002`f08e7e00  (NTFS)</div>

<div>.D: --> .PhysicalDrive0 at offset 0x00000000`00007e00  (FAT32)</div>

<div> </div>

<div>PhysicalDrive0 Model Number: WDCWD2500JS-60MHB1, Rev: 10.02E02</div>

<div> </div>

<div>      Size  Device Name          MBR Status</div>

<div>  --------------------------------------------</div>

<div>    232 GB  .PhysicalDrive0   Legit MBR code detected</div>

<div>            SHA1: F75A10171F7488C11BA9A98CEC3D186D7A8D3972</div>

<div> </div>

<div> </div>

<div>Done!</div>

Link to comment
Share on other sites

  • Replies 78
  • Created
  • Last Reply

Top Posters In This Topic

<p> </p>

<div>SystemLook 30.07.11 by jpshortstuff</div>

<div>Log created at 13:23 on 08/12/2011 by HP_Administrator</div>

<div>Administrator - Elevation successful</div>

<div> </div>

<div>========== filefind ==========</div>

<div> </div>

<div>Searching for "*3at_tqlr. o. cs"</div>

<div>No files found.</div>

<div> </div>

<div>Searching for "*3at_tqlr.cmdline"</div>

<div>No files found.</div>

<div> </div>

<div>Searching for "*3at_tqlr.err"</div>

<div>No files found.</div>

<div> </div>

<div>-= EOF =-</div>

Link to comment
Share on other sites

Hello darkeyes

 

Hope I got all the scans done right.

You did a great job :)

 

Lets continue:

  • Please un-install J2SE Runtime Environment 5.0 Update 5

  • Click on "Start" then on "Control Panel" and then on "Add or remove programs".
  • Click on "remove a program". A list of currently installed programs will be displayed.
  • Find the "J2SE Runtime Environment 5.0 Update 5" program, click on it once and then click on the "uninstall" button.
  • If you are prompted to re-boot your computer to complete the uninstall please do so.
  • Temporary File Cleaner

    • Download TFC to your desktop.
    • Close any open windows.
    • Double click the TFC icon to run the program.
    • TFC will close all open programs itself in order to run.
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish.
    • Once complete it should automatically reboot your machine.
    • If your machine does not reboot automatically, manually reboot to ensure a complete clean.
    • Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.
  • Please disable Spybot Teatimer

    • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
    • On the left hand side, click "Tools", then click on the "Resident" icon in the list.
    • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active" box.
    • Click the "System Startup" icon in the List.
    • Uncheck the "TeaTimer" box and "OK" any prompts.
    • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
    • Exit Spybot S&D when done.
  • MalwareBytes AntiMalware:

    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.
  • Please run the following scan

    • Note:Internet Explorer is preferred for this scan, although it will run with other browsers.
    • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
    • Please disable your real time security programs before performing the scan.
    • Scan your system with Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use.
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option to "Remove Found Threats" is UN checked.
    • Push the "Start" button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image
    Please post the MBAM log and the ESET log in your next reply.
Link to comment
Share on other sites

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

 

Database version: 8343

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

12/9/2011 11:18:47 AM

mbam-log-2011-12-09 (11-18-47).txt

 

Scan type: Quick scan

Objects scanned: 185536

Time elapsed: 49 minute(s), 39 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Link to comment
Share on other sites

JonTom

 

The ESET Scan finished, it took over 4 hours to scan..........scan ended with results of 0 infected files and 0 cleaned files. I don't see anyway to see the scan to be able

to post the results here for you to see. The scan result window only shows a "finish" button which I have not clicked yet. What do I do now? Thank you.

Link to comment
Share on other sites

Hello darkeyes

 

The ESET Scan finished, it took over 4 hours to scan

Thats about average for an ESET scan. It is very thorough. Thank you for being patient :)

 

No log is produced if no infection is found.

 

Lets hold off on the uninstall for now. Please let me know how the machine is running now and post a new OTL scan log for me to review :)

Link to comment
Share on other sites

JonTom...ok here is my latest scan, keeping my fingers crossed! i did notice when I opened the Chrome Browser my home page was back although it looks a little different, I don't think in a bad way though. Thank you!

 

 

OTL logfile created on: 12/9/2011 11:14:53 PM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsHP_AdministratorMy DocumentsDownloads

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

959.36 Mb Total Physical Memory | 591.68 Mb Available Physical Memory | 61.68% Memory free

2.26 Gb Paging File | 1.53 Gb Available in Paging File | 67.74% Paging File free

Paging file location(s): C:pagefile.sys 1440 2880 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files

Drive C: | 221.12 Gb Total Space | 198.31 Gb Free Space | 89.68% Space Free | Partition Type: NTFS

Drive D: | 11.74 Gb Total Space | 4.79 Gb Free Space | 40.81% Space Free | Partition Type: FAT32

 

Computer Name: MYCOMPUTER | User Name: HP_Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/12/09 23:10:52 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsHP_AdministratorMy DocumentsDownloadsOTL (3).exe

PRC - [2011/12/04 09:29:49 | 000,855,904 | ---- | M] () -- C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe

PRC - [2011/12/04 09:29:44 | 000,827,232 | ---- | M] () -- C:Program FilesAVG Secure Searchvprot.exe

PRC - [2011/10/24 19:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgtray.exe

PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:Documents and SettingsAll UsersApplication DataAd-Aware Browsing Protectionadawarebp.exe

PRC - [2011/10/18 05:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgnsx.exe

PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012AVGIDSAgent.exe

PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgrsx.exe

PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgcsrvx.exe

PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:Program FilesMcAfeeSiteAdvisorMcSACore.exe

PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgwdsvc.exe

PRC - [2011/01/21 11:16:19 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:Program FilesSuperAntiSpywareSUPERANTISPYWARE.EXE

PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACDaemon.exe

PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe

PRC - [2010/02/05 00:15:33 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe

PRC - [2010/01/27 09:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe

PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:Program FilesMcAfee Security Scan2.0.181SSScheduler.exe

PRC - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:Program FilesKodakAiOCenterekdiscovery.exe

PRC - [2009/08/03 09:33:06 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:WINDOWSsystem32spooldriversw32x863EKIJ5000MUI.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe

PRC - [2005/09/26 19:43:29 | 001,060,864 | ---- | M] (Digital Interactive Systems Corporation) -- C:Program FilesDISCDISCover.exe

PRC - [2005/09/26 19:42:32 | 000,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:Program FilesDISCDiscGui.exe

PRC - [2005/09/26 19:42:26 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:Program FilesDISCDISCUpdateMgr.exe

PRC - [2005/09/26 19:42:26 | 000,045,056 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:Program FilesDISCDiscStreamHub.exe

PRC - [2005/08/02 19:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:WINDOWSarpwrmsg.exe

PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:WINDOWSarservice.exe

PRC - [2005/04/08 14:09:42 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:Program FilesepsonCreativity SuiteEvent ManagerEEventManager.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011/12/09 10:01:14 | 000,052,736 | ---- | M] () -- C:Documents and SettingsHP_AdministratorApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSSD10007.dll

MOD - [2011/12/04 09:29:49 | 000,855,904 | ---- | M] () -- C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe

MOD - [2011/12/04 09:29:44 | 000,827,232 | ---- | M] () -- C:Program FilesAVG Secure Searchvprot.exe

MOD - [2011/10/19 22:48:54 | 000,063,488 | ---- | M] () -- C:Documents and SettingsHP_AdministratorApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSSD10006.dll

MOD - [2011/10/19 22:48:49 | 000,117,760 | ---- | M] () -- C:Documents and SettingsHP_AdministratorApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSUIREPAIR.DLL

MOD - [2011/10/14 14:09:46 | 000,998,400 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Management90b90e700e59d73d6d692cf74e1ba16eSystem.Management.ni.dll

MOD - [2011/10/14 13:48:52 | 001,801,216 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Deploymentcc5ac99e8af2738e85cda5525fdd944fSystem.Deployment.ni.dll

MOD - [2011/10/14 13:48:11 | 000,971,264 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Configurationbce0720436dc6cb76006377f295ea365System.Configuration.ni.dll

MOD - [2011/10/14 13:28:41 | 005,450,752 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Xml70cacc44f0b4257f6037eda7a59a0aebSystem.Xml.ni.dll

MOD - [2011/10/14 13:27:53 | 012,430,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Windows.Forms71a2ae9ad561a62181cbd9fb11e9de7aSystem.Windows.Forms.ni.dll

MOD - [2011/10/14 13:25:58 | 001,587,200 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Drawingc10bea3c4bb7ef654651141bf9419090System.Drawing.ni.dll

MOD - [2011/10/14 13:19:33 | 007,950,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32Systemaf39f6e644af02873b9bae319f2bfb13System.ni.dll

MOD - [2011/10/14 13:18:58 | 011,490,816 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32mscorlibca87ba84221991839abbe7d4bc9c6721mscorlib.ni.dll

MOD - [2011/10/14 13:03:38 | 003,391,488 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322mscorlib1.0.5000.0__b77a5c561934e089_f2284ea2mscorlib.dll

MOD - [2011/10/14 13:03:33 | 000,835,584 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322system.drawing1.0.5000.0__b03f5f7f11d50a3a_e4f639adsystem.drawing.dll

MOD - [2011/10/14 13:03:24 | 002,088,960 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322system.xml1.0.5000.0__b77a5c561934e089_fc944c99system.xml.dll

MOD - [2011/10/14 13:03:13 | 003,018,752 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322system.windows.forms1.0.5000.0__b77a5c561934e089_b3b16b18system.windows.forms.dll

MOD - [2011/10/14 13:02:51 | 001,966,080 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322system1.0.5000.0__b77a5c561934e089_b7665b43system.dll

MOD - [2011/10/14 13:02:35 | 001,232,896 | ---- | M] () -- c:windowsassemblygacsystem1.0.5000.0__b77a5c561934e089system.dll

MOD - [2011/10/14 13:02:34 | 001,265,664 | ---- | M] () -- c:windowsassemblygacsystem.web1.0.5000.0__b03f5f7f11d50a3asystem.web.dll

MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:WINDOWSsystem32sbe.dll

MOD - [2010/03/03 11:08:41 | 002,236,416 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxCmpV.dll

MOD - [2010/03/03 11:08:41 | 001,396,736 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxCommonV.dll

MOD - [2010/03/03 11:08:41 | 000,868,352 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxBaseV.dll

MOD - [2010/03/03 11:08:41 | 000,847,872 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxXML2V.dll

MOD - [2010/03/03 11:08:41 | 000,782,336 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxImV.dll

MOD - [2010/03/03 11:08:41 | 000,688,128 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVPrintOnline.dll

MOD - [2010/03/03 11:08:41 | 000,528,384 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxProcV.dll

MOD - [2010/03/03 11:08:41 | 000,462,848 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxFFV.dll

MOD - [2010/03/03 11:08:41 | 000,237,568 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSpiffyExt.dll

MOD - [2010/03/03 11:08:41 | 000,155,648 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxZipV.dll

MOD - [2010/03/03 11:08:41 | 000,143,360 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVPrintOnlineHelper40.dll

MOD - [2010/03/03 11:08:40 | 011,503,616 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinESSkin.esx

MOD - [2010/03/03 11:08:40 | 001,564,672 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinareaifdll.dll

MOD - [2010/03/03 11:08:40 | 000,761,856 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinESCliWicMDRW.esx

MOD - [2010/03/03 11:08:40 | 000,684,032 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinESEmail.esx

MOD - [2010/03/03 11:08:40 | 000,471,040 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinESCom.dll

MOD - [2010/03/03 11:08:40 | 000,406,016 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinKFx.dll

MOD - [2010/03/03 11:08:40 | 000,356,352 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinAtlas.dll

MOD - [2010/03/03 11:08:40 | 000,339,968 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVistaAdapter.esx

MOD - [2010/03/03 11:08:40 | 000,315,392 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVistaPrintOnline.esx

MOD - [2010/03/03 11:08:40 | 000,264,192 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinAppCore.dll

MOD - [2010/03/03 11:08:40 | 000,233,984 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVistaControls.esx

MOD - [2010/03/03 11:08:40 | 000,171,520 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinPcd.esx

MOD - [2010/03/03 11:08:40 | 000,152,576 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinIStorageMediaStore.esx

MOD - [2010/03/03 11:08:40 | 000,129,536 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinkpries40.dll

MOD - [2010/03/03 11:08:40 | 000,098,304 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVistaCDBackup.esx

MOD - [2010/03/03 11:08:40 | 000,090,112 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinLocAcqMod.dll

MOD - [2010/03/03 11:08:40 | 000,084,480 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinUpdateChecker.esx

MOD - [2010/03/03 11:08:40 | 000,084,480 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinkeml40.dll

MOD - [2010/03/03 11:08:40 | 000,078,848 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinDXRawFormatHandler.esx

MOD - [2010/03/03 11:08:40 | 000,062,464 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinDibLibIP.dll

MOD - [2010/03/03 11:08:40 | 000,052,224 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinKPCDInterface.dll

MOD - [2010/03/03 11:08:40 | 000,044,544 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinLocCamBack.dll

MOD - [2010/03/03 11:08:40 | 000,010,240 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinLocUpdateCheck.dll

MOD - [2010/02/09 17:35:19 | 000,052,224 | ---- | M] () -- C:Documents and SettingsHP_AdministratorApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSSD10005.dll

MOD - [2010/02/07 12:57:39 | 000,122,880 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILInkjet.Localization4.2.7.7__5cc7ad8abd921325Inkjet.Localization.dll

MOD - [2010/02/07 12:57:39 | 000,036,864 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILInkjet.ShellExtension4.2.7.7__5cc7ad8abd921325Inkjet.ShellExtension.dll

MOD - [2010/02/07 12:57:38 | 000,053,248 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILInkjet.Diagnostics4.2.7.7__5cc7ad8abd921325Inkjet.Diagnostics.dll

MOD - [2010/02/07 12:57:38 | 000,012,288 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILInkjet.Automation4.2.7.7__5cc7ad8abd921325Inkjet.Automation.dll

MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:WINDOWSsystem32quartz.dll

MOD - [2010/02/05 00:15:30 | 000,098,339 | ---- | M] () -- C:Program FilesUpdates from HP99723226.3.2.116-9972322ProgramFrExt.dll

MOD - [2010/02/05 00:15:29 | 000,151,589 | ---- | M] () -- C:Program FilesUpdates from HP99723226.3.2.116-9972322Programbwfiles.dll

MOD - [2010/02/05 00:15:28 | 000,061,496 | ---- | M] () -- C:Program FilesUpdates from HP99723226.3.2.116-9972322Programclntutil.dll

MOD - [2010/02/05 00:15:27 | 000,126,976 | ---- | M] () -- C:Program FilesUpdates from HP9972322ProgramHPClientExt.dll

MOD - [2010/02/04 23:24:29 | 001,339,392 | ---- | M] () -- c:windowsassemblygacsystem.xml1.0.5000.0__b77a5c561934e089system.xml.dll

MOD - [2010/02/04 23:24:28 | 002,052,096 | ---- | M] () -- c:windowsassemblygacsystem.windows.forms1.0.5000.0__b77a5c561934e089system.windows.forms.dll

MOD - [2010/02/04 23:24:28 | 000,466,944 | ---- | M] () -- c:windowsassemblygacsystem.drawing1.0.5000.0__b03f5f7f11d50a3asystem.drawing.dll

MOD - [2010/02/04 23:24:26 | 000,573,440 | ---- | M] () -- c:windowsassemblygacsystem.web.services1.0.5000.0__b03f5f7f11d50a3asystem.web.services.dll

MOD - [2009/06/29 15:14:36 | 000,012,288 | ---- | M] () -- C:Program FilesKodakAiOCenterLogger.dll

MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:WINDOWSsystem32msdmo.dll

MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:WINDOWSsystem32devenum.dll

MOD - [2005/08/02 19:19:16 | 000,050,176 | ---- | M] () -- C:WINDOWSarmcex.dll

MOD - [2005/03/15 18:17:28 | 000,204,800 | ---- | M] () -- c:Program FilesHPDigital ImagingbinHpqUtil.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - [2011/12/04 09:29:49 | 000,855,904 | ---- | M] () [Auto | Running] -- C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe -- (vToolbarUpdater)

SRV - [2011/10/28 16:52:02 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:Program FilesLavasoftAd-AwareAAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:Program FilesAVGAVG2012AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/09/01 08:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesAVGAVG10ToolbarToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:Program FilesMcAfeeSiteAdvisorMcSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:Program FilesAVGAVG2012avgwdsvc.exe -- (avgwd)

SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe -- (ACDaemon)

SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:Program FilesMcAfee Security Scan2.0.181McCHSvc.exe -- (McComponentHostService)

SRV - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:Program FilesKodakAiOCenterekdiscovery.exe -- (Kodak AiO Network Discovery Service)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe -- (YahooAUService)

SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:WINDOWSarservice.exe -- (ARSVC)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2011/10/28 16:52:04 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:WINDOWSsystem32DRIVERSLbd.sys -- (Lbd)

DRV - [2011/10/28 16:52:02 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:Program FilesLavasoftAd-Awarekernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:WINDOWSsystem32driversavgldx86.sys -- (Avgldx86)

DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:WINDOWSsystem32DRIVERSavgrkx86.sys -- (Avgrkx86)

DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:WINDOWSsystem32driversavgmfx86.sys -- (Avgmfx86)

DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:WINDOWSsystem32driversavgtdix.sys -- (Avgtdix)

DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:WINDOWSsystem32DRIVERSAVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2010/05/25 17:08:39 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSuperAntiSpywareSASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/20 11:21:17 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSuperAntiSpywareSASDIFSV.SYS -- (SASDIFSV)

DRV - [2010/02/20 11:21:17 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:Program FilesSuperAntiSpywareSASENUM.SYS -- (SASENUM)

DRV - [2005/10/18 15:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2005/09/23 15:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAGRSM.sys -- (AgereSoftModem)

DRV - [2005/08/14 00:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversati2mtag.sys -- (ati2mtag)

DRV - [2005/07/04 02:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversPS2.sys -- (Ps2)

DRV - [2005/06/30 03:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:WINDOWSsystem32DRIVERSftsata2.sys -- (ftsata2)

DRV - [2005/03/04 13:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtlnicxp.sys -- (RTL8023xp)

DRV - [2004/08/04 08:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverssisnic.sys -- (SISNIC)

DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversRTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2003/11/05 17:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:WINDOWSsystem32DRIVERSbb-run.sys -- (bb-run)

DRV - [1997/07/08 00:54:00 | 000,199,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversONSIO.SYS -- (ONSIO)

DRV - [1997/06/27 18:01:44 | 000,044,032 | ---- | M] (OnSpec Electronic, Inc.) [Kernel | Boot | Stopped] -- C:WINDOWSSystem32driversSMPLSCSI.SYS -- (SMPLSCSI)

DRV - [1995/07/10 02:30:00 | 000,014,592 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:WINDOWSSystem32driversASPI32.SYS -- (ASPI32)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/

IE - HKCU..URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)

FF - HKLMSoftwareMozillaPlugins@mcafee.com/SAFFPlugin: C:Program FilesMcAfeeSiteAdvisornpmcffplg32.dll (McAfee, Inc.)

FF - HKLMSoftwareMozillaPlugins@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:Program FilesYahoo!SharednpYState.dll (Yahoo! Inc.)

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=12.0.1.669: c:program filesrealrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=12.0.1.669: c:program filesrealrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprphtml5videoshim;version=12.0.1.669: C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=12.0.1.669: c:program filesrealrealplayerNetscape6nprpjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKCUSoftwareMozillaPlugins@yahoo.com/BrowserPlus,version=2.9.8: C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataYahoo!BrowserPlus2.9.8Pluginsnpybrowserplus_2.9.8.dll (Yahoo! Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program FilesAVGAVG2012Firefox4 [2011/11/22 08:18:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginFirefoxExt [2011/10/14 09:14:20 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:Program FilesMcAfeeSiteAdvisor [2011/11/12 12:48:28 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsavg@toolbar: C:Documents and SettingsAll UsersApplication DataAVG Secure Search9.0.0.18 [2011/12/04 09:30:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaNetscape Browser 8.0.3.4ExtensionsComponents: C:Program FilesNetscapeNetscape BrowserComponents [2011/10/01 10:26:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaNetscape Browser 8.0.3.4ExtensionsPlugins: C:Program FilesNetscapeNetscape BrowserPlugins [2011/10/01 10:26:03 | 000,000,000 | ---D | M]

 

 

========== Chrome ==========

 

CHR - default_search_provider: Yahoo! Search (Enabled)

CHR - default_search_provider: search_url = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

CHR - default_search_provider: suggest_url =

CHR - plugin: Shockwave Flash (Enabled) = C:Program FilesGoogleChromeApplication15.0.874.121gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:Program FilesJavajre6binnew_pluginnpdeployJava1.dll

CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:Program FilesJavajre6binnew_pluginnpjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:Program FilesMicrosoft Silverlight4.0.60531.0npctrl.dll

CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:program filesrealrealplayerNetscape6nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = c:program filesrealrealplayerNetscape6nprpjplug.dll

CHR - plugin: Microsoftu00AE Windows Media Player Firefox Plugin (Enabled) = C:PFilesPluginsnp-mswmp.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:Program FilesGoogleChromeApplication15.0.874.121ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program FilesGoogleChromeApplication15.0.874.121pdf.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfheoggkfdfchfphceeifdbepaooicaho3.40.135.1_0McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:Program FilesMcAfeeSiteAdvisornpmcffplg32.dll

CHR - plugin: AVG Internet Security (Enabled) = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla10.0.0.1409_0plugins/avgnpss.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataYahoo!BrowserPlus2.9.8Pluginsnpybrowserplus_2.9.8.dll

CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.69npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = c:program filesrealrealplayerNetscape6nprjplug.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Entanglement = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsaciahcmjmecflokailenpkdchphgkefd2.7.7_0

CHR - Extension: SiteAdvisor = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfheoggkfdfchfphceeifdbepaooicaho3.40.135.1_0

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_0

CHR - Extension: AVG Safe Search = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla12.0.0.1857_0

CHR - Extension: Poppit = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsmcbkbpnkkkipelfledbfocopglifcfmi2.2_0

 

O1 HOSTS File: ([2011/12/07 19:40:25 | 000,000,027 | ---- | M]) - C:WINDOWSsystem32driversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG2012avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:Program FilesadawaretbadawareDx.dll ()

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program FilesAVG Secure Search9.0.0.18AVG Secure Search_toolbar.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O3 - HKLM..Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O3 - HKLM..Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O3 - HKLM..Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:Program FilesadawaretbadawareDx.dll ()

O3 - HKLM..Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program FilesAVG Secure Search9.0.0.18AVG Secure Search_toolbar.dll ()

O3 - HKCU..ToolbarShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O3 - HKCU..ToolbarWebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O4 - HKLM..Run: [Ad-Aware Browsing Protection] C:Documents and SettingsAll UsersApplication DataAd-Aware Browsing Protectionadawarebp.exe (Lavasoft)

O4 - HKLM..Run: [AlwaysReady Power Message APP] C:WINDOWSarpwrmsg.exe (Microsoft)

O4 - HKLM..Run: [ArcSoft Connection Service] C:Program FilesCommon FilesArcSoftConnection ServiceBinACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..Run: [AVG_TRAY] C:Program FilesAVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..Run: [DISCover] C:Program FilesDISCDISCover.exe (Digital Interactive Systems Corporation)

O4 - HKLM..Run: [DiscUpdateManager] C:Program FilesDISCDISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)

O4 - HKLM..Run: [EEventManager] C:Program FilesepsonCreativity SuiteEvent ManagerEEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..Run: [EKIJ5000StatusMonitor] C:WINDOWSsystem32spooldriversw32x863EKIJ5000MUI.exe (Eastman Kodak Company)

O4 - HKLM..Run: [HPBootOp] C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe (Hewlett-Packard Company)

O4 - HKLM..Run: [HPHUPD08] c:Program FilesHPDigital Imaging{33D6CC28-9F75-4d1b-A11D-98895B3A3729}hphupd08.exe (Hewlett-Packard)

O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre6binjusched.exe File not found

O4 - HKLM..Run: [vProt] C:Program FilesAVG Secure Searchvprot.exe ()

O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSuperAntiSpywareSUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupKodak EasyShare software.lnk = C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupMcAfee Security Scan Plus.lnk = C:Program FilesMcAfee Security Scan2.0.181SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupUpdates from HP.lnk = C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe (Hewlett-Packard)

O6 - HKLMSoftwarePoliciesMicrosoftInternet Explorercontrol panel present

O6 - HKLMSoftwarePoliciesMicrosoftInternet Explorerrestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoCDBurning = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: InstallVisualStyle = C:WINDOWSResourcesThemesRoyaleRoyale.msstyles (Microsoft)

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: InstallTheme = C:WINDOWSResourcesThemesRoyale.theme ()

O7 - HKCUSoftwarePoliciesMicrosoftInternet Explorercontrol panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O8 - Extra context menu item: &Google Search - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: &Translate English Word - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Backward Links - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Cached Snapshot of Page - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Similar Pages - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O8 - Extra context menu item: Translate Page into English - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre6binnpjpi160_29.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:Program FilesBonjourExplorerPlugin.dll (Apple Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSpchealthhelpctrVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm ()

O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSpchealthhelpctrVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm ()

O10 - NameSpace_Catalog5Catalog_Entries000000000004 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O15 - HKLM..Trusted Domains: trymedia.com ([]http in Trusted sites)

O15 - HKLM..Trusted Domains: trymedia.com ([]https in Trusted sites)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265758861390 (MUWebControl Class)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 68.87.71.230 68.87.73.246

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{10C638EA-26D8-4B3F-B541-D0F8EEDBE59F}: DhcpNameServer = 68.87.71.230 68.87.73.246

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{D1981F4D-17A3-4E2A-9253-27159CB8DDC0}: DhcpNameServer = 192.168.0.1

O18 - ProtocolHandlerdssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG2012avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - ProtocolHandlersacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)

O18 - ProtocolHandlerviprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program FilesCommon FilesAVG Secure SearchViProtocolInstaller9.0.1ViProtocol.dll ()

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WINDOWSexplorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) -C:WINDOWSsystem32userinit.exe (Microsoft Corporation)

O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program FilesSuperAntiSpywareSASWINLO.dll) - C:Program FilesSuperAntiSpywareSASWINLO.dll (SUPERAntiSpyware.com)

O20 - WinlogonNotifyAtiExtEvent: DllName - (Ati2evxx.dll) - C:WINDOWSSystem32ati2evxx.dll (ATI Technologies Inc.)

O20 - WinlogonNotifyTPSvc: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found

O24 - Desktop WallPaper: C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O24 - Desktop BackupWallPaper: C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataMicrosoftWallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program FilesSuperAntiSpywareSASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/02/06 13:05:52 | 000,000,125 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:AUTOEXEC.BAT -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:PROGRA~1AVGAVG2012avgrsx.exe /sync /restart)

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKCU...exe [@ = exefile] -- Reg Error: Key error. File not found

 

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/12/09 12:13:26 | 000,000,000 | ---D | C] -- C:Program FilesESET

[2011/12/09 09:26:54 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32javacpl.cpl

[2011/12/09 09:26:53 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32javaws.exe

[2011/12/09 09:26:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32javaw.exe

[2011/12/09 09:26:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32java.exe

[2011/12/08 09:30:32 | 000,000,000 | -HSD | C] -- C:RECYCLER

[2011/12/07 18:40:37 | 000,000,000 | RHSD | C] -- C:cmdcons

[2011/12/07 18:35:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:WINDOWSSWREG.exe

[2011/12/07 18:35:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:WINDOWSSWSC.exe

[2011/12/07 18:35:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:WINDOWSSWXCACLS.exe

[2011/12/07 18:35:27 | 000,060,416 | ---- | C] (NirSoft) -- C:WINDOWSNIRCMD.exe

[2011/12/07 18:31:36 | 000,000,000 | ---D | C] -- C:WINDOWSERDNT

[2011/12/07 18:31:04 | 000,000,000 | ---D | C] -- C:Qoobox

[2011/12/07 18:30:32 | 000,000,000 | R--D | C] -- C:Documents and SettingsHP_AdministratorStart MenuProgramsAdministrative Tools

[2011/12/07 18:28:37 | 004,331,784 | R--- | C] (Swearware) -- C:Documents and SettingsHP_AdministratorDesktopComboFix.exe

[2011/12/05 19:09:04 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorDesktopOTL.exe

[2011/12/04 16:56:08 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorApplication DataAVG Secure Search

[2011/12/04 09:29:53 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataAVG Secure Search

[2011/12/03 21:17:02 | 000,000,000 | ---D | C] -- C:N360_BACKUP

[2011/12/03 16:46:18 | 000,000,000 | ---D | C] -- C:Program FilesWindows Sidebar

[2011/12/03 16:45:36 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataNortonInstaller

[2011/12/03 16:45:34 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorMy DocumentsSymantec

[2011/12/03 16:40:33 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersDocumentsNorton

[2011/12/03 16:40:28 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataNorton

[2011/12/03 16:24:12 | 000,000,000 | ---D | C] -- C:Documents and SettingsLocalServiceLocal SettingsApplication DataID Vault

[2011/12/03 16:24:05 | 000,000,000 | ---D | C] -- C:Documents and SettingsLocalServiceApplication DataID Vault

[2011/12/03 16:11:20 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataIsolatedStorage

[2011/12/03 16:09:46 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataID Vault

[2011/12/03 16:08:17 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorApplication DataID Vault

[2011/12/03 16:05:34 | 000,000,000 | ---D | C] -- C:Program FilesConstant Guard Protection Suite

[2011/12/03 16:03:05 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataWhite Sky, Inc

[2011/11/25 13:28:38 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorApplication DataHewlett-Packard

[2011/11/24 12:33:42 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:Documents and SettingsHP_AdministratorDesktopTDSSKiller.exe

[2011/11/15 14:43:41 | 000,000,000 | ---D | C] -- C:WINDOWSMinidump

 

========== Files - Modified Within 30 Days ==========

 

[2011/12/09 23:21:21 | 000,000,444 | -H-- | M] () -- C:WINDOWStasksUser_Feed_Synchronization-{14113E78-B761-4450-824B-C213608E3C5F}.job

[2011/12/09 23:11:02 | 000,000,906 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineUA.job

[2011/12/09 13:11:08 | 000,000,902 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineCore.job

[2011/12/09 11:35:47 | 000,000,486 | ---- | M] () -- C:WINDOWStasksAd-Aware Update (Weekly).job

[2011/12/09 10:37:37 | 000,000,186 | ---- | M] () -- C:WINDOWSSystemhpsysdrv.DAT

[2011/12/09 10:22:00 | 111,718,544 | ---- | M] () -- C:WINDOWSSystem32driversAVGincavi.avm

[2011/12/09 09:46:34 | 000,000,300 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2169891929-1308194038-3238692466-1008.job

[2011/12/09 09:44:46 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat

[2011/12/09 09:44:03 | 1006,030,848 | -HS- | M] () -- C:hiberfil.sys

[2011/12/08 18:38:32 | 000,282,032 | ---- | M] () -- C:WINDOWSSystem32driversAVGiavichjg.avm

[2011/12/08 07:21:05 | 000,000,284 | ---- | M] () -- C:WINDOWStasksAppleSoftwareUpdate.job

[2011/12/07 19:40:25 | 000,000,027 | ---- | M] () -- C:WINDOWSSystem32driversetchosts

[2011/12/07 18:40:59 | 000,000,325 | RHS- | M] () -- C:boot.ini

[2011/12/07 18:32:23 | 004,331,784 | R--- | M] (Swearware) -- C:Documents and SettingsHP_AdministratorDesktopComboFix.exe

[2011/12/07 10:27:26 | 000,000,308 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2169891929-1308194038-3238692466-1008.job

[2011/12/06 23:54:37 | 000,001,715 | ---- | M] () -- C:Documents and SettingsHP_AdministratorDesktopaswMBR.dat

[2011/12/06 18:23:10 | 000,000,064 | ---- | M] () -- C:WINDOWSSystem32rp_stats.dat

[2011/12/06 18:23:10 | 000,000,044 | ---- | M] () -- C:WINDOWSSystem32rp_rules.dat

[2011/12/06 16:34:03 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:Documents and SettingsHP_AdministratorDesktopTDSSKiller.exe

[2011/12/06 16:24:32 | 000,002,877 | ---- | M] () -- C:Documents and SettingsHP_AdministratorMy Documentskaitlins chocolate war essay KEEP PLEASE.rtf

[2011/12/05 20:35:29 | 000,302,592 | ---- | M] () -- C:Documents and SettingsHP_AdministratorDesktopgmer.exe

[2011/12/05 09:05:56 | 000,001,190 | ---- | M] () -- C:Documents and SettingsHP_AdministratorDesktopall

[2011/12/03 15:40:37 | 000,000,856 | ---- | M] () -- C:WINDOWSSystem32driverskgpcpy.cfg

[2011/12/03 14:06:01 | 000,000,943 | ---- | M] () -- C:WINDOWSWININIT.INI

[2011/12/02 11:23:13 | 000,000,494 | ---- | M] () -- C:Program FilesShortcut to STOPzilla!.lnk

[2011/11/25 13:41:42 | 000,004,608 | ---- | M] () -- C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/22 08:18:08 | 000,000,713 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopAVG 2012.lnk

[2011/11/20 15:47:31 | 000,000,851 | ---- | M] () -- C:WINDOWSUlead32.ini

[2011/11/18 19:13:43 | 000,001,824 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopGoogle Chrome.lnk

[2011/11/15 13:35:27 | 000,000,795 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopMalwarebytes' Anti-Malware.lnk

 

========== Files Created - No Company Name ==========

 

[2011/12/07 18:35:27 | 000,256,000 | ---- | C] () -- C:WINDOWSPEV.exe

[2011/12/07 18:35:27 | 000,208,896 | ---- | C] () -- C:WINDOWSMBR.exe

[2011/12/07 18:35:27 | 000,098,816 | ---- | C] () -- C:WINDOWSsed.exe

[2011/12/07 18:35:27 | 000,080,412 | ---- | C] () -- C:WINDOWSgrep.exe

[2011/12/07 18:35:27 | 000,068,096 | ---- | C] () -- C:WINDOWSzip.exe

[2011/12/06 23:54:37 | 000,001,715 | ---- | C] () -- C:Documents and SettingsHP_AdministratorDesktopaswMBR.dat

[2011/12/06 16:24:32 | 000,002,877 | ---- | C] () -- C:Documents and SettingsHP_AdministratorMy Documentskaitlins chocolate war essay KEEP PLEASE.rtf

[2011/12/05 09:05:56 | 000,001,190 | ---- | C] () -- C:Documents and SettingsHP_AdministratorDesktopall

[2011/12/04 15:40:50 | 1006,030,848 | -HS- | C] () -- C:hiberfil.sys

[2011/12/03 16:16:51 | 000,275,896 | ---- | C] () -- C:Documents and SettingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat

[2011/12/03 14:17:31 | 000,000,856 | ---- | C] () -- C:WINDOWSSystem32driverskgpcpy.cfg

[2011/12/02 11:23:13 | 000,000,494 | ---- | C] () -- C:Program FilesShortcut to STOPzilla!.lnk

[2011/04/28 22:41:52 | 000,000,064 | ---- | C] () -- C:WINDOWSSystem32rp_stats.dat

[2011/04/28 22:41:52 | 000,000,044 | ---- | C] () -- C:WINDOWSSystem32rp_rules.dat

[2010/07/22 16:20:03 | 000,000,029 | ---- | C] () -- C:WINDOWSDEBUGSM.INI

[2010/02/16 17:13:50 | 000,000,686 | ---- | C] () -- C:Documents and SettingsHP_AdministratorApplication Datawklnhst.dat

[2010/02/06 14:07:57 | 000,049,152 | ---- | C] () -- C:WINDOWSStiRegstEng.dll

[2010/02/06 13:36:35 | 000,073,220 | ---- | C] () -- C:WINDOWSSystem32EPPICPrinterDB.dat

[2010/02/06 13:36:35 | 000,001,137 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_ES.dat

[2010/02/06 13:36:35 | 000,001,130 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_FR.dat

[2010/02/06 13:36:35 | 000,001,130 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_CF.dat

[2010/02/06 13:36:35 | 000,001,104 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_EN.dat

[2010/02/06 13:36:35 | 000,000,097 | ---- | C] () -- C:WINDOWSSystem32PICSDK.ini

[2010/02/06 13:36:34 | 000,031,053 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern131.dat

[2010/02/06 13:36:34 | 000,029,114 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern1.dat

[2010/02/06 13:36:34 | 000,027,417 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern121.dat

[2010/02/06 13:36:34 | 000,021,021 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern3.dat

[2010/02/06 13:36:34 | 000,015,670 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern5.dat

[2010/02/06 13:36:34 | 000,013,280 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern2.dat

[2010/02/06 13:36:34 | 000,010,673 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern4.dat

[2010/02/06 13:36:34 | 000,004,943 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern6.dat

[2010/02/06 13:36:34 | 000,001,140 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_PT.dat

[2010/02/06 13:36:34 | 000,001,140 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_BP.dat

[2010/02/06 13:33:36 | 000,065,793 | ---- | C] () -- C:WINDOWSSystem32esfw54.bin

[2010/02/06 13:33:10 | 000,000,044 | ---- | C] () -- C:WINDOWSPERF4490.ini

[2010/02/06 13:06:08 | 000,001,877 | ---- | C] () -- C:WINDOWSPRESTO!.INI

[2010/02/06 13:06:00 | 000,001,241 | ---- | C] () -- C:WINDOWSIMGFOLIO.INI

[2010/02/06 13:04:22 | 000,009,584 | ---- | C] () -- C:WINDOWSWINSIZE2.DLL

[2010/02/06 13:04:21 | 000,000,192 | ---- | C] () -- C:WINDOWSUMXADDIN.INI

[2010/02/06 13:03:44 | 000,000,137 | ---- | C] () -- C:WINDOWSSWISNIFE.INI

[2010/02/06 13:03:39 | 000,007,680 | ---- | C] () -- C:WINDOWSSystem32driversONSREGED.SYS

[2010/02/06 13:03:38 | 000,199,776 | ---- | C] () -- C:WINDOWSSystem32driversONSIO.SYS

[2010/02/06 13:03:38 | 000,013,312 | ---- | C] () -- C:WINDOWSSystem32DEVLOAD.EXE

[2010/02/06 13:01:30 | 000,000,120 | ---- | C] () -- C:WINDOWSACROREAD.INI

[2010/02/06 13:01:30 | 000,000,027 | ---- | C] () -- C:WINDOWSACROGRAF.INI

[2010/02/06 12:49:27 | 000,000,851 | ---- | C] () -- C:WINDOWSUlead32.ini

[2010/02/06 12:42:30 | 000,005,632 | ---- | C] () -- C:WINDOWSSystem32CNMVS4b.DLL

[2010/02/05 23:33:24 | 000,000,214 | ---- | C] () -- C:WINDOWSHP_InstantSHareJPG.ini

[2010/02/05 23:31:52 | 000,000,227 | ---- | C] () -- C:WINDOWSHP_CounterReport_Update_HPSU.ini

[2010/02/05 23:31:33 | 000,000,214 | ---- | C] () -- C:WINDOWSHP_48BitScanUpdatePatch.ini

[2010/02/05 23:25:39 | 000,000,221 | ---- | C] () -- C:WINDOWSHP_RedboxHprblog_HPSU.ini

[2010/02/05 21:47:30 | 000,004,608 | ---- | C] () -- C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/02/05 00:38:39 | 000,000,061 | ---- | C] () -- C:WINDOWSsmscfg.ini

[2010/02/05 00:18:21 | 000,022,396 | ---- | C] () -- C:WINDOWSSystem32driversUSBkey.sys

[2010/02/05 00:14:41 | 000,014,316 | ---- | C] () -- C:WINDOWSSystem32CHODDI.SYS

[2010/02/05 00:14:35 | 000,045,056 | ---- | C] () -- C:WINDOWSSystem32hpreg.dll

[2010/02/05 00:11:58 | 000,000,054 | ---- | C] () -- C:WINDOWSQuicken.ini

[2010/02/05 00:08:20 | 000,000,376 | ---- | C] () -- C:WINDOWSODBC.INI

[2010/02/05 00:03:34 | 000,204,800 | ---- | C] () -- C:WINDOWSSystem32IVIresizeW7.dll

[2010/02/05 00:03:34 | 000,200,704 | ---- | C] () -- C:WINDOWSSystem32IVIresizeA6.dll

[2010/02/05 00:03:34 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeP6.dll

[2010/02/05 00:03:34 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeM6.dll

[2010/02/05 00:03:34 | 000,188,416 | ---- | C] () -- C:WINDOWSSystem32IVIresizePX.dll

[2010/02/05 00:03:34 | 000,020,480 | ---- | C] () -- C:WINDOWSSystem32IVIresize.dll

[2010/02/04 23:57:52 | 000,000,943 | ---- | C] () -- C:WINDOWSWININIT.INI

[2010/02/04 23:56:55 | 000,045,929 | ---- | C] () -- C:WINDOWSNSSetDefaultBrowser.EXE

[2010/02/04 23:56:55 | 000,000,698 | ---- | C] () -- C:WINDOWSNSSetDefaultBrowser.ini

[2010/02/04 23:51:24 | 000,080,417 | ---- | C] () -- C:WINDOWSHPHins08.dat

[2010/02/04 23:51:24 | 000,004,011 | ---- | C] () -- C:WINDOWShphmdl08.dat

[2010/02/04 23:50:21 | 000,072,881 | ---- | C] () -- C:WINDOWShpiins01.dat

[2010/02/04 23:50:21 | 000,000,000 | ---- | C] () -- C:WINDOWShpimdl01.dat

[2010/02/04 23:48:50 | 000,112,873 | ---- | C] () -- C:WINDOWShpoins07.dat

[2010/02/04 23:48:50 | 000,021,124 | ---- | C] () -- C:WINDOWShpomdl07.dat

[2010/02/04 23:45:24 | 000,088,403 | ---- | C] () -- C:WINDOWShpoins06.dat

[2010/02/04 23:45:24 | 000,005,389 | ---- | C] () -- C:WINDOWShpomdl06.dat

[2010/02/04 23:44:22 | 000,001,793 | ---- | C] () -- C:WINDOWSSystem32fxsperf.ini

[2010/02/04 23:40:20 | 000,104,361 | ---- | C] () -- C:WINDOWSSystem32atiicdxx.dat

[2010/02/04 23:28:53 | 000,000,791 | ---- | C] () -- C:WINDOWSorun32.ini

[2010/02/04 22:44:59 | 000,000,139 | ---- | C] () -- C:Documents and SettingsHP_AdministratorLocal SettingsApplication Datafusioncache.dat

[2010/02/04 18:59:33 | 000,272,128 | ---- | C] () -- C:WINDOWSSystem32perfi009.dat

[2010/02/04 18:59:33 | 000,028,626 | ---- | C] () -- C:WINDOWSSystem32perfd009.dat

[2010/02/04 18:59:24 | 000,004,490 | ---- | C] () -- C:WINDOWSSystem32oembios.dat

[2010/02/04 18:59:12 | 013,107,200 | ---- | C] () -- C:WINDOWSSystem32oembios.bin

[2010/02/04 18:58:56 | 000,000,741 | ---- | C] () -- C:WINDOWSSystem32noise.dat

[2010/02/04 18:57:56 | 000,673,088 | ---- | C] () -- C:WINDOWSSystem32mlang.dat

[2010/02/04 18:57:54 | 000,046,258 | ---- | C] () -- C:WINDOWSSystem32mib.bin

[2010/02/04 18:56:33 | 000,218,003 | ---- | C] () -- C:WINDOWSSystem32dssec.dat

[2010/02/04 18:55:24 | 000,001,804 | ---- | C] () -- C:WINDOWSSystem32dcache.bin

[2005/11/13 03:48:23 | 000,323,584 | ---- | C] () -- C:WINDOWSSystem32pythoncom22.dll

[2005/11/13 03:48:23 | 000,094,208 | ---- | C] () -- C:WINDOWSSystem32pywintypes22.dll

[2005/11/13 03:47:43 | 000,016,896 | ---- | C] () -- C:WINDOWSSystem32bcbmm.dll

[2005/10/05 15:50:52 | 000,000,000 | ---- | C] () -- C:WINDOWSSystem32px.ini

[2005/08/31 07:17:40 | 000,002,048 | --S- | C] () -- C:WINDOWSbootstat.dat

[2005/08/31 07:07:46 | 000,443,232 | ---- | C] () -- C:WINDOWSSystem32perfh009.dat

[2005/08/31 07:07:46 | 000,072,372 | ---- | C] () -- C:WINDOWSSystem32perfc009.dat

[2005/08/31 07:05:30 | 000,239,944 | ---- | C] () -- C:WINDOWSSystem32FNTCACHE.DAT

[2005/08/31 07:01:42 | 000,004,161 | ---- | C] () -- C:WINDOWSODBCINST.INI

[2005/08/31 06:58:02 | 000,021,640 | ---- | C] () -- C:WINDOWSSystem32emptyregdb.dat

[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:WINDOWSSystem32psisdecd.dll

[2005/08/02 19:19:16 | 000,050,176 | ---- | C] () -- C:WINDOWSarmcex.dll

[2004/08/10 14:00:00 | 000,004,569 | ---- | C] () -- C:WINDOWSSystem32secupd.dat

[2004/07/26 17:51:38 | 000,000,560 | ---- | C] () -- C:WINDOWSSystem32oeminfo.ini

[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:WINDOWSSystem32OUTLPERF.INI

[2001/07/06 18:30:00 | 000,003,399 | ---- | C] () -- C:WINDOWSSystem32hptcpmon.ini

 

========== LOP Check ==========

 

[2011/12/07 19:48:34 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAd-Aware Browsing Protection

[2010/02/05 00:44:13 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAlwil Software

[2011/10/22 09:41:41 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAsk

[2011/12/04 09:30:04 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAVG Secure Search

[2011/05/07 22:29:20 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAVG Security Toolbar

[2011/10/14 09:47:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataAVG2012

[2010/10/18 17:29:45 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Dataavg9

[2010/10/18 17:41:08 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCommon Files

[2010/02/07 12:32:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataEastman Kodak Company

[2011/12/03 16:11:20 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataIsolatedStorage

[2010/02/16 17:03:02 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datakds_kodak

[2011/12/09 10:32:16 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataMFAData

[2011/12/03 16:03:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataWhite Sky, Inc

[2011/10/29 17:19:31 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{E961CE1B-C3EA-4882-9F67-F859B555D097}

[2011/12/09 11:35:47 | 000,000,486 | ---- | M] () -- C:WINDOWSTasksAd-Aware Update (Weekly).job

[2010/04/05 21:16:00 | 000,000,480 | ---- | M] () -- C:WINDOWSTasksEasy Internet Sign-up.job

[2011/12/09 23:21:21 | 000,000,444 | -H-- | M] () -- C:WINDOWSTasksUser_Feed_Synchronization-{14113E78-B761-4450-824B-C213608E3C5F}.job

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%*.* >

[2011/10/26 20:24:21 | 000,124,913 | ---- | M] () -- C:aaw7boot.log

[2010/02/06 13:05:52 | 000,000,125 | ---- | M] () -- C:AUTOEXEC.BAT

[2010/02/04 22:50:37 | 000,000,281 | ---- | M] () -- C:Boot.bak

[2011/12/07 18:40:59 | 000,000,325 | RHS- | M] () -- C:boot.ini

[2004/08/10 00:00:00 | 000,260,272 | RHS- | M] () -- C:cmldr

[2011/12/07 20:19:19 | 000,019,839 | ---- | M] () -- C:ComboFix.txt

[2005/08/31 07:02:02 | 000,000,000 | ---- | M] () -- C:CONFIG.SYS

[2010/02/05 00:13:58 | 000,000,000 | ---- | M] () -- C:FailKeys.log

[2011/12/09 09:44:03 | 1006,030,848 | -HS- | M] () -- C:hiberfil.sys

[2005/08/31 07:02:02 | 000,000,000 | RHS- | M] () -- C:IO.SYS

[2010/06/05 12:00:32 | 000,000,109 | ---- | M] () -- C:mbam-error.txt

[2005/08/31 07:02:02 | 000,000,000 | RHS- | M] () -- C:MSDOS.SYS

[2004/08/10 00:00:00 | 000,047,564 | RHS- | M] () -- C:NTDETECT.COM

[2010/09/28 19:14:26 | 000,250,048 | RHS- | M] () -- C:ntldr

[2011/12/09 09:43:30 | 1509,949,440 | -HS- | M] () -- C:pagefile.sys

[2010/02/05 00:13:58 | 000,000,121 | ---- | M] () -- C:PassKeys.log

[2010/02/24 19:42:17 | 000,005,691 | ---- | M] () -- C:resetlog.text

[2011/12/06 22:24:46 | 000,052,376 | ---- | M] () -- C:TDSSKiller.2.6.21.0_06.12.2011_22.23.40_log.txt

[2011/12/07 10:15:55 | 000,000,348 | ---- | M] () -- C:TDSSKiller.2.6.21.0_07.12.2011_10.15.00_log.txt

[2011/12/07 10:52:37 | 000,051,430 | ---- | M] () -- C:TDSSKiller.2.6.21.0_07.12.2011_10.19.25_log.txt

 

< %systemroot%Fonts*.com >

[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:WINDOWSFontsGlobalMonospace.CompositeFont

[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:WINDOWSFontsGlobalSansSerif.CompositeFont

[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:WINDOWS

Link to comment
Share on other sites

Oh Oh JonTom something is still not ok with my computer! Tried to shut it down normall and it would not shut down so I had to manually shut it down. I then waited about 5 minutes and turned the computer back on and it took over 20 minutes to boot up. What could be causing this to happen? Thank you!

 

 

Adding......it took 10 minutes for Chrome browser to open up and when I brought up the task manager it shows many Chrome.exe running at the same time. I don't know squat about computers, but I don't think there should be that many of one thing running at once. I am posting this from my Notebook. Thank you again!

Edited by darkeyes
Link to comment
Share on other sites

Here it is JonTom, Sorry about that. Thank you!

 

 

 

 

 

 

< %systemroot%Fonts*.com >

[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:WINDOWSFontsGlobalMonospace.CompositeFont

[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:WINDOWSFontsGlobalSansSerif.CompositeFont

[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:WINDOWSFontsGlobalSerif.CompositeFont

[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:WINDOWSFontsGlobalUserInterface.CompositeFont

 

< %systemroot%Fonts*.dll >

[2005/05/12 02:36:48 | 000,012,288 | ---- | M] (Hewlett-Packard Co.) -- C:WINDOWSFontsRandFont.dll

 

< %systemroot%Fonts*.ini >

[2005/08/31 07:01:20 | 000,000,067 | -HS- | M] () -- C:WINDOWSFontsdesktop.ini

 

< %systemroot%Fonts*.ini2 >

 

< %systemroot%Fonts*.exe >

 

< %systemroot%system32spoolprtprocsw32x86*.* >

[2002/06/27 00:00:00 | 000,013,824 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPD4b.DLL

[2002/06/27 00:00:00 | 000,046,080 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPP4b.DLL

[2009/08/03 09:33:06 | 000,192,512 | ---- | M] (Eastman Kodak Company) -- C:WINDOWSsystem32spoolprtprocsw32x86EKIJ5000PPR.dll

[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86filterpipelineprintproc.dll

[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86mdippr.dll

[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86printfilterpipelinesvc.exe

 

< %systemroot%REPAIR*.bak1 >

 

< %systemroot%REPAIR*.ini >

 

< %systemroot%system32*.jpg >

 

< %systemroot%*.jpg >

 

< %systemroot%*.png >

 

< %systemroot%*.scr >

[1997/01/13 13:31:40 | 000,011,264 | ---- | M] (Ulead Systems, Inc.) -- C:WINDOWSUlead iPhoto Plus 4.SCR

 

< %systemroot%*._sy >

 

< %APPDATA%AdobeUpdate*.* >

 

< %ALLUSERSPROFILE%Favorites*.* >

 

< %APPDATA%Microsoft*.* >

 

< %PROGRAMFILES%*.* >

[2011/12/02 11:23:13 | 000,000,494 | ---- | M] () -- C:Program FilesShortcut to STOPzilla!.lnk

 

< %APPDATA%Update*.* >

 

< %systemroot%*. /mp /s >

 

< %systemroot%System32config*.sav >

[2005/08/30 23:51:10 | 000,094,208 | ---- | M] () -- C:WINDOWSSystem32configdefault.sav

[2005/08/30 23:51:10 | 000,659,456 | ---- | M] () -- C:WINDOWSSystem32configsoftware.sav

[2005/08/30 23:51:10 | 000,888,832 | ---- | M] () -- C:WINDOWSSystem32configsystem.sav

 

< %PROGRAMFILES%bak. /s >

 

< %systemroot%system32bak. /s >

 

< %ALLUSERSPROFILE%Start Menu*.lîk /x >

[2010/09/28 19:22:04 | 000,000,272 | -HS- | M] () -- C:Documents and SettingsAll UsersStart Menudesktop.ini

[2010/02/04 23:56:35 | 000,002,604 | ---- | M] () -- C:Documents and SettingsAll UsersStart MenuInstall Rhapsody.lnk

[2010/02/09 18:41:12 | 000,001,577 | ---- | M] () -- C:Documents and SettingsAll UsersStart MenuMicrosoft Update.lnk

[2010/02/04 23:55:35 | 000,001,130 | ---- | M] () -- C:Documents and SettingsAll UsersStart MenuMSN Encarta Standard.lnk

[2010/02/05 00:07:35 | 000,001,992 | ---- | M] () -- C:Documents and SettingsAll UsersStart MenuNew Office Document.lnk

[2010/02/05 00:07:35 | 000,002,002 | ---- | M] () -- C:Documents and SettingsAll UsersStart MenuOpen Office Document.lnk

[2010/09/28 19:22:04 | 000,001,574 | ---- | M] () -- C:Documents and SettingsAll UsersStart MenuSet Program Access and Defaults.lnk

[2010/02/05 00:14:50 | 000,001,702 | ---- | M] () -- C:Documents and SettingsAll UsersStart MenuSnapfish for your photos.lnk

[2005/08/31 07:02:10 | 000,000,398 | ---- | M] () -- C:Documents and SettingsAll UsersStart MenuWindows Catalog.lnk

[2005/08/31 07:02:10 | 000,001,507 | ---- | M] () -- C:Documents and SettingsAll UsersStart MenuWindows Update.lnk

 

< %systemroot%system32configsystemprofile*.dat /x >

 

< %systemroot%*.config >

 

< %systemroot%system32*.db >

 

< %PROGRAMFILES%Internet Explorer*.dat >

 

< %APPDATA%MikzosoftInternet ExplorerQuick Launch*.lnk /x >

 

< %USERPROFILE%Deskuop*.exe >

 

< %PROGRAMFILES%Common Files*.* >

 

< %systemroot%*.src >

 

< %systemroot%install*.* >

 

< %systemroot%system32DLL*.* >

 

< %systemroot%system32HelpFiles*.* >

 

< %systemroot%system32rundll*.* >

 

< %systemroot%winn32*.* >

 

< %systemroot%Java*.* >

 

< %systemroot%system32test*.* >

 

< %systemroot%system32Rundll32*.* >

 

< HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU >

 

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstallLastSuccessTime: 2011-11-11 19:01:29

 

 

< MD5 for: EXPLORER.EX_ >

[2004/08/10 00:00:00 | 000,359,533 | ---- | M] () MD5=4F061B12F3D5457315A0314954E7EF46 -- C:WINDOWSI386EXPLORER.EX_

 

< MD5 for: EXPLORER.EXE >

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:WINDOWSERDNTcacheexplorer.exe

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:WINDOWSexplorer.exe

[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:WINDOWSServicePackFilesi386explorer.exe

[2004/08/10 00:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:WINDOWS$NtServicePackUninstall$explorer.exe

 

< MD5 for: EXPLORER.EXE-02121B1A.PF >

[2011/12/09 09:49:46 | 000,092,994 | ---- | M] () MD5=BDE31FFA5B38C5F68ED7DCF0C2B431A8 -- C:WINDOWSPrefetchEXPLORER.EXE-02121B1A.pf

 

< MD5 for: EXPLORER.HTML >

[2010/02/16 17:18:15 | 000,000,200 | ---- | M] () MD5=48CCC3A526A8768BD59F2FB5703B75CB -- C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataMicrosoft CorporationMicrosoft® Windows® Operating System6.00.2900.2180Explorer.html

[2010/10/29 15:27:45 | 000,000,200 | ---- | M] () MD5=48CCC3A526A8768BD59F2FB5703B75CB -- C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataMicrosoft CorporationMicrosoft® Windows® Operating System6.00.2900.5512Explorer.html

 

< MD5 for: EXPLORER.SC_ >

[2004/08/10 00:00:00 | 000,000,181 | ---- | M] () MD5=BC5B38879C56DFBC05C8B5C43AC4D739 -- C:WINDOWSI386EXPLORER.SC_

 

< MD5 for: EXPLORER.SCF >

[2004/08/10 00:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:WINDOWSexplorer.scf

 

< MD5 for: IEXPLORE.CH_ >

[2004/08/10 00:00:00 | 000,199,077 | ---- | M] () MD5=5F64795662F162CCD8B30969B6682029 -- C:WINDOWSI386IEXPLORE.CH_

 

< MD5 for: IEXPLORE.CHM >

[2009/02/21 00:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:WINDOWSHelpiexplore.chm

[2004/08/10 00:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:WINDOWSie8iexplore.chm

 

< MD5 for: IEXPLORE.EX_ >

[2004/08/10 00:00:00 | 000,037,895 | ---- | M] () MD5=F83009589844F0C30801CC2221F06AB9 -- C:WINDOWSI386IEXPLORE.EX_

 

< MD5 for: IEXPLORE.EXE >

[2008/04/13 19:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:WINDOWSServicePackFilesi386iexplore.exe

[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:Program FilesInternet Exploreriexplore.exe

[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:WINDOWSERDNTcacheiexplore.exe

[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:WINDOWSsystem32dllcacheiexplore.exe

[2004/08/10 00:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:WINDOWSie8iexplore.exe

 

< MD5 for: IEXPLORE.EXE.EXP.LOG >

[2011/03/23 14:23:56 | 000,171,298 | ---- | M] () MD5=BCF380E2BA24FC4FF3194A1B183564CB -- C:Program FilesInternet Exploreriexplore.exe.exp.log

 

< MD5 for: IEXPLORE.EXE.MUI >

[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:Program FilesInternet Exploreren-USiexplore.exe.mui

[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:Program FilesInternet Exploreriexplore.exe.mui

 

< MD5 for: IEXPLORE.EXE_129470894035156250_F.DMP >

[2011/04/12 08:46:04 | 437,323,866 | ---- | M] () MD5=82A2E20AB292A2A5B1C0AA405D70CB47 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129470894035156250_F.dmp

 

< MD5 for: IEXPLORE.EXE_129471790343281250.EXH >

[2011/04/13 09:37:58 | 000,000,565 | ---- | M] () MD5=C8F52EE7A888B8A90A79B9766AD8F9A9 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129471790343281250.exh

 

< MD5 for: IEXPLORE.EXE_129471790343281250_F.DMP >

[2011/04/13 09:37:52 | 037,565,468 | ---- | M] () MD5=D348D4F4A7CB6F9065F93BB6848F35C1 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129471790343281250_F.dmp

 

< MD5 for: IEXPLORE.EXE_129471790343281250_M.DMP >

[2011/04/13 09:37:24 | 005,199,208 | ---- | M] () MD5=73690F9246DD9C53DE90B5C14701CA56 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129471790343281250_M.dmp

 

< MD5 for: IEXPLORE.EXE_129481614181093750.EXH >

[2011/04/24 18:30:20 | 000,000,513 | ---- | M] () MD5=95AA3A44403EF2C61DDA3DF97E056439 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129481614181093750.exh

 

< MD5 for: IEXPLORE.EXE_129481614181093750_F.DMP >

[2011/04/24 18:30:19 | 000,100,980 | ---- | M] () MD5=52C51B9968C6408E0763296BD7DCCB5E -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129481614181093750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129481614181093750_M.DMP >

[2011/04/24 18:30:19 | 000,100,980 | ---- | M] () MD5=52C51B9968C6408E0763296BD7DCCB5E -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129481614181093750_M.dmp

 

< MD5 for: IEXPLORE.EXE_129482321040804464.EXH >

[2011/04/25 14:08:25 | 000,000,582 | ---- | M] () MD5=FD4EB067BAF694E245E708533A258B97 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129482321040804464.exh

 

< MD5 for: IEXPLORE.EXE_129482321040804464_F.DMP >

[2011/04/25 14:08:25 | 000,134,242 | ---- | M] () MD5=B88D86030D58C8CB24263637C62022D1 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129482321040804464_F.dmp

 

< MD5 for: IEXPLORE.EXE_129482321040804464_M.DMP >

[2011/04/25 14:08:25 | 000,134,242 | ---- | M] () MD5=D815AFDFEEEB1A41D4A2F459FB263BB9 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129482321040804464_M.dmp

 

< MD5 for: IEXPLORE.EXE_129484883238101013.EXH >

[2011/04/28 13:18:44 | 000,000,571 | ---- | M] () MD5=3E48A896B3A1041A8920EF639EA9F175 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129484883238101013.exh

 

< MD5 for: IEXPLORE.EXE_129484883238101013_F.DMP >

[2011/04/28 13:18:44 | 000,147,706 | ---- | M] () MD5=E70DAF000F236D0AECDDAB9F0C97C897 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129484883238101013_F.dmp

 

< MD5 for: IEXPLORE.EXE_129484883238101013_M.DMP >

[2011/04/28 13:18:44 | 000,147,706 | ---- | M] () MD5=E70DAF000F236D0AECDDAB9F0C97C897 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129484883238101013_M.dmp

 

< MD5 for: IEXPLORE.EXE_129484883850499629.EXH >

[2011/04/28 13:19:50 | 000,000,571 | ---- | M] () MD5=F0FE9BEE7742B84CE35873089F99C7C7 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129484883850499629.exh

 

< MD5 for: IEXPLORE.EXE_129484883850499629_F.DMP >

[2011/04/28 13:19:50 | 043,069,489 | ---- | M] () MD5=70EF74DCC6212C2EC7D46EB9467E4D42 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129484883850499629_F.dmp

 

< MD5 for: IEXPLORE.EXE_129484883850499629_M.DMP >

[2011/04/28 13:19:46 | 006,182,909 | ---- | M] () MD5=2AE5E38E4F0D9DB02BA006EF7CA39AAB -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129484883850499629_M.dmp

 

< MD5 for: IEXPLORE.EXE_129484884434614461.EXH >

[2011/04/28 13:21:00 | 000,000,571 | ---- | M] () MD5=FB33D7455C81B61872E7414E3E53E8C1 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129484884434614461.exh

 

< MD5 for: IEXPLORE.EXE_129484884434614461_F.DMP >

[2011/04/28 13:20:59 | 065,379,264 | ---- | M] () MD5=F7080EC0215535741BE13C49CEB0AF2F -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129484884434614461_F.dmp

 

< MD5 for: IEXPLORE.EXE_129484884434614461_M.DMP >

[2011/04/28 13:20:44 | 005,853,052 | ---- | M] () MD5=F865F2407F7C109133A305608350C6C0 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129484884434614461_M.dmp

 

< MD5 for: IEXPLORE.EXE_129485170335312500.EXH >

[2011/04/28 21:17:14 | 000,000,513 | ---- | M] () MD5=E6613999656F6B7486E26CFC9029D9C8 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485170335312500.exh

 

< MD5 for: IEXPLORE.EXE_129485170335312500_F.DMP >

[2011/04/28 21:17:14 | 000,075,730 | ---- | M] () MD5=68F85C7CA14BB05C1669090FD4BE4C29 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485170335312500_F.dmp

 

< MD5 for: IEXPLORE.EXE_129485170335312500_M.DMP >

[2011/04/28 21:17:14 | 000,075,730 | ---- | M] () MD5=A80B5B5F4CA56D20FDE0B08C91C922BC -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485170335312500_M.dmp

 

< MD5 for: IEXPLORE.EXE_129485176386875000.EXH >

[2011/04/28 21:27:19 | 000,000,571 | ---- | M] () MD5=82B6F1DE24DA08B9CFE512B54AE9DC43 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485176386875000.exh

 

< MD5 for: IEXPLORE.EXE_129485176386875000_F.DMP >

[2011/04/28 21:27:19 | 000,162,160 | ---- | M] () MD5=694CD56C5C11C9B7FE915AFD275C6DB0 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485176386875000_F.dmp

 

< MD5 for: IEXPLORE.EXE_129485176386875000_M.DMP >

[2011/04/28 21:27:19 | 000,162,160 | ---- | M] () MD5=B344079F126310C597F84D6C24E8C973 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485176386875000_M.dmp

 

< MD5 for: IEXPLORE.EXE_129485294763593750.EXH >

[2011/04/29 00:44:46 | 000,000,571 | ---- | M] () MD5=D0DD653D6F0CAFF8CFD99C45A5CE5377 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485294763593750.exh

 

< MD5 for: IEXPLORE.EXE_129485294763593750_F.DMP >

[2011/04/29 00:44:46 | 001,494,851 | ---- | M] () MD5=65968E6BCEBD1CFCD2AEB9A32CBF6B32 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485294763593750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129485294763593750_M.DMP >

[2011/04/29 00:44:45 | 000,396,527 | ---- | M] () MD5=B49A4FDEB589640E877A5DAF32962884 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485294763593750_M.dmp

 

< MD5 for: IEXPLORE.EXE_129485296961875000.EXH >

[2011/04/29 00:48:54 | 000,000,571 | ---- | M] () MD5=67B66970CCB33F8194A504F16B1DDD38 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485296961875000.exh

 

< MD5 for: IEXPLORE.EXE_129485296961875000_F.DMP >

[2011/04/29 00:48:53 | 026,411,953 | ---- | M] () MD5=ECD52A27C7C3AAD860A288EE0A8CC45A -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485296961875000_F.dmp

 

< MD5 for: IEXPLORE.EXE_129485296961875000_M.DMP >

[2011/04/29 00:48:20 | 005,324,605 | ---- | M] () MD5=2359F933C11C841BD0A44014740F17C7 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485296961875000_M.dmp

 

< MD5 for: IEXPLORE.EXE_129485833852812500.EXH >

[2011/04/29 15:43:06 | 000,000,571 | ---- | M] () MD5=B358AD9ED3973D686E6E3504B59424E1 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485833852812500.exh

 

< MD5 for: IEXPLORE.EXE_129485833852812500_F.DMP >

[2011/04/29 15:43:06 | 000,140,490 | ---- | M] () MD5=413A5E240BF26EF803170A4498509D3A -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485833852812500_F.dmp

 

< MD5 for: IEXPLORE.EXE_129485833852812500_M.DMP >

[2011/04/29 15:43:06 | 000,140,490 | ---- | M] () MD5=413A5E240BF26EF803170A4498509D3A -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129485833852812500_M.dmp

 

< MD5 for: IEXPLORE.EXE_129486012585156250.EXH >

[2011/04/29 20:40:59 | 000,000,571 | ---- | M] () MD5=95A1B1465D76B1972BEB076112D6CBD0 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486012585156250.exh

 

< MD5 for: IEXPLORE.EXE_129486012585156250_F.DMP >

[2011/04/29 20:40:59 | 000,151,452 | ---- | M] () MD5=78EBCD1A4669B43DA0F2ADD65228CB8F -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486012585156250_F.dmp

 

< MD5 for: IEXPLORE.EXE_129486012585156250_M.DMP >

[2011/04/29 20:40:59 | 000,151,452 | ---- | M] () MD5=78EBCD1A4669B43DA0F2ADD65228CB8F -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486012585156250_M.dmp

 

< MD5 for: IEXPLORE.EXE_129486012743593750.EXH >

[2011/04/29 20:41:14 | 000,000,571 | ---- | M] () MD5=A8C41A462F108C83CCF0119702AADDFF -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486012743593750.exh

 

< MD5 for: IEXPLORE.EXE_129486012743593750_F.DMP >

[2011/04/29 20:41:14 | 000,128,830 | ---- | M] () MD5=A3C038129B2B55AC6A950EA33BA7184B -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486012743593750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129486012743593750_M.DMP >

[2011/04/29 20:41:14 | 000,128,830 | ---- | M] () MD5=A3C038129B2B55AC6A950EA33BA7184B -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486012743593750_M.dmp

 

< MD5 for: IEXPLORE.EXE_129486012861718750.EXH >

[2011/04/29 20:42:04 | 000,000,571 | ---- | M] () MD5=D06B932658E380F3377C7F78C9CEED40 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486012861718750.exh

 

< MD5 for: IEXPLORE.EXE_129486012861718750_F.DMP >

[2011/04/29 20:41:59 | 193,034,071 | ---- | M] () MD5=B3015743ACCB07B5140C554F69612713 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486012861718750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129486012861718750_M.DMP >

[2011/04/29 20:41:28 | 005,546,887 | ---- | M] () MD5=5D62A9333CAE50093E011725CE531550 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486012861718750_M.dmp

 

< MD5 for: IEXPLORE.EXE_129486013940937500.EXH >

[2011/04/29 20:43:22 | 000,000,571 | ---- | M] () MD5=BAC9D6662D3D99D3321442396836B327 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486013940937500.exh

 

< MD5 for: IEXPLORE.EXE_129486013940937500_F.DMP >

[2011/04/29 20:43:20 | 130,237,086 | ---- | M] () MD5=01124ECD9A0706550AE48460D5383719 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486013940937500_F.dmp

 

< MD5 for: IEXPLORE.EXE_129486013940937500_M.DMP >

[2011/04/29 20:43:14 | 005,584,474 | ---- | M] () MD5=A3E95769CE9B806BA53D2B32B4DC17D0 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486013940937500_M.dmp

 

< MD5 for: IEXPLORE.EXE_129486044709218750.EXH >

[2011/04/29 21:34:40 | 000,000,571 | ---- | M] () MD5=E3F7AF72036C37842D30875AF1673D14 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486044709218750.exh

 

< MD5 for: IEXPLORE.EXE_129486044709218750_F.DMP >

[2011/04/29 21:34:38 | 070,142,969 | ---- | M] () MD5=B9CA88987F9D47114A6A351914B6ADA9 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486044709218750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129486044709218750_M.DMP >

[2011/04/29 21:34:34 | 005,760,597 | ---- | M] () MD5=2A521AD5D1564213FE1560BFDE68FB79 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486044709218750_M.dmp

 

< MD5 for: IEXPLORE.EXE_129486044892968750.EXH >

[2011/04/29 21:34:49 | 000,000,571 | ---- | M] () MD5=5978878D0BA01646D119CC0B1E67E01C -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486044892968750.exh

 

< MD5 for: IEXPLORE.EXE_129486044892968750_F.DMP >

[2011/04/29 21:34:49 | 000,191,182 | ---- | M] () MD5=AF64D3B1970A92FEB01BEE52AB55DE22 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486044892968750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129486044892968750_M.DMP >

[2011/04/29 21:34:49 | 000,329,782 | ---- | M] () MD5=20896B51C5449243479817AEB179A381 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129486044892968750_M.dmp

 

< MD5 for: IEXPLORE.EXE_129487510261718750.EXH >

[2011/05/01 14:17:15 | 000,000,571 | ---- | M] () MD5=EE3DE8E4C91815EBD66C7183850C327C -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129487510261718750.exh

 

< MD5 for: IEXPLORE.EXE_129487510261718750_F.DMP >

[2011/05/01 14:17:14 | 030,730,810 | ---- | M] () MD5=39936A39B3B5BDF31304FDE1322C88CE -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129487510261718750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129487510261718750_M.DMP >

[2011/05/01 14:17:08 | 005,180,390 | ---- | M] () MD5=7A29CFB168604A826BCC2B5E19AA975A -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129487510261718750_M.dmp

 

< MD5 for: IEXPLORE.EXE_129487602972031250.EXH >

[2011/05/01 16:51:45 | 000,000,571 | ---- | M] () MD5=833BAEE9587CD6192B02232264BED096 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129487602972031250.exh

 

< MD5 for: IEXPLORE.EXE_129487602972031250_F.DMP >

[2011/05/01 16:51:45 | 057,574,576 | ---- | M] () MD5=068F2C414B96B0C7783218BF95F2AA21 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129487602972031250_F.dmp

 

< MD5 for: IEXPLORE.EXE_129487602972031250_M.DMP >

[2011/05/01 16:51:40 | 006,022,188 | ---- | M] () MD5=26D6A3FFBF7284B9B69D8CECADBFF5F8 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129487602972031250_M.dmp

 

< MD5 for: IEXPLORE.EXE_129487603238906250.EXH >

[2011/05/01 16:52:19 | 000,000,571 | ---- | M] () MD5=2C826594523B998ECA5D4BCE17360A01 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129487603238906250.exh

 

< MD5 for: IEXPLORE.EXE_129487603238906250_F.DMP >

[2011/05/01 16:52:18 | 084,868,368 | ---- | M] () MD5=F30DF0B7557141C0120E2283269A0E07 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129487603238906250_F.dmp

 

< MD5 for: IEXPLORE.EXE_129487603238906250_M.DMP >

[2011/05/01 16:52:04 | 005,299,628 | ---- | M] () MD5=DA961B3E51E9A6C1F81CC6467D521826 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129487603238906250_M.dmp

 

< MD5 for: IEXPLORE.EXE_129488289259687500.EXH >

[2011/05/02 11:55:56 | 000,000,571 | ---- | M] () MD5=AD30E3DA64D36B5D77267A6D1D20F971 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129488289259687500.exh

 

< MD5 for: IEXPLORE.EXE_129488289259687500_F.DMP >

[2011/05/02 11:55:55 | 031,818,346 | ---- | M] () MD5=196F8B994C6D02A376A0F21CD9161337 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129488289259687500_F.dmp

 

< MD5 for: IEXPLORE.EXE_129488289259687500_M.DMP >

[2011/05/02 11:55:31 | 006,287,558 | ---- | M] () MD5=870ED0E27909AA26D1A8220C440533C2 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129488289259687500_M.dmp

 

< MD5 for: IEXPLORE.EXE_129488289699218750.EXH >

[2011/05/02 11:56:11 | 000,000,571 | ---- | M] () MD5=F364C6999979D4AF6BCC3A91B53CF1F8 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129488289699218750.exh

 

< MD5 for: IEXPLORE.EXE_129488289699218750_F.DMP >

[2011/05/02 11:56:11 | 000,127,638 | ---- | M] () MD5=07242252C0B80559C7FB94A74D509A65 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129488289699218750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129488289699218750_M.DMP >

[2011/05/02 11:56:11 | 000,127,638 | ---- | M] () MD5=07242252C0B80559C7FB94A74D509A65 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129488289699218750_M.dmp

 

< MD5 for: IEXPLORE.EXE_129488522493801101.EXH >

[2011/05/02 18:24:19 | 000,000,571 | ---- | M] () MD5=AA247CDC7726FF64B6BFE1255610BFEF -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129488522493801101.exh

 

< MD5 for: IEXPLORE.EXE_129488522493801101_F.DMP >

[2011/05/02 18:24:18 | 048,479,056 | ---- | M] () MD5=EAE3156B68FE813FD0A66F5446B9DEA7 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129488522493801101_F.dmp

 

< MD5 for: IEXPLORE.EXE_129488522493801101_M.DMP >

[2011/05/02 18:24:10 | 005,983,404 | ---- | M] () MD5=B690DC99C69B505C1138BBFC27D863AB -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129488522493801101_M.dmp

 

< MD5 for: IEXPLORE.EXE_129488629158801101.EXH >

[2011/05/02 21:22:01 | 000,000,571 | ---- | M] () MD5=E411CC9D5E82B26D6DF41F0F2FCE9A9D -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129488629158801101.exh

 

< MD5 for: IEXPLORE.EXE_129488629158801101_F.DMP >

[2011/05/02 21:22:01 | 018,760,713 | ---- | M] () MD5=AD20F6FD7FD9B2E467DA1A41EC8F2E78 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129488629158801101_F.dmp

 

< MD5 for: IEXPLORE.EXE_129488629158801101_M.DMP >

[2011/05/02 21:21:58 | 005,835,013 | ---- | M] () MD5=C231D3F9EE08490B74010E2191D81AAE -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129488629158801101_M.dmp

 

< MD5 for: IEXPLORE.EXE_129489437631093750.EXH >

[2011/05/03 19:49:40 | 000,000,571 | ---- | M] () MD5=2AEEACE4696A90FBA8082CF7794EB209 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129489437631093750.exh

 

< MD5 for: IEXPLORE.EXE_129489437631093750_F.DMP >

[2011/05/03 19:49:39 | 033,195,727 | ---- | M] () MD5=3A18D9CD2A1C38C866B9D9FBFE0F332D -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129489437631093750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129489437631093750_M.DMP >

[2011/05/03 19:49:25 | 005,981,755 | ---- | M] () MD5=A4156C59A1459A0FFA898007DDF801CD -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129489437631093750_M.dmp

 

< MD5 for: IEXPLORE.EXE_129490372629749430.EXH >

[2011/05/04 21:47:48 | 000,000,571 | ---- | M] () MD5=98116A30A663D78EEF1DCD67D64D0801 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129490372629749430.exh

 

< MD5 for: IEXPLORE.EXE_129490372629749430_F.DMP >

[2011/05/04 21:47:48 | 030,779,474 | ---- | M] () MD5=7E335A00F66BA5087B76BF0A187246C0 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129490372629749430_F.dmp

 

< MD5 for: IEXPLORE.EXE_129490372629749430_M.DMP >

[2011/05/04 21:47:45 | 005,761,118 | ---- | M] () MD5=5D31F95DEDB16B503D11D6F6187E95D9 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129490372629749430_M.dmp

 

< MD5 for: IEXPLORE.EXE_129491110132253922.EXH >

[2011/05/05 18:17:00 | 000,000,571 | ---- | M] () MD5=46C8B7920C097C912EF12058937580F1 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491110132253922.exh

 

< MD5 for: IEXPLORE.EXE_129491110132253922_F.DMP >

[2011/05/05 18:17:00 | 046,320,667 | ---- | M] () MD5=039A0B22D6D4F56B7A58760BA0D3376E -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491110132253922_F.dmp

 

< MD5 for: IEXPLORE.EXE_129491110132253922_M.DMP >

[2011/05/05 18:16:55 | 006,106,151 | ---- | M] () MD5=580B5968181939E2E2330BE5820BC619 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491110132253922_M.dmp

 

< MD5 for: IEXPLORE.EXE_129491204604923435.EXH >

[2011/05/05 20:54:21 | 000,000,571 | ---- | M] () MD5=6371B77B9E2D7D44595FC242EF29AEB8 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491204604923435.exh

 

< MD5 for: IEXPLORE.EXE_129491204604923435_F.DMP >

[2011/05/05 20:54:21 | 000,097,558 | ---- | M] () MD5=1745DD8C93BF9A4D6765D82D94E6B39C -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491204604923435_F.dmp

 

< MD5 for: IEXPLORE.EXE_129491204604923435_M.DMP >

[2011/05/05 20:54:21 | 000,097,558 | ---- | M] () MD5=1745DD8C93BF9A4D6765D82D94E6B39C -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491204604923435_M.dmp

 

< MD5 for: IEXPLORE.EXE_129491209450860935.EXH >

[2011/05/05 21:02:31 | 000,000,571 | ---- | M] () MD5=A4ECC801353C95528BBBF89DD77B42CB -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491209450860935.exh

 

< MD5 for: IEXPLORE.EXE_129491209450860935_F.DMP >

[2011/05/05 21:02:30 | 030,445,993 | ---- | M] () MD5=A4FEBB81ED053AE5EB7AD16AA6E73C6D -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491209450860935_F.dmp

 

< MD5 for: IEXPLORE.EXE_129491209450860935_M.DMP >

[2011/05/05 21:02:27 | 006,042,453 | ---- | M] () MD5=F05AC1551F7F86E638810EC0DF791BD1 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491209450860935_M.dmp

 

< MD5 for: IEXPLORE.EXE_129491209578517185.EXH >

[2011/05/05 21:02:38 | 000,000,571 | ---- | M] () MD5=04EF805A8D0C3975BDBF084A152BB46A -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491209578517185.exh

 

< MD5 for: IEXPLORE.EXE_129491209578517185_F.DMP >

[2011/05/05 21:02:38 | 000,124,054 | ---- | M] () MD5=0AEC48A041CF0CA012CAFE15F8A9FAB0 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491209578517185_F.dmp

 

< MD5 for: IEXPLORE.EXE_129491209578517185_M.DMP >

[2011/05/05 21:02:38 | 000,124,054 | ---- | M] () MD5=0AEC48A041CF0CA012CAFE15F8A9FAB0 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491209578517185_M.dmp

 

< MD5 for: IEXPLORE.EXE_129491256951954685.EXH >

[2011/05/05 22:21:37 | 000,000,571 | ---- | M] () MD5=2CC9E5EC57F6D03CAE89088E6B9DE823 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491256951954685.exh

 

< MD5 for: IEXPLORE.EXE_129491256951954685_F.DMP >

[2011/05/05 22:21:37 | 002,238,535 | ---- | M] () MD5=218B72A8CF20CE4D14B184BB779BAD16 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491256951954685_F.dmp

 

< MD5 for: IEXPLORE.EXE_129491256951954685_M.DMP >

[2011/05/05 22:21:36 | 000,455,059 | ---- | M] () MD5=005F94E978990065A232B83F94B22DF0 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129491256951954685_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492091745156250.EXH >

[2011/05/06 21:33:01 | 000,000,571 | ---- | M] () MD5=4FF246FD590A75AA27C56CC229A58AA6 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492091745156250.exh

 

< MD5 for: IEXPLORE.EXE_129492091745156250_F.DMP >

[2011/05/06 21:33:00 | 022,401,287 | ---- | M] () MD5=70BF26253B73D730702EC4ECA127B324 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492091745156250_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492091745156250_M.DMP >

[2011/05/06 21:32:57 | 005,635,907 | ---- | M] () MD5=28F26E8B323837F47F910CC05EA5EE8E -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492091745156250_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492091946875000.EXH >

[2011/05/06 21:33:18 | 000,000,571 | ---- | M] () MD5=9795EB776CDF9776B6E87152594F6022 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492091946875000.exh

 

< MD5 for: IEXPLORE.EXE_129492091946875000_F.DMP >

[2011/05/06 21:33:18 | 029,494,766 | ---- | M] () MD5=8EEC39B7BC46ACF6C4C44D49711BFAEF -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492091946875000_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492091946875000_M.DMP >

[2011/05/06 21:33:15 | 005,383,946 | ---- | M] () MD5=82517F00A6760836CC69A200FDD88E64 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492091946875000_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492092099687500.EXH >

[2011/05/06 21:33:30 | 000,000,571 | ---- | M] () MD5=9451AEA97AB2FFDFD0897FDF8D9F6A7F -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492092099687500.exh

 

< MD5 for: IEXPLORE.EXE_129492092099687500_F.DMP >

[2011/05/06 21:33:30 | 000,146,430 | ---- | M] () MD5=ACF66A23500F8D537F1BFF55A58ED09C -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492092099687500_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492092099687500_M.DMP >

[2011/05/06 21:33:30 | 000,146,430 | ---- | M] () MD5=ACF66A23500F8D537F1BFF55A58ED09C -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492092099687500_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492262194843750.EXH >

[2011/05/07 02:17:00 | 000,000,571 | ---- | M] () MD5=2591A7A84F81C48D85A6BC7DE5E264CC -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492262194843750.exh

 

< MD5 for: IEXPLORE.EXE_129492262194843750_F.DMP >

[2011/05/07 02:17:00 | 000,226,470 | ---- | M] () MD5=9C7D65DC0B2E5FDADEE1C4C42CF9D7BC -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492262194843750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492262194843750_M.DMP >

[2011/05/07 02:17:00 | 000,226,470 | ---- | M] () MD5=9C7D65DC0B2E5FDADEE1C4C42CF9D7BC -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492262194843750_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492263098125000.EXH >

[2011/05/07 02:18:39 | 000,000,571 | ---- | M] () MD5=D2B68CC1B97E34D27EA9A8D40EA97BFA -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492263098125000.exh

 

< MD5 for: IEXPLORE.EXE_129492263098125000_F.DMP >

[2011/05/07 02:18:38 | 059,272,023 | ---- | M] () MD5=917A210F794A16C71D92C891F767DF50 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492263098125000_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492263098125000_M.DMP >

[2011/05/07 02:18:32 | 005,106,115 | ---- | M] () MD5=DFC08E0262A2429E82B90A3FD3FDF06A -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492263098125000_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492263381093750.EXH >

[2011/05/07 02:19:04 | 000,000,571 | ---- | M] () MD5=8E4678E6CFAE975D2EBE36D20E0BA867 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492263381093750.exh

 

< MD5 for: IEXPLORE.EXE_129492263381093750_F.DMP >

[2011/05/07 02:19:02 | 057,473,800 | ---- | M] () MD5=A77ABF3F235780A7D630E5E9E0700F55 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492263381093750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492263381093750_M.DMP >

[2011/05/07 02:18:59 | 005,036,932 | ---- | M] () MD5=249E0637764131491F279E3FDC57073D -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492263381093750_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492263701718750.EXH >

[2011/05/07 02:19:45 | 000,000,571 | ---- | M] () MD5=B76249AA8FD3EF6E7146EA1B3319FE9C -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492263701718750.exh

 

< MD5 for: IEXPLORE.EXE_129492263701718750_F.DMP >

[2011/05/07 02:19:44 | 023,636,795 | ---- | M] () MD5=9B9C6B3BB822DE8DC15AEC8C87F39450 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492263701718750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492263701718750_M.DMP >

[2011/05/07 02:19:31 | 005,081,207 | ---- | M] () MD5=AC3C4C098ABA6DEDB54E283A0F5B1725 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492263701718750_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492264083750000.EXH >

[2011/05/07 02:20:09 | 000,000,571 | ---- | M] () MD5=4F517A6177630CF75B76EB68C09E12BA -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492264083750000.exh

 

< MD5 for: IEXPLORE.EXE_129492264083750000_F.DMP >

[2011/05/07 02:20:09 | 000,121,584 | ---- | M] () MD5=8ED1547FB512216899A90FA1D3D24B7C -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492264083750000_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492264083750000_M.DMP >

[2011/05/07 02:20:09 | 000,121,584 | ---- | M] () MD5=F262729C31FFC44AC3FE3BB41B5B8885 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492264083750000_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492267696562500.EXH >

[2011/05/07 02:26:10 | 000,000,571 | ---- | M] () MD5=32FC2CB41FF69A9ADDD211C9C2ECCE75 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492267696562500.exh

 

< MD5 for: IEXPLORE.EXE_129492267696562500_F.DMP >

[2011/05/07 02:26:10 | 000,110,890 | ---- | M] () MD5=FF7A339A5276AF920C2DBE6AC91C7D3C -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492267696562500_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492267696562500_M.DMP >

[2011/05/07 02:26:10 | 000,110,890 | ---- | M] () MD5=FF7A339A5276AF920C2DBE6AC91C7D3C -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492267696562500_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492267893906250.EXH >

[2011/05/07 02:26:36 | 000,000,571 | ---- | M] () MD5=B98571A9DFF46B764CAE01EF4445C9D0 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492267893906250.exh

 

< MD5 for: IEXPLORE.EXE_129492267893906250_F.DMP >

[2011/05/07 02:26:36 | 022,149,251 | ---- | M] () MD5=AE48E18B0322FC4314017FC4613AB3BF -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492267893906250_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492267893906250_M.DMP >

[2011/05/07 02:26:32 | 005,430,815 | ---- | M] () MD5=02C770E6B8F10E0B1A13EAC4F4785CEB -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492267893906250_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492268120156250.EXH >

[2011/05/07 02:26:52 | 000,000,571 | ---- | M] () MD5=D120B743F33947BEE1D9A6E1DC6B080B -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492268120156250.exh

 

< MD5 for: IEXPLORE.EXE_129492268120156250_F.DMP >

[2011/05/07 02:26:52 | 000,168,292 | ---- | M] () MD5=97D78815D89BAC64F3CA27CD7F81D163 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492268120156250_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492268120156250_M.DMP >

[2011/05/07 02:26:52 | 000,168,292 | ---- | M] () MD5=97D78815D89BAC64F3CA27CD7F81D163 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492268120156250_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492268400156250.EXH >

[2011/05/07 02:27:20 | 000,000,571 | ---- | M] () MD5=4AD148C1CA999E94B8CE82A57586F214 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492268400156250.exh

 

< MD5 for: IEXPLORE.EXE_129492268400156250_F.DMP >

[2011/05/07 02:27:20 | 000,135,124 | ---- | M] () MD5=6AE140CC12244F3C2DF341F7D27A2C24 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492268400156250_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492268400156250_M.DMP >

[2011/05/07 02:27:20 | 000,135,124 | ---- | M] () MD5=6AE140CC12244F3C2DF341F7D27A2C24 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492268400156250_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492269690156250.EXH >

[2011/05/07 02:29:38 | 000,000,571 | ---- | M] () MD5=E2C6725F0C4220670AA365BF1151663E -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492269690156250.exh

 

< MD5 for: IEXPLORE.EXE_129492269690156250_F.DMP >

[2011/05/07 02:29:37 | 060,008,843 | ---- | M] () MD5=FF83AD81575279A8A53173BE03F72B93 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492269690156250_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492269690156250_M.DMP >

[2011/05/07 02:29:29 | 004,962,903 | ---- | M] () MD5=517BDA042F5432D2E531103552E5E558 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492269690156250_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492269977031250.EXH >

[2011/05/07 02:29:58 | 000,000,571 | ---- | M] () MD5=345991502D0336D39FB2E8D455B62D69 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492269977031250.exh

 

< MD5 for: IEXPLORE.EXE_129492269977031250_F.DMP >

[2011/05/07 02:29:58 | 000,134,090 | ---- | M] () MD5=291DCD3B33E89CB4677913E87FE398C2 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492269977031250_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492269977031250_M.DMP >

[2011/05/07 02:29:58 | 000,134,090 | ---- | M] () MD5=33D88E451B3AE4FBCEDFECCDC98EFC9E -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492269977031250_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492370429062500.EXH >

[2011/05/07 05:17:23 | 000,000,571 | ---- | M] () MD5=DE193A35D46FA0988E676826C73FCA10 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492370429062500.exh

 

< MD5 for: IEXPLORE.EXE_129492370429062500_F.DMP >

[2011/05/07 05:17:23 | 000,129,594 | ---- | M] () MD5=1CA175EED2D15BA5195A58B25154B780 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492370429062500_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492370429062500_M.DMP >

[2011/05/07 05:17:23 | 000,129,594 | ---- | M] () MD5=8854E92DA5F6AB1C5FB8177100403A36 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492370429062500_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492585001875000.EXH >

[2011/05/07 11:15:06 | 000,000,571 | ---- | M] () MD5=F3AB7B6C4318FD046F9D518215344267 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492585001875000.exh

 

< MD5 for: IEXPLORE.EXE_129492585001875000_F.DMP >

[2011/05/07 11:15:06 | 009,710,762 | ---- | M] () MD5=3D42658814C8F02283DF18FFA0CFFD54 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492585001875000_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492585001875000_M.DMP >

[2011/05/07 11:15:04 | 005,885,446 | ---- | M] () MD5=EA1381FB87757C83013E6B25E9D198BC -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492585001875000_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492837897343750.EXH >

[2011/05/07 18:16:30 | 000,000,513 | ---- | M] () MD5=9F3B8DB0E638C8931872CA43C8733E47 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492837897343750.exh

 

< MD5 for: IEXPLORE.EXE_129492837897343750_F.DMP >

[2011/05/07 18:16:30 | 000,141,858 | ---- | M] () MD5=0A5B23BC859BF4B4D19899BCEDDF7F8E -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492837897343750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492837897343750_M.DMP >

[2011/05/07 18:16:30 | 000,141,858 | ---- | M] () MD5=0A5B23BC859BF4B4D19899BCEDDF7F8E -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492837897343750_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492838096562500.EXH >

[2011/05/07 18:16:55 | 000,000,571 | ---- | M] () MD5=F15FCA960A742A23FC1045F58CF1FB2D -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492838096562500.exh

 

< MD5 for: IEXPLORE.EXE_129492838096562500_F.DMP >

[2011/05/07 18:16:55 | 013,788,041 | ---- | M] () MD5=6AEF6B865F44C386DA968342C0435696 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492838096562500_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492838096562500_M.DMP >

[2011/05/07 18:16:52 | 005,716,661 | ---- | M] () MD5=1259FB2DBD07A31A5DCB50442ABB29BA -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492838096562500_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492838245625000.EXH >

[2011/05/07 18:17:04 | 000,000,571 | ---- | M] () MD5=2CDB9FD2C38FB511874A2E920AE2AD91 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492838245625000.exh

 

< MD5 for: IEXPLORE.EXE_129492838245625000_F.DMP >

[2011/05/07 18:17:04 | 000,141,584 | ---- | M] () MD5=EACD565A4FDDF2E4FFB7D4802A4AA7CA -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492838245625000_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492838245625000_M.DMP >

[2011/05/07 18:17:04 | 000,141,584 | ---- | M] () MD5=EACD565A4FDDF2E4FFB7D4802A4AA7CA -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492838245625000_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492838408906250.EXH >

[2011/05/07 18:17:26 | 000,000,571 | ---- | M] () MD5=90BE530882B7C6D82BE5CCB1D346F2CB -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492838408906250.exh

 

< MD5 for: IEXPLORE.EXE_129492838408906250_F.DMP >

[2011/05/07 18:17:25 | 039,638,775 | ---- | M] () MD5=F87AB4EE3E2A0DEF3BE7D55132B912FD -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492838408906250_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492838408906250_M.DMP >

[2011/05/07 18:17:21 | 005,735,315 | ---- | M] () MD5=81FC624797E5EA5322BBC50BAB747259 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492838408906250_M.dmp

 

< MD5 for: IEXPLORE.EXE_129492988938906250.EXH >

[2011/05/07 22:28:21 | 000,000,571 | ---- | M] () MD5=92A544DEC4B731307E48A586C7D15343 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492988938906250.exh

 

< MD5 for: IEXPLORE.EXE_129492988938906250_F.DMP >

[2011/05/07 22:28:20 | 029,995,947 | ---- | M] () MD5=3F111E223CECEEE7C24DBC46FD48E479 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492988938906250_F.dmp

 

< MD5 for: IEXPLORE.EXE_129492988938906250_M.DMP >

[2011/05/07 22:28:17 | 005,195,047 | ---- | M] () MD5=F3BEEA6A662BA90602DE23BA21F61DB9 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129492988938906250_M.dmp

 

< MD5 for: IEXPLORE.EXE_129546343823437500.EXH >

[2011/07/08 16:33:05 | 000,000,564 | ---- | M] () MD5=AEC6FC97E7028CFDCAB85CDA71472BA8 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129546343823437500.exh

 

< MD5 for: IEXPLORE.EXE_129546343823437500_F.DMP >

[2011/07/08 16:33:04 | 000,094,518 | ---- | M] () MD5=6E0626729471E612BB2A3E5A129BE3F3 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129546343823437500_F.dmp

 

< MD5 for: IEXPLORE.EXE_129546343823437500_M.DMP >

[2011/07/08 16:33:04 | 000,094,518 | ---- | M] () MD5=6E0626729471E612BB2A3E5A129BE3F3 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129546343823437500_M.dmp

 

< MD5 for: IEXPLORE.EXE_129567904792812500.EXH >

[2011/08/02 15:31:08 | 000,000,564 | ---- | M] () MD5=CA4D6E7C7918D837DAC6967E452E8487 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129567904792812500.exh

 

< MD5 for: IEXPLORE.EXE_129567904792812500_F.DMP >

[2011/08/02 15:30:12 | 078,895,422 | ---- | M] () MD5=1D57FA69DB372916A2F001CCBC31B417 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129567904792812500_F.dmp

 

< MD5 for: IEXPLORE.EXE_129567904792812500_M.DMP >

[2011/08/02 15:28:13 | 003,952,922 | ---- | M] () MD5=063D8EA8772F1A261A450B32DAC4B302 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129567904792812500_M.dmp

 

< MD5 for: IEXPLORE.EXE_129584937740468750.EXH >

[2011/08/22 08:36:57 | 000,000,580 | ---- | M] () MD5=488D011C3B0C9BC592E48CEDC33396A8 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129584937740468750.exh

 

< MD5 for: IEXPLORE.EXE_129584937740468750_F.DMP >

[2011/08/22 08:36:57 | 024,735,864 | ---- | M] () MD5=19B2A8C70FCDE9502E74A8BAC8E29407 -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129584937740468750_F.dmp

 

< MD5 for: IEXPLORE.EXE_129584937740468750_M.DMP >

[2011/08/22 08:36:23 | 006,237,108 | ---- | M] () MD5=794B51BFD8BB6D5C37216305543F178D -- C:Documents and SettingsAll UsersApplication DataAVG2012Dumpsiexplore.exe_129584937740468750_M.dmp

 

< MD5 for: IEXPLORE.EXE-2D97EBE6.PF >

[2011/12/09 11:57:02 | 000,062,550 | ---- | M] () MD5=4102C7FFEDEB2A46C77B0068169A5FC8 -- C:WINDOWSPrefetchIEXPLORE.EXE-2D97EBE6.pf

 

< MD5 for: IEXPLORE.HL_ >

[2004/08/10 00:00:00 | 000,059,881 | ---- | M] () MD5=D23388C8D5D82D4D1C3B0B6A256E3CB7 -- C:WINDOWSI386IEXPLORE.HL_

 

< MD5 for: IEXPLORE.HLP >

[2004/08/10 00:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:WINDOWSHelpiexplore.hlp

 

< MD5 for: WINLOGON.EX_ >

[2004/08/10 00:00:00 | 000,261,115 | ---- | M] () MD5=F41C4F5745589D0BB8268C02B71594CA -- C:WINDOWSI386WINLOGON.EX_

 

< MD5 for: WINLOGON.EXE >

[2004/08/10 00:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:WINDOWS$NtServicePackUninstall$winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:WINDOWSERDNTcachewinlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:WINDOWSServicePackFilesi386winlogon.exe

[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:WINDOWSsystem32winlogon.exe

 

< MD5 for: WINLOGON.EXE-0957F9B2.PF >

[2011/12/10 00:43:05 | 000,013,896 | ---- | M] () MD5=F089F6F8FB2E2C87F84E42A3B6663FDA -- C:WINDOWSPrefetchWINLOGON.EXE-0957F9B2.pf

 

< MD5 for: WINLOGON.REG >

[2001/10/23 15:49:08 | 000,000,278 | ---- | M] () MD5=329635F24C2EB6E4B850598AC7CC7AA4 -- C:hpbinwinlogon.reg

 

< End of report >

Link to comment
Share on other sites

Hello darkeyes

 

Thank you for the log.

 

There is not a great deal showing up in your latest log.

 

Lets proceed as follows and if there is no change we will look for possible system file errors.

 

  • Spybot TeaTimer

  • Please make sure tha teaTimer is disabled.
  • Please open OTL

    • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

       

      :OTL
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
      O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
      O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
      
      :Commands
      [resethosts]
      [purity]
      [emptytemp]
      [emptyflash]
      [start explorer]
      [Reboot]
      
      
    • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
    • Allow the program to run unhindered.
    • Your machine will re-start itself. This is normal.
    • A log will be created after your machine reboots. Please post the contents of the log in your next reply.
  • ComboFix

    • Please run Combofix again as you did before. If you are notified that an update is available please allow it to install.
  • Security Check

    • Please download Security Check by screen317 from here or here and save the file (called securitycheck.exe) to your desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box (NOTE: If you are running Vista or Win7 please Right click and select "Run as Administrator"..
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.
    Please post the OTL log, the Combofix log and the Security Check log in your next reply.
Link to comment
Share on other sites

JonTom....machine did not restart itself so I copied and pasted the results of the log. Thank you!

 

 

 

 

 

 

 

 

 

<p> </p>

<div>OTL logfile created on: 12/10/2011 3:39:51 PM - Run 4</div>

<div>OTL by OldTimer - Version 3.2.31.0     Folder = C:Documents and SettingsHP_AdministratorMy DocumentsDownloads</div>

<div>Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation</div>

<div>Internet Explorer (Version = 8.0.6001.18702)</div>

<div>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</div>

<div> </div>

<div>959.36 Mb Total Physical Memory | 232.12 Mb Available Physical Memory | 24.20% Memory free</div>

<div>2.26 Gb Paging File | 1.33 Gb Available in Paging File | 58.69% Paging File free</div>

<div>Paging file location(s): C:pagefile.sys 1440 2880 [binary data]</div>

<div> </div>

<div>%SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files</div>

<div>Drive C: | 221.12 Gb Total Space | 198.24 Gb Free Space | 89.65% Space Free | Partition Type: NTFS</div>

<div>Drive D: | 11.74 Gb Total Space | 4.79 Gb Free Space | 40.81% Space Free | Partition Type: FAT32</div>

<div> </div>

<div>Computer Name: MYCOMPUTER | User Name: HP_Administrator | Logged in as Administrator.</div>

<div>Boot Mode: Normal | Scan Mode: Current user | Quick Scan</div>

<div>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days</div>

<div> </div>

<div>========== Processes (SafeList) ==========</div>

<div> </div>

<div>PRC - [2011/12/10 15:38:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsHP_AdministratorMy DocumentsDownloadsOTL (5).exe</div>

<div>PRC - [2011/12/04 09:29:49 | 000,855,904 | ---- | M] () -- C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe</div>

<div>PRC - [2011/12/04 09:29:44 | 000,827,232 | ---- | M] () -- C:Program FilesAVG Secure Searchvprot.exe</div>

<div>PRC - [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:Program FilesGoogleChromeApplicationchrome.exe</div>

<div>PRC - [2011/10/24 19:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgtray.exe</div>

<div>PRC - [2011/10/21 04:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:Documents and SettingsAll UsersApplication DataAd-Aware Browsing Protectionadawarebp.exe</div>

<div>PRC - [2011/10/18 05:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgnsx.exe</div>

<div>PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012AVGIDSAgent.exe</div>

<div>PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgrsx.exe</div>

<div>PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgcsrvx.exe</div>

<div>PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- c:Program FilesMcAfeeSiteAdvisorMcSACore.exe</div>

<div>PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:Program FilesAVGAVG2012avgwdsvc.exe</div>

<div>PRC - [2011/01/21 11:16:19 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:Program FilesSuperAntiSpywareSUPERANTISPYWARE.EXE</div>

<div>PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACDaemon.exe</div>

<div>PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe</div>

<div>PRC - [2010/02/05 00:15:33 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe</div>

<div>PRC - [2010/01/27 09:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe</div>

<div>PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:Program FilesMcAfee Security Scan2.0.181SSScheduler.exe</div>

<div>PRC - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) -- C:Program FilesKodakAiOCenterekdiscovery.exe</div>

<div>PRC - [2009/08/03 09:33:06 | 001,626,112 | ---- | M] (Eastman Kodak Company) -- C:WINDOWSsystem32spooldriversw32x863EKIJ5000MUI.exe</div>

<div>PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe</div>

<div>PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe</div>

<div>PRC - [2005/09/26 19:43:29 | 001,060,864 | ---- | M] (Digital Interactive Systems Corporation) -- C:Program FilesDISCDISCover.exe</div>

<div>PRC - [2005/09/26 19:42:32 | 000,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:Program FilesDISCDiscGui.exe</div>

<div>PRC - [2005/09/26 19:42:26 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:Program FilesDISCDISCUpdateMgr.exe</div>

<div>PRC - [2005/09/26 19:42:26 | 000,045,056 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:Program FilesDISCDiscStreamHub.exe</div>

<div>PRC - [2005/08/02 19:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:WINDOWSarpwrmsg.exe</div>

<div>PRC - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:WINDOWSarservice.exe</div>

<div>PRC - [2005/04/08 14:09:42 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:Program FilesepsonCreativity SuiteEvent ManagerEEventManager.exe</div>

<div> </div>

<div> </div>

<div>========== Modules (No Company Name) ==========</div>

<div> </div>

<div>MOD - [2011/12/10 00:55:31 | 000,052,736 | ---- | M] () -- C:Documents and SettingsHP_AdministratorApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSSD10007.dll</div>

<div>MOD - [2011/12/04 09:29:49 | 000,855,904 | ---- | M] () -- C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe</div>

<div>MOD - [2011/12/04 09:29:44 | 000,827,232 | ---- | M] () -- C:Program FilesAVG Secure Searchvprot.exe</div>

<div>MOD - [2011/11/15 00:39:54 | 000,420,920 | ---- | M] () -- C:Program FilesGoogleChromeApplication15.0.874.121ppgooglenaclpluginchrome.dll</div>

<div>MOD - [2011/11/15 00:39:53 | 003,702,840 | ---- | M] () -- C:Program FilesGoogleChromeApplication15.0.874.121pdf.dll</div>

<div>MOD - [2011/11/15 00:38:16 | 000,122,952 | ---- | M] () -- C:Program FilesGoogleChromeApplication15.0.874.121avutil-51.dll</div>

<div>MOD - [2011/11/15 00:38:15 | 000,222,280 | ---- | M] () -- C:Program FilesGoogleChromeApplication15.0.874.121avformat-53.dll</div>

<div>MOD - [2011/11/15 00:38:14 | 001,746,504 | ---- | M] () -- C:Program FilesGoogleChromeApplication15.0.874.121avcodec-53.dll</div>

<div>MOD - [2011/11/14 21:36:18 | 008,593,056 | ---- | M] () -- C:Program FilesGoogleChromeApplication15.0.874.121gcswf32.dll</div>

<div>MOD - [2011/10/19 22:48:54 | 000,063,488 | ---- | M] () -- C:Documents and SettingsHP_AdministratorApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSSD10006.dll</div>

<div>MOD - [2011/10/19 22:48:49 | 000,117,760 | ---- | M] () -- C:Documents and SettingsHP_AdministratorApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSUIREPAIR.DLL</div>

<div>MOD - [2011/10/14 14:09:46 | 000,998,400 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Management90b90e700e59d73d6d692cf74e1ba16eSystem.Management.ni.dll</div>

<div>MOD - [2011/10/14 13:48:52 | 001,801,216 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Deploymentcc5ac99e8af2738e85cda5525fdd944fSystem.Deployment.ni.dll</div>

<div>MOD - [2011/10/14 13:48:11 | 000,971,264 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Configurationbce0720436dc6cb76006377f295ea365System.Configuration.ni.dll</div>

<div>MOD - [2011/10/14 13:28:41 | 005,450,752 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Xml70cacc44f0b4257f6037eda7a59a0aebSystem.Xml.ni.dll</div>

<div>MOD - [2011/10/14 13:27:53 | 012,430,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Windows.Forms71a2ae9ad561a62181cbd9fb11e9de7aSystem.Windows.Forms.ni.dll</div>

<div>MOD - [2011/10/14 13:25:58 | 001,587,200 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Drawingc10bea3c4bb7ef654651141bf9419090System.Drawing.ni.dll</div>

<div>MOD - [2011/10/14 13:19:33 | 007,950,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32Systemaf39f6e644af02873b9bae319f2bfb13System.ni.dll</div>

<div>MOD - [2011/10/14 13:18:58 | 011,490,816 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32mscorlibca87ba84221991839abbe7d4bc9c6721mscorlib.ni.dll</div>

<div>MOD - [2011/10/14 13:03:38 | 003,391,488 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322mscorlib1.0.5000.0__b77a5c561934e089_f2284ea2mscorlib.dll</div>

<div>MOD - [2011/10/14 13:03:33 | 000,835,584 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322system.drawing1.0.5000.0__b03f5f7f11d50a3a_e4f639adsystem.drawing.dll</div>

<div>MOD - [2011/10/14 13:03:24 | 002,088,960 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322system.xml1.0.5000.0__b77a5c561934e089_fc944c99system.xml.dll</div>

<div>MOD - [2011/10/14 13:03:13 | 003,018,752 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322system.windows.forms1.0.5000.0__b77a5c561934e089_b3b16b18system.windows.forms.dll</div>

<div>MOD - [2011/10/14 13:02:51 | 001,966,080 | ---- | M] () -- c:windowsassemblynativeimages1_v1.1.4322system1.0.5000.0__b77a5c561934e089_b7665b43system.dll</div>

<div>MOD - [2011/10/14 13:02:35 | 001,232,896 | ---- | M] () -- c:windowsassemblygacsystem1.0.5000.0__b77a5c561934e089system.dll</div>

<div>MOD - [2011/10/14 13:02:34 | 001,265,664 | ---- | M] () -- c:windowsassemblygacsystem.web1.0.5000.0__b03f5f7f11d50a3asystem.web.dll</div>

<div>MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:WINDOWSsystem32sbe.dll</div>

<div>MOD - [2010/03/03 11:08:41 | 002,236,416 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxCmpV.dll</div>

<div>MOD - [2010/03/03 11:08:41 | 001,396,736 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxCommonV.dll</div>

<div>MOD - [2010/03/03 11:08:41 | 000,868,352 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxBaseV.dll</div>

<div>MOD - [2010/03/03 11:08:41 | 000,847,872 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxXML2V.dll</div>

<div>MOD - [2010/03/03 11:08:41 | 000,782,336 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxImV.dll</div>

<div>MOD - [2010/03/03 11:08:41 | 000,688,128 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVPrintOnline.dll</div>

<div>MOD - [2010/03/03 11:08:41 | 000,528,384 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxProcV.dll</div>

<div>MOD - [2010/03/03 11:08:41 | 000,462,848 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxFFV.dll</div>

<div>MOD - [2010/03/03 11:08:41 | 000,237,568 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSpiffyExt.dll</div>

<div>MOD - [2010/03/03 11:08:41 | 000,155,648 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinSkinuxZipV.dll</div>

<div>MOD - [2010/03/03 11:08:41 | 000,143,360 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVPrintOnlineHelper40.dll</div>

<div>MOD - [2010/03/03 11:08:40 | 011,503,616 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinESSkin.esx</div>

<div>MOD - [2010/03/03 11:08:40 | 001,564,672 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinareaifdll.dll</div>

<div>MOD - [2010/03/03 11:08:40 | 000,761,856 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinESCliWicMDRW.esx</div>

<div>MOD - [2010/03/03 11:08:40 | 000,684,032 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinESEmail.esx</div>

<div>MOD - [2010/03/03 11:08:40 | 000,471,040 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinESCom.dll</div>

<div>MOD - [2010/03/03 11:08:40 | 000,406,016 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinKFx.dll</div>

<div>MOD - [2010/03/03 11:08:40 | 000,356,352 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinAtlas.dll</div>

<div>MOD - [2010/03/03 11:08:40 | 000,339,968 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVistaAdapter.esx</div>

<div>MOD - [2010/03/03 11:08:40 | 000,315,392 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVistaPrintOnline.esx</div>

<div>MOD - [2010/03/03 11:08:40 | 000,264,192 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinAppCore.dll</div>

<div>MOD - [2010/03/03 11:08:40 | 000,233,984 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVistaControls.esx</div>

<div>MOD - [2010/03/03 11:08:40 | 000,171,520 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinPcd.esx</div>

<div>MOD - [2010/03/03 11:08:40 | 000,152,576 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinIStorageMediaStore.esx</div>

<div>MOD - [2010/03/03 11:08:40 | 000,129,536 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinkpries40.dll</div>

<div>MOD - [2010/03/03 11:08:40 | 000,098,304 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinVistaCDBackup.esx</div>

<div>MOD - [2010/03/03 11:08:40 | 000,090,112 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinLocAcqMod.dll</div>

<div>MOD - [2010/03/03 11:08:40 | 000,084,480 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinUpdateChecker.esx</div>

<div>MOD - [2010/03/03 11:08:40 | 000,084,480 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinkeml40.dll</div>

<div>MOD - [2010/03/03 11:08:40 | 000,078,848 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinDXRawFormatHandler.esx</div>

<div>MOD - [2010/03/03 11:08:40 | 000,062,464 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinDibLibIP.dll</div>

<div>MOD - [2010/03/03 11:08:40 | 000,052,224 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinKPCDInterface.dll</div>

<div>MOD - [2010/03/03 11:08:40 | 000,044,544 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinLocCamBack.dll</div>

<div>MOD - [2010/03/03 11:08:40 | 000,010,240 | ---- | M] () -- C:Program FilesKodakKodak EasyShare softwarebinLocUpdateCheck.dll</div>

<div>MOD - [2010/02/09 17:35:19 | 000,052,224 | ---- | M] () -- C:Documents and SettingsHP_AdministratorApplication DataSUPERAntiSpyware.comSUPERAntiSpywareSDDLLSSD10005.dll</div>

<div>MOD - [2010/02/07 12:57:38 | 000,053,248 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILInkjet.Diagnostics4.2.7.7__5cc7ad8abd921325Inkjet.Diagnostics.dll</div>

<div>MOD - [2010/02/07 12:57:38 | 000,012,288 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILInkjet.Automation4.2.7.7__5cc7ad8abd921325Inkjet.Automation.dll</div>

<div>MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:WINDOWSsystem32quartz.dll</div>

<div>MOD - [2010/02/05 00:15:30 | 000,098,339 | ---- | M] () -- C:Program FilesUpdates from HP99723226.3.2.116-9972322ProgramFrExt.dll</div>

<div>MOD - [2010/02/05 00:15:29 | 000,151,589 | ---- | M] () -- C:Program FilesUpdates from HP99723226.3.2.116-9972322Programbwfiles.dll</div>

<div>MOD - [2010/02/05 00:15:28 | 000,061,496 | ---- | M] () -- C:Program FilesUpdates from HP99723226.3.2.116-9972322Programclntutil.dll</div>

<div>MOD - [2010/02/05 00:15:27 | 000,126,976 | ---- | M] () -- C:Program FilesUpdates from HP9972322ProgramHPClientExt.dll</div>

<div>MOD - [2010/02/04 23:24:29 | 001,339,392 | ---- | M] () -- c:windowsassemblygacsystem.xml1.0.5000.0__b77a5c561934e089system.xml.dll</div>

<div>MOD - [2010/02/04 23:24:28 | 002,052,096 | ---- | M] () -- c:windowsassemblygacsystem.windows.forms1.0.5000.0__b77a5c561934e089system.windows.forms.dll</div>

<div>MOD - [2010/02/04 23:24:28 | 000,466,944 | ---- | M] () -- c:windowsassemblygacsystem.drawing1.0.5000.0__b03f5f7f11d50a3asystem.drawing.dll</div>

<div>MOD - [2010/02/04 23:24:26 | 000,573,440 | ---- | M] () -- c:windowsassemblygacsystem.web.services1.0.5000.0__b03f5f7f11d50a3asystem.web.services.dll</div>

<div>MOD - [2009/06/29 15:14:36 | 000,012,288 | ---- | M] () -- C:Program FilesKodakAiOCenterLogger.dll</div>

<div>MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:WINDOWSsystem32msdmo.dll</div>

<div>MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:WINDOWSsystem32devenum.dll</div>

<div>MOD - [2005/08/02 19:19:16 | 000,050,176 | ---- | M] () -- C:WINDOWSarmcex.dll</div>

<div>MOD - [2005/03/15 18:17:28 | 000,204,800 | ---- | M] () -- c:Program FilesHPDigital ImagingbinHpqUtil.dll</div>

<div> </div>

<div> </div>

<div>========== Win32 Services (SafeList) ==========</div>

<div> </div>

<div>SRV - File not found [Disabled | Stopped] --  -- (HidServ)</div>

<div>SRV - [2011/12/04 09:29:49 | 000,855,904 | ---- | M] () [Auto | Running] -- C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe -- (vToolbarUpdater)</div>

<div>SRV - [2011/10/28 16:52:02 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:Program FilesLavasoftAd-AwareAAWService.exe -- (Lavasoft Ad-Aware Service)</div>

<div>SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:Program FilesAVGAVG2012AVGIDSAgent.exe -- (AVGIDSAgent)</div>

<div>SRV - [2011/09/01 08:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesAVGAVG10ToolbarToolbarBroker.exe -- (AVG Security Toolbar Service)</div>

<div>SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:Program FilesMcAfeeSiteAdvisorMcSACore.exe -- (McAfee SiteAdvisor Service)</div>

<div>SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:Program FilesAVGAVG2012avgwdsvc.exe -- (avgwd)</div>

<div>SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe -- (ACDaemon)</div>

<div>SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:Program FilesMcAfee Security Scan2.0.181McCHSvc.exe -- (McComponentHostService)</div>

<div>SRV - [2009/08/05 12:49:44 | 000,284,016 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:Program FilesKodakAiOCenterekdiscovery.exe -- (Kodak AiO Network Discovery Service)</div>

<div>SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe -- (YahooAUService)</div>

<div>SRV - [2005/08/02 19:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:WINDOWSarservice.exe -- (ARSVC)</div>

<div> </div>

<div> </div>

<div>========== Driver Services (SafeList) ==========</div>

<div> </div>

<div>DRV - [2011/10/28 16:52:04 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:WINDOWSsystem32DRIVERSLbd.sys -- (Lbd)</div>

<div>DRV - [2011/10/28 16:52:02 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:Program FilesLavasoftAd-Awarekernexplorer.sys -- (Lavasoft Kernexplorer)</div>

<div>DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:WINDOWSsystem32driversavgldx86.sys -- (Avgldx86)</div>

<div>DRV - [2011/10/04 05:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAVGIDSShim.sys -- (AVGIDSShim)</div>

<div>DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:WINDOWSsystem32DRIVERSavgrkx86.sys -- (Avgrkx86)</div>

<div>DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:WINDOWSsystem32driversavgmfx86.sys -- (Avgmfx86)</div>

<div>DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:WINDOWSsystem32driversavgtdix.sys -- (Avgtdix)</div>

<div>DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAVGIDSFilter.sys -- (AVGIDSFilter)</div>

<div>DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:WINDOWSsystem32DRIVERSAVGIDSEH.Sys -- (AVGIDSEH)</div>

<div>DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAVGIDSDriver.sys -- (AVGIDSDriver)</div>

<div>DRV - [2010/05/25 17:08:39 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSuperAntiSpywareSASKUTIL.SYS -- (SASKUTIL)</div>

<div>DRV - [2010/02/20 11:21:17 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSuperAntiSpywareSASDIFSV.SYS -- (SASDIFSV)</div>

<div>DRV - [2010/02/20 11:21:17 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:Program FilesSuperAntiSpywareSASENUM.SYS -- (SASENUM)</div>

<div>DRV - [2005/10/18 15:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)</div>

<div>DRV - [2005/09/23 15:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversAGRSM.sys -- (AgereSoftModem)</div>

<div>DRV - [2005/08/14 00:35:54 | 001,313,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversati2mtag.sys -- (ati2mtag)</div>

<div>DRV - [2005/07/04 02:30:34 | 000,026,624 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversPS2.sys -- (Ps2)</div>

<div>DRV - [2005/06/30 03:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:WINDOWSsystem32DRIVERSftsata2.sys -- (ftsata2)</div>

<div>DRV - [2005/03/04 13:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtlnicxp.sys -- (RTL8023xp)</div>

<div>DRV - [2004/08/04 08:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driverssisnic.sys -- (SISNIC)</div>

<div>DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversRTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)</div>

<div>DRV - [2003/11/05 17:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:WINDOWSsystem32DRIVERSbb-run.sys -- (bb-run)</div>

<div>DRV - [1997/07/08 00:54:00 | 000,199,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversONSIO.SYS -- (ONSIO)</div>

<div>DRV - [1997/06/27 18:01:44 | 000,044,032 | ---- | M] (OnSpec Electronic, Inc.) [Kernel | Boot | Stopped] -- C:WINDOWSSystem32driversSMPLSCSI.SYS -- (SMPLSCSI)</div>

<div>DRV - [1995/07/10 02:30:00 | 000,014,592 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:WINDOWSSystem32driversASPI32.SYS -- (ASPI32)</div>

<div> </div>

<div> </div>

<div>========== Standard Registry (SafeList) ==========</div>

<div> </div>

<div> </div>

<div>========== Internet Explorer ==========</div>

<div> </div>

<div>IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.h...38;bd=pavilion&pf=desktop<

<div> </div>

<div>IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://ie.redirect.h...38;bd=pavilion&pf=desktop<

<div>IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.yahoo.com/</div>

<div>IE - HKCU..URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)</div>

<div>IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0</div>

<div> </div>

<div>FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)</div>

<div>FF - HKLMSoftwareMozillaPlugins@mcafee.com/SAFFPlugin: C:Program FilesMcAfeeSiteAdvisornpmcffplg32.dll (McAfee, Inc.)</div>

<div>FF - HKLMSoftwareMozillaPlugins@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:Program FilesYahoo!SharednpYState.dll (Yahoo! Inc.)</div>

<div>FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)</div>

<div>FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)</div>

<div>FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=12.0.1.669: c:program filesrealrealplayerNetscape6nppl3260.dll (RealNetworks, Inc.)</div>

<div>FF - HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=12.0.1.669: c:program filesrealrealplayerNetscape6nprjplug.dll (RealNetworks, Inc.)</div>

<div>FF - HKLMSoftwareMozillaPlugins@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)</div>

<div>FF - HKLMSoftwareMozillaPlugins@real.com/nprphtml5videoshim;version=12.0.1.669: C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)</div>

<div>FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=12.0.1.669: c:program filesrealrealplayerNetscape6nprpjplug.dll (RealNetworks, Inc.)</div>

<div>FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=:  File not found</div>

<div>FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)</div>

<div>FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 9.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)</div>

<div>FF - HKCUSoftwareMozillaPlugins@yahoo.com/BrowserPlus,version=2.9.8: C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataYahoo!BrowserPlus2.9.8Pluginsnpybrowserplus_2.9.8.dll (Yahoo! Inc.)</div>

<div> </div>

<div>FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program FilesAVGAVG2012Firefox4 [2011/11/22 08:18:08 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginFirefoxExt [2011/10/14 09:14:20 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:Program FilesMcAfeeSiteAdvisor [2011/11/12 12:48:28 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsavg@toolbar: C:Documents and SettingsAll UsersApplication DataAVG Secure Search9.0.0.18 [2011/12/04 09:30:05 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINEsoftwaremozillaNetscape Browser 8.0.3.4ExtensionsComponents: C:Program FilesNetscapeNetscape BrowserComponents [2011/10/01 10:26:03 | 000,000,000 | ---D | M]</div>

<div>FF - HKEY_LOCAL_MACHINEsoftwaremozillaNetscape Browser 8.0.3.4ExtensionsPlugins: C:Program FilesNetscapeNetscape BrowserPlugins [2011/10/01 10:26:03 | 000,000,000 | ---D | M]</div>

<div> </div>

<div> </div>

<div>========== Chrome  ==========</div>

<div> </div>

<div>CHR - default_search_provider: Yahoo! Search (Enabled)</div>

<div>CHR - default_search_provider: search_url = http://us.yhs.search...8;p={searchTerms}</div>

<div>CHR - default_search_provider: suggest_url = </div>

<div>CHR - plugin: Shockwave Flash (Enabled) = C:Program FilesGoogleChromeApplication15.0.874.121gcswf32.dll</div>

<div>CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:Program FilesJavajre6binnew_pluginnpdeployJava1.dll</div>

<div>CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:Program FilesJavajre6binnew_pluginnpjp2.dll</div>

<div>CHR - plugin: Adobe Acrobat (Disabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll</div>

<div>CHR - plugin: Silverlight Plug-In (Enabled) = c:Program FilesMicrosoft Silverlight4.0.60531.0npctrl.dll</div>

<div>CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll</div>

<div>CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll</div>

<div>CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:program filesrealrealplayerNetscape6nppl3260.dll</div>

<div>CHR - plugin: RealPlayer Version Plugin (Enabled) = c:program filesrealrealplayerNetscape6nprpjplug.dll</div>

<div>CHR - plugin: Microsoftu00AE Windows Media Player Firefox Plugin (Enabled) = C:PFilesPluginsnp-mswmp.dll</div>

<div>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</div>

<div>CHR - plugin: Native Client (Enabled) = C:Program FilesGoogleChromeApplication15.0.874.121ppGoogleNaClPluginChrome.dll</div>

<div>CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program FilesGoogleChromeApplication15.0.874.121pdf.dll</div>

<div>CHR - plugin: McAfee SiteAdvisor (Enabled) = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfheoggkfdfchfphceeifdbepaooicaho3.40.135.1_0McChPlg.dll</div>

<div>CHR - plugin: McAfee SiteAdvisor (Enabled) = C:Program FilesMcAfeeSiteAdvisornpmcffplg32.dll</div>

<div>CHR - plugin: AVG Internet Security (Enabled) = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla10.0.0.1409_0plugins/avgnpss.dll</div>

<div>CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataYahoo!BrowserPlus2.9.8Pluginsnpybrowserplus_2.9.8.dll</div>

<div>CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.69npGoogleUpdate3.dll</div>

<div>CHR - plugin: Windows Presentation Foundation (Enabled) = c:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll</div>

<div>CHR - plugin: RealJukebox NS Plugin (Enabled) = c:program filesrealrealplayerNetscape6nprjplug.dll</div>

<div>CHR - plugin: Default Plug-in (Enabled) = default_plugin</div>

<div>CHR - Extension: Entanglement = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsaciahcmjmecflokailenpkdchphgkefd2.7.7_0</div>

<div>CHR - Extension: SiteAdvisor = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsfheoggkfdfchfphceeifdbepaooicaho3.40.135.1_0</div>

<div>CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.5_0</div>

<div>CHR - Extension: AVG Safe Search = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla12.0.0.1857_0</div>

<div>CHR - Extension: Poppit = C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsmcbkbpnkkkipelfledbfocopglifcfmi2.2_0</div>

<div> </div>

<div>O1 HOSTS File: ([2011/12/07 19:40:25 | 000,000,027 | ---- | M]) - C:WINDOWSsystem32driversetchosts</div>

<div>O1 - Hosts: 127.0.0.1       localhost</div>

<div>O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)</div>

<div>O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG2012avgssie.dll (AVG Technologies CZ, s.r.o.)</div>

<div>O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)</div>

<div>O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:Program FilesadawaretbadawareDx.dll ()</div>

<div>O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program FilesAVG Secure Search9.0.0.18AVG Secure Search_toolbar.dll ()</div>

<div>O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)</div>

<div>O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)</div>

<div>O3 - HKLM..Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)</div>

<div>O3 - HKLM..Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)</div>

<div>O3 - HKLM..Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:Program FilesadawaretbadawareDx.dll ()</div>

<div>O3 - HKLM..Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:Program FilesAVG Secure Search9.0.0.18AVG Secure Search_toolbar.dll ()</div>

<div>O3 - HKCU..ToolbarShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)</div>

<div>O3 - HKCU..ToolbarWebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)</div>

<div>O4 - HKLM..Run: [Ad-Aware Browsing Protection] C:Documents and SettingsAll UsersApplication DataAd-Aware Browsing Protectionadawarebp.exe (Lavasoft)</div>

<div>O4 - HKLM..Run: [AlwaysReady Power Message APP] C:WINDOWSarpwrmsg.exe (Microsoft)</div>

<div>O4 - HKLM..Run: [ArcSoft Connection Service] C:Program FilesCommon FilesArcSoftConnection ServiceBinACDaemon.exe (ArcSoft Inc.)</div>

<div>O4 - HKLM..Run: [AVG_TRAY] C:Program FilesAVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.)</div>

<div>O4 - HKLM..Run: [DISCover] C:Program FilesDISCDISCover.exe (Digital Interactive Systems Corporation)</div>

<div>O4 - HKLM..Run: [DiscUpdateManager] C:Program FilesDISCDISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)</div>

<div>O4 - HKLM..Run: [EEventManager] C:Program FilesepsonCreativity SuiteEvent ManagerEEventManager.exe (SEIKO EPSON CORPORATION)</div>

<div>O4 - HKLM..Run: [EKIJ5000StatusMonitor] C:WINDOWSsystem32spooldriversw32x863EKIJ5000MUI.exe (Eastman Kodak Company)</div>

<div>O4 - HKLM..Run: [HPBootOp] C:Program FilesHewlett-PackardHP Boot OptimizerHPBootOp.exe (Hewlett-Packard Company)</div>

<div>O4 - HKLM..Run: [HPHUPD08] c:Program FilesHPDigital Imaging{33D6CC28-9F75-4d1b-A11D-98895B3A3729}hphupd08.exe (Hewlett-Packard)</div>

<div>O4 - HKLM..Run: [sunJavaUpdateSched] C:Program FilesJavajre6binjusched.exe File not found</div>

<div>O4 - HKLM..Run: [vProt] C:Program FilesAVG Secure Searchvprot.exe ()</div>

<div>O4 - HKCU..Run: [sUPERAntiSpyware] C:Program FilesSuperAntiSpywareSUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)</div>

<div>O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupKodak EasyShare software.lnk = C:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe (Eastman Kodak Company)</div>

<div>O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupMcAfee Security Scan Plus.lnk = C:Program FilesMcAfee Security Scan2.0.181SSScheduler.exe (McAfee, Inc.)</div>

<div>O4 - Startup: C:Documents and SettingsAll UsersStart MenuProgramsStartupUpdates from HP.lnk = C:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe (Hewlett-Packard)</div>

<div>O6 - HKLMSoftwarePoliciesMicrosoftInternet Explorercontrol panel present</div>

<div>O6 - HKLMSoftwarePoliciesMicrosoftInternet Explorerrestrictions present</div>

<div>O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1</div>

<div>O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoCDBurning = 0</div>

<div>O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323</div>

<div>O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863</div>

<div>O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0</div>

<div>O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: InstallVisualStyle = C:WINDOWSResourcesThemesRoyaleRoyale.msstyles (Microsoft)</div>

<div>O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: InstallTheme = C:WINDOWSResourcesThemesRoyale.theme ()</div>

<div>O7 - HKCUSoftwarePoliciesMicrosoftInternet Explorercontrol panel present</div>

<div>O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 323</div>

<div>O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 67108863</div>

<div>O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0</div>

<div>O8 - Extra context menu item: &Google Search - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)</div>

<div>O8 - Extra context menu item: &Translate English Word - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)</div>

<div>O8 - Extra context menu item: Backward Links - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)</div>

<div>O8 - Extra context menu item: Cached Snapshot of Page - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)</div>

<div>O8 - Extra context menu item: Similar Pages - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)</div>

<div>O8 - Extra context menu item: Translate Page into English - C:Program FilesGoogleGoogleToolbar1.dll (Google Inc.)</div>

<div>O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre6binnpjpi160_29.dll (Sun Microsystems, Inc.)</div>

<div>O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:Program FilesBonjourExplorerPlugin.dll (Apple Inc.)</div>

<div>O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program FilesSpybot - Search & DestroySDHelper.dll (Safer Networking Limited)</div>

<div>O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSpchealthhelpctrVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm ()</div>

<div>O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:WINDOWSpchealthhelpctrVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm ()</div>

<div>O10 - NameSpace_Catalog5Catalog_Entries000000000004 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)</div>

<div>O15 - HKLM..Trusted Domains: trymedia.com ([]http in Trusted sites)</div>

<div>O15 - HKLM..Trusted Domains: trymedia.com ([]https in Trusted sites)</div>

<div>O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)</div>

<div>O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1265758861390 (MUWebControl Class)</div>

<div>O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)</div>

<div>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)</div>

<div>O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)</div>

<div>O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)</div>

<div>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)</div>

<div>O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)</div>

<div>O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)</div>

<div>O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 68.87.71.230 68.87.73.246</div>

<div>O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{10C638EA-26D8-4B3F-B541-D0F8EEDBE59F}: DhcpNameServer = 68.87.71.230 68.87.73.246</div>

<div>O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243</div>

<div>O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{D1981F4D-17A3-4E2A-9253-27159CB8DDC0}: DhcpNameServer = 192.168.0.1</div>

<div>O18 - ProtocolHandlerdssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)</div>

<div>O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG2012avgpp.dll (AVG Technologies CZ, s.r.o.)</div>

<div>O18 - ProtocolHandlersacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:Program FilesMcAfeeSiteAdvisorMcIEPlg.dll (McAfee, Inc.)</div>

<div>O18 - ProtocolHandlerviprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:Program FilesCommon FilesAVG Secure SearchViProtocolInstaller9.0.1ViProtocol.dll ()</div>

<div>O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WINDOWSexplorer.exe (Microsoft Corporation)</div>

<div>O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) -C:WINDOWSsystem32userinit.exe (Microsoft Corporation)</div>

<div>O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program FilesSuperAntiSpywareSASWINLO.dll) - C:Program FilesSuperAntiSpywareSASWINLO.dll (SUPERAntiSpyware.com)</div>

<div>O20 - WinlogonNotifyAtiExtEvent: DllName - (Ati2evxx.dll) - C:WINDOWSSystem32ati2evxx.dll (ATI Technologies Inc.)</div>

<div>O20 - WinlogonNotifyTPSvc: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found</div>

<div>O24 - Desktop WallPaper: C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataMicrosoftWallpaper1.bmp</div>

<div>O24 - Desktop BackupWallPaper: C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataMicrosoftWallpaper1.bmp</div>

<div>O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program FilesSuperAntiSpywareSASSEH.DLL (SuperAdBlocker.com)</div>

<div>O32 - HKLM CDRom: AutoRun - 1</div>

<div>O32 - AutoRun File - [2010/02/06 13:05:52 | 000,000,125 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ]</div>

<div>O32 - AutoRun File - [2001/07/27 14:07:38 | 000,000,000 | -HS- | M] () - D:AUTOEXEC.BAT -- [ FAT32 ]</div>

<div>O34 - HKLM BootExecute: (autocheck autochk *)</div>

<div>O34 - HKLM BootExecute: (C:PROGRA~1AVGAVG2012avgrsx.exe /sync /restart)</div>

<div>O35 - HKLM..comfile [open] -- "%1" %*</div>

<div>O35 - HKLM..exefile [open] -- "%1" %*</div>

<div>O37 - HKLM...com [@ = ComFile] -- "%1" %*</div>

<div>O37 - HKLM...exe [@ = exefile] -- "%1" %*</div>

<div>O37 - HKCU...exe [@ = exefile] -- Reg Error: Key error. File not found</div>

<div> </div>

<div>========== Files/Folders - Created Within 30 Days ==========</div>

<div> </div>

<div>[2011/12/09 12:13:26 | 000,000,000 | ---D | C] -- C:Program FilesESET</div>

<div>[2011/12/08 09:30:32 | 000,000,000 | -HSD | C] -- C:RECYCLER</div>

<div>[2011/12/07 18:40:37 | 000,000,000 | RHSD | C] -- C:cmdcons</div>

<div>[2011/12/07 18:35:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:WINDOWSSWREG.exe</div>

<div>[2011/12/07 18:35:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:WINDOWSSWSC.exe</div>

<div>[2011/12/07 18:35:27 | 000,212,480 | ---- | C] (SteelWerX) -- C:WINDOWSSWXCACLS.exe</div>

<div>[2011/12/07 18:35:27 | 000,060,416 | ---- | C] (NirSoft) -- C:WINDOWSNIRCMD.exe</div>

<div>[2011/12/07 18:31:36 | 000,000,000 | ---D | C] -- C:WINDOWSERDNT</div>

<div>[2011/12/07 18:31:04 | 000,000,000 | ---D | C] -- C:Qoobox</div>

<div>[2011/12/07 18:30:32 | 000,000,000 | R--D | C] -- C:Documents and SettingsHP_AdministratorStart MenuProgramsAdministrative Tools</div>

<div>[2011/12/07 18:28:37 | 004,331,784 | R--- | C] (Swearware) -- C:Documents and SettingsHP_AdministratorDesktopComboFix.exe</div>

<div>[2011/12/05 19:09:04 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorDesktopOTL.exe</div>

<div>[2011/12/04 16:56:08 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorApplication DataAVG Secure Search</div>

<div>[2011/12/04 09:29:53 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataAVG Secure Search</div>

<div>[2011/12/03 21:17:02 | 000,000,000 | ---D | C] -- C:N360_BACKUP</div>

<div>[2011/12/03 16:46:18 | 000,000,000 | ---D | C] -- C:Program FilesWindows Sidebar</div>

<div>[2011/12/03 16:45:36 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataNortonInstaller</div>

<div>[2011/12/03 16:45:34 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorMy DocumentsSymantec</div>

<div>[2011/12/03 16:40:33 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersDocumentsNorton</div>

<div>[2011/12/03 16:40:28 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataNorton</div>

<div>[2011/12/03 16:24:12 | 000,000,000 | ---D | C] -- C:Documents and SettingsLocalServiceLocal SettingsApplication DataID Vault</div>

<div>[2011/12/03 16:24:05 | 000,000,000 | ---D | C] -- C:Documents and SettingsLocalServiceApplication DataID Vault</div>

<div>[2011/12/03 16:11:20 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataIsolatedStorage</div>

<div>[2011/12/03 16:09:46 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataID Vault</div>

<div>[2011/12/03 16:08:17 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorApplication DataID Vault</div>

<div>[2011/12/03 16:05:34 | 000,000,000 | ---D | C] -- C:Program FilesConstant Guard Protection Suite</div>

<div>[2011/12/03 16:03:05 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataWhite Sky, Inc</div>

<div>[2011/11/25 13:28:38 | 000,000,000 | ---D | C] -- C:Documents and SettingsHP_AdministratorApplication DataHewlett-Packard</div>

<div>[2011/11/24 12:33:42 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:Documents and SettingsHP_AdministratorDesktopTDSSKiller.exe</div>

<div>[2011/11/15 14:43:41 | 000,000,000 | ---D | C] -- C:WINDOWSMinidump</div>

<div> </div>

<div>========== Files - Modified Within 30 Days ==========</div>

<div> </div>

<div>[2011/12/10 15:35:48 | 000,000,444 | -H-- | M] () -- C:WINDOWStasksUser_Feed_Synchronization-{14113E78-B761-4450-824B-C213608E3C5F}.job</div>

<div>[2011/12/10 15:11:00 | 000,000,906 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineUA.job</div>

<div>[2011/12/10 13:11:05 | 000,000,902 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineCore.job</div>

<div>[2011/12/10 08:39:10 | 111,777,817 | ---- | M] () -- C:WINDOWSSystem32driversAVGincavi.avm</div>

<div>[2011/12/10 01:46:46 | 000,000,064 | ---- | M] () -- C:WINDOWSSystem32rp_stats.dat</div>

<div>[2011/12/10 01:46:46 | 000,000,044 | ---- | M] () -- C:WINDOWSSystem32rp_rules.dat</div>

<div>[2011/12/10 01:46:40 | 000,000,486 | ---- | M] () -- C:WINDOWStasksAd-Aware Update (Weekly).job</div>

<div>[2011/12/10 00:43:33 | 000,000,300 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2169891929-1308194038-3238692466-1008.job</div>

<div>[2011/12/10 00:42:37 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat</div>

<div>[2011/12/10 00:42:30 | 1006,030,848 | -HS- | M] () -- C:hiberfil.sys</div>

<div>[2011/12/10 00:24:40 | 000,000,186 | ---- | M] () -- C:WINDOWSSystemhpsysdrv.DAT</div>

<div>[2011/12/08 18:38:32 | 000,282,032 | ---- | M] () -- C:WINDOWSSystem32driversAVGiavichjg.avm</div>

<div>[2011/12/08 07:21:05 | 000,000,284 | ---- | M] () -- C:WINDOWStasksAppleSoftwareUpdate.job</div>

<div>[2011/12/07 19:40:25 | 000,000,027 | ---- | M] () -- C:WINDOWSSystem32driversetchosts</div>

<div>[2011/12/07 18:40:59 | 000,000,325 | RHS- | M] () -- C:boot.ini</div>

<div>[2011/12/07 18:32:23 | 004,331,784 | R--- | M] (Swearware) -- C:Documents and SettingsHP_AdministratorDesktopComboFix.exe</div>

<div>[2011/12/07 10:27:26 | 000,000,308 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2169891929-1308194038-3238692466-1008.job</div>

<div>[2011/12/06 23:54:37 | 000,001,715 | ---- | M] () -- C:Documents and SettingsHP_AdministratorDesktopaswMBR.dat</div>

<div>[2011/12/06 16:34:03 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:Documents and SettingsHP_AdministratorDesktopTDSSKiller.exe</div>

<div>[2011/12/06 16:24:32 | 000,002,877 | ---- | M] () -- C:Documents and SettingsHP_AdministratorMy Documentskaitlins chocolate war essay KEEP PLEASE.rtf</div>

<div>[2011/12/05 20:35:29 | 000,302,592 | ---- | M] () -- C:Documents and SettingsHP_AdministratorDesktopgmer.exe</div>

<div>[2011/12/05 09:05:56 | 000,001,190 | ---- | M] () -- C:Documents and SettingsHP_AdministratorDesktopall</div>

<div>[2011/12/03 15:40:37 | 000,000,856 | ---- | M] () -- C:WINDOWSSystem32driverskgpcpy.cfg</div>

<div>[2011/12/03 14:06:01 | 000,000,943 | ---- | M] () -- C:WINDOWSWININIT.INI</div>

<div>[2011/12/02 11:23:13 | 000,000,494 | ---- | M] () -- C:Program FilesShortcut to STOPzilla!.lnk</div>

<div>[2011/11/25 13:41:42 | 000,004,608 | ---- | M] () -- C:Documents and SettingsHP_AdministratorLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</div>

<div>[2011/11/22 08:18:08 | 000,000,713 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopAVG 2012.lnk</div>

<div>[2011/11/20 15:47:31 | 000,000,851 | ---- | M] () -- C:WINDOWSUlead32.ini</div>

<div>[2011/11/18 19:13:43 | 000,001,824 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopGoogle Chrome.lnk</div>

<div>[2011/11/15 13:35:27 | 000,000,795 | ---- | M] () -- C:Documents and SettingsAll UsersDesktopMalwarebytes' Anti-Malware.lnk</div>

<div> </div>

<div>========== Files Created - No Company Name ==========</div>

<div> </div>

<div>[2011/12/07 18:35:27 | 000,256,000 | ---- | C] () -- C:WINDOWSPEV.exe</div>

<div>[2011/12/07 18:35:27 | 000,208,896 | ---- | C] () -- C:WINDOWSMBR.exe</div>

<div>[2011/12/07 18:35:27 | 000,098,816 | ---- | C] () -- C:WINDOWSsed.exe</div>

<div>[2011/12/07 18:35:27 | 000,080,412 | ---- | C] () -- C:WINDOWSgrep.exe</div>

<div>[2011/12/07 18:35:27 | 000,068,096 | ---- | C] () -- C:WINDOWSzip.exe</div>

<div>[2011/12/06 23:54:37 | 000,001,715 | ---- | C] () -- C:Documents and SettingsHP_AdministratorDesktopaswMBR.dat</div>

<div>[2011/12/06 16:24:32 | 000,002,877 | ---- | C] () -- C:Documents and SettingsHP_AdministratorMy Documentskaitlins chocolate war essay KEEP PLEASE.rtf</div>

<div>[2011/12/05 09:05:56 | 000,001,190 | ---- | C] () -- C:Documents and SettingsHP_AdministratorDesktopall</div>

<div>[2011/12/04 15:40:50 | 1006,030,848 | -HS- | C] () -- C:hiberfil.sys</div>

<div>[2011/12/03 16:16:51 | 000,275,896 | ---- | C] () -- C:Documents and SettingsLocalServiceLocal SettingsApplication DataFontCache3.0.0.0.dat</div>

<div>[2011/12/03 14:17:31 | 000,000,856 | ---- | C] () -- C:WINDOWSSystem32driverskgpcpy.cfg</div>

<div>[2011/12/02 11:23:13 | 000,000,494 | ---- | C] () -- C:Program FilesShortcut to STOPzilla!.lnk</div>

<div>[2011/04/28 22:41:52 | 000,000,064 | ---- | C] () -- C:WINDOWSSystem32rp_stats.dat</div>

<div>[2011/04/28 22:41:52 | 000,000,044 | ---- | C] () -- C:WINDOWSSystem32rp_rules.dat</div>

<div>[2010/07/22 16:20:03 | 000,000,029 | ---- | C] () -- C:WINDOWSDEBUGSM.INI</div>

<div>[2010/02/16 17:13:50 | 000,000,686 | ---- | C] () -- C:Documents and SettingsHP_AdministratorApplication Datawklnhst.dat</div>

<div>[2010/02/06 14:07:57 | 000,049,152 | ---- | C] () -- C:WINDOWSStiRegstEng.dll</div>

<div>[2010/02/06 13:36:35 | 000,073,220 | ---- | C] () -- C:WINDOWSSystem32EPPICPrinterDB.dat</div>

<div>[2010/02/06 13:36:35 | 000,001,137 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_ES.dat</div>

<div>[2010/02/06 13:36:35 | 000,001,130 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_FR.dat</div>

<div>[2010/02/06 13:36:35 | 000,001,130 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_CF.dat</div>

<div>[2010/02/06 13:36:35 | 000,001,104 | ---- | C] () -- C:WINDOWSSystem32EPPICPresetData_EN.dat</div>

<div>[2010/02/06 13:36:35 | 000,000,097 | ---- | C] () -- C:WINDOWSSystem32PICSDK.ini</div>

<div>[2010/02/06 13:36:34 | 000,031,053 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern131.dat</div>

<div>[2010/02/06 13:36:34 | 000,029,114 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern1.dat</div>

<div>[2010/02/06 13:36:34 | 000,027,417 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern121.dat</div>

<div>[2010/02/06 13:36:34 | 000,021,021 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern3.dat</div>

<div>[2010/02/06 13:36:34 | 000,015,670 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern5.dat</div>

<div>[2010/02/06 13:36:34 | 000,013,280 | ---- | C] () -- C:WINDOWSSystem32EPPICPattern2.dat</div>

<div>[2010/02/06

Edited by darkeyes
Link to comment
Share on other sites

ComboFix 11-12-10.01 - HP_Administrator 12/10/2011 16:16:29.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.298 [GMT -5:00]

Running from: c:documents and settingsHP_AdministratorDesktopComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:docume~1HP_ADM~1LOCALS~1TempIadHide5.dll

c:documents and settingsHP_AdministratorLocal SettingsTempIadHide5.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))

.

.

2011-12-09 17:13 . 2011-12-09 17:13 -------- d-----w- c:program filesESET

2011-12-04 21:56 . 2011-12-04 21:56 -------- d-----w- c:documents and settingsHP_AdministratorApplication DataAVG Secure Search

2011-12-04 14:29 . 2011-12-04 14:30 -------- d-----w- c:documents and settingsAll UsersApplication DataAVG Secure Search

2011-12-04 02:17 . 2011-12-04 02:17 -------- d-----w- C:N360_BACKUP

2011-12-03 21:46 . 2011-12-03 21:46 -------- d-----w- c:program filesWindows Sidebar

2011-12-03 21:40 . 2011-12-04 21:26 -------- d-----w- c:documents and settingsAll UsersApplication DataNorton

2011-12-03 21:24 . 2011-12-03 21:24 -------- d-----w- c:documents and settingsLocalServiceLocal SettingsApplication DataID Vault

2011-12-03 21:24 . 2011-12-03 21:24 -------- d-----w- c:documents and settingsLocalServiceApplication DataID Vault

2011-12-03 21:11 . 2011-12-03 21:11 -------- d-----w- c:documents and settingsAll UsersApplication DataIsolatedStorage

2011-12-03 21:09 . 2011-12-07 22:13 -------- d-----w- c:documents and settingsHP_AdministratorLocal SettingsApplication DataID Vault

2011-12-03 21:08 . 2011-12-07 22:13 -------- d-----w- c:documents and settingsHP_AdministratorApplication DataID Vault

2011-12-03 21:05 . 2011-12-07 22:16 -------- d-----w- c:program filesConstant Guard Protection Suite

2011-12-03 21:03 . 2011-12-03 21:03 -------- d-----w- c:documents and settingsAll UsersApplication DataWhite Sky, Inc

2011-11-25 18:28 . 2011-11-25 18:28 -------- d-----w- c:documents and settingsHP_AdministratorApplication DataHewlett-Packard

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-28 21:52 . 2010-02-05 05:20 64512 ----a-w- c:windowssystem32driversLbd.sys

2011-10-27 01:29 . 2011-06-20 22:29 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl

2011-10-10 14:22 . 2010-02-04 23:57 692736 ----a-w- c:windowssystem32inetcomm.dll

2011-10-07 10:23 . 2011-01-07 10:41 230608 ----a-w- c:windowssystem32driversavgldx86.sys

2011-10-04 10:21 . 2011-02-10 11:53 16720 ----a-w- c:windowssystem32driversAVGIDSShim.sys

2011-10-03 09:06 . 2011-04-30 02:25 472808 ----a-w- c:windowssystem32deployJava1.dll

2011-10-03 06:37 . 2011-12-09 14:26 73728 ----a-w- c:windowssystem32javacpl.cpl

2011-09-28 07:06 . 2010-02-04 23:55 599040 ----a-w- c:windowssystem32crypt32.dll

2011-09-26 15:41 . 2010-02-04 23:59 220160 ----a-w- c:windowssystem32oleacc.dll

2011-09-26 15:41 . 2008-07-29 23:59 611328 ----a-w- c:windowssystem32uiautomationcore.dll

2011-09-26 15:41 . 2010-02-04 23:59 20480 ----a-w- c:windowssystem32oleaccrc.dll

2011-09-13 10:30 . 2011-01-19 08:32 32592 ----a-w- c:windowssystem32driversavgrkx86.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-08_00.49.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-10 22:23 . 2011-12-10 22:23 16384 c:windowsTempPerflib_Perfdata_db4.dat

+ 2011-12-10 05:54 . 2011-12-10 05:54 16384 c:windowsTempPerflib_Perfdata_ac4.dat

+ 2011-12-10 22:09 . 2011-12-10 22:09 16384 c:windowsTempPerflib_Perfdata_918.dat

+ 2011-12-09 14:26 . 2011-10-03 09:06 157472 c:windowssystem32javaws.exe

- 2011-10-22 14:41 . 2011-10-03 09:06 157472 c:windowssystem32javaws.exe

+ 2011-12-09 14:26 . 2011-10-03 09:06 145184 c:windowssystem32javaw.exe

- 2011-10-22 14:41 . 2011-10-03 09:06 145184 c:windowssystem32javaw.exe

- 2011-10-22 14:41 . 2011-10-03 09:06 145184 c:windowssystem32java.exe

+ 2011-12-09 14:26 . 2011-10-03 09:06 145184 c:windowssystem32java.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE~Browser Helper Objects{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

2011-10-21 09:10 87440 ----a-w- c:program filesadawaretbadawareDx.dll

.

[HKEY_LOCAL_MACHINE~Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}]

2011-12-04 14:29 1547104 ----a-w- c:program filesAVG Secure Search9.0.0.18AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]

"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:program filesadawaretbadawareDx.dll" [2011-10-21 87440]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:program filesAVG Secure Search9.0.0.18AVG Secure Search_toolbar.dll" [2011-12-04 1547104]

.

[HKEY_CLASSES_ROOTclsid{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

.

[HKEY_CLASSES_ROOTclsid{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"SUPERAntiSpyware"="c:program filesSuperAntiSpywareSUPERAntiSpyware.exe" [2011-01-21 2424560]

"ctfmon.exe"="c:windowssystem32ctfmon.exe" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"ehTray"="c:windowsehomeehtray.exe" [2005-08-05 64512]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"HPHUPD08"="c:program filesHPDigital Imaging{33D6CC28-9F75-4d1b-A11D-98895B3A3729}hphupd08.exe" [2005-06-02 49152]

"DISCover"="c:program filesDISCDISCover.exe" [2005-09-27 1060864]

"DiscUpdateManager"="c:program filesDISCDiscUpdateMgr.exe" [2005-09-27 61440]

"HP Software Update"="c:program filesHPHP Software UpdateHPWuSchd2.exe" [2010-03-12 49208]

"EEventManager"="c:program filesEPSONCreativity SuiteEvent ManagerEEventManager.exe" [2005-04-08 102400]

"EKIJ5000StatusMonitor"="c:windowsSystem32spoolDRIVERSW32X863EKIJ5000MUI.exe" [2009-08-03 1626112]

"ArcSoft Connection Service"="c:program filesCommon FilesArcSoftConnection ServiceBinACDaemon.exe" [2010-10-28 207424]

"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2011-03-30 937920]

"AVG_TRAY"="c:program filesAVGAVG2012avgtray.exe" [2011-10-25 2415456]

"Ad-Aware Browsing Protection"="c:documents and settingsAll UsersApplication DataAd-Aware Browsing Protectionadawarebp.exe" [2011-10-21 198032]

"HPBootOp"="c:program filesHewlett-PackardHP Boot OptimizerHPBootOp.exe" [2005-09-21 1605740]

"vProt"="c:program filesAVG Secure Searchvprot.exe" [2011-12-04 827232]

.

c:documents and settingsAll UsersStart MenuProgramsStartup

HP Digital Imaging Monitor.lnk - c:program filesHPDigital Imagingbinhpqtra08.exe [2005-5-12 282624]

Kodak EasyShare software.lnk - c:program filesKodakKodak EasyShare softwarebinEasyShare.exe [2010-1-27 323584]

McAfee Security Scan Plus.lnk - c:program filesMcAfee Security Scan2.0.181SSScheduler.exe [2010-1-15 255536]

Updates from HP.lnk - c:program filesUpdates from HP9972322ProgramUpdates from HP.exe [2010-2-5 36903]

.

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSuperAntiSpywareSASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:program filesSuperAntiSpywareSASWINLO.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyTPSvc]

[bU]

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~1AVGAVG2012avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalLavasoft Ad-Aware Service]

@="Service"

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%system32sessmgr.exe"=

"c:Program FilesHPDigital Imagingbinhpqtra08.exe"=

"c:Program FilesHPDigital Imagingbinhpqste08.exe"=

"c:Program FilesHPDigital Imagingbinhpofxm08.exe"=

"c:Program FilesHPDigital Imagingbinhposfx08.exe"=

"c:Program FilesHPDigital Imagingbinhposid01.exe"=

"c:Program FilesHPDigital Imagingbinhpqscnvw.exe"=

"c:Program FilesHPDigital Imagingbinhpqkygrp.exe"=

"c:Program FilesHPDigital ImagingbinhpqCopy.exe"=

"c:Program FilesHPDigital Imagingbinhpfccopy.exe"=

"c:Program FilesHPDigital Imagingbinhpzwiz01.exe"=

"c:Program FilesHPDigital ImagingUnloadHpqPhUnl.exe"=

"c:Program FilesHPDigital ImagingUnloadHpqDIA.exe"=

"c:Program FilesHPDigital Imagingbinhpoews01.exe"=

"c:Program FilesDISCDISCover.exe"=

"c:Program FilesDISCDiscStreamHub.exe"=

"c:Program FilesDISCmyFTP.exe"=

"c:Program FilesUpdates from HP9972322ProgramUpdates from HP.exe"=

"c:Program FilesBonjourmDNSResponder.exe"=

"c:Program FilesKodakAiOCenterAiOHomeCenter.exe"=

"c:Program FilesKodakAiOCenterKodak.Statistics.exe"=

"c:Program FilesKodakAiOCenterNetworkPrinterDiscovery.exe"=

"c:Program FilesKodakAiOFirmwareKodakAiOUpdater.exe"=

"c:Documents and SettingsAll UsersApplication DataKodakInstallerSetup.exe"=

"c:Program FilesMessengermsmsgs.exe"=

"c:Program FilesKodakKodak EasyShare softwarebinEasyShare.exe"=

"%windir%Network Diagnosticxpnetdiag.exe"=

"c:Program FilesYahoo!MessengerYahooMessenger.exe"=

"c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe"=

"c:Program FilesAVGAVG2012avgmfapx.exe"=

"c:Program FilesadawaretbdtUser.exe"=

"c:Program FilesAVGAVG2012avgnsx.exe"=

"c:Program FilesAVGAVG2012avgdiagex.exe"=

"c:Program FilesAVGAVG2012avgemcx.exe"=

.

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]

"9322:TCP"= 9322:TCP:EKDiscovery

.

R0 AVGIDSEH;AVGIDSEH;c:windowssystem32driversAVGIDSEH.sys [2/22/2011 7:13 AM 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [1/19/2011 3:32 AM 32592]

R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2/5/2010 12:20 AM 64512]

R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [1/7/2011 5:41 AM 230608]

R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [2/10/2011 6:54 AM 295248]

R1 SASDIFSV;SASDIFSV;c:program filesSuperAntiSpywareSASDIFSV.SYS [1/5/2010 7:56 AM 12872]

R1 SASKUTIL;SASKUTIL;c:program filesSuperAntiSpywareSASKUTIL.SYS [1/5/2010 7:56 AM 67656]

R2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2012AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]

R2 avgwd;AVG WatchDog;c:program filesAVGAVG2012avgwdsvc.exe [8/2/2011 5:09 AM 192776]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:program filesKodakAiOCenterekdiscovery.exe [8/5/2009 12:49 PM 284016]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program filesLavasoftAd-AwareAAWService.exe [10/28/2011 4:52 PM 2152152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:progra~1mcafeeSITEAD~1mcsacore.exe [12/27/2010 2:33 PM 94880]

R2 vToolbarUpdater;vToolbarUpdater;c:program filesCommon FilesAVG Secure SearchvToolbarUpdater9.0.1ToolbarUpdater.exe [12/4/2011 9:29 AM 855904]

R3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversAVGIDSDriver.sys [3/30/2011 4:17 PM 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32driversAVGIDSFilter.sys [2/10/2011 6:53 AM 24272]

R3 AVGIDSShim;AVGIDSShim;c:windowssystem32driversAVGIDSShim.sys [2/10/2011 6:53 AM 16720]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:program filesLavasoftAd-Awarekernexplorer.sys [10/28/2011 4:52 PM 15232]

S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [3/7/2010 6:09 PM 135664]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:program filesAVGAVG10ToolbarToolbarBroker.exe [4/29/2011 12:25 AM 1025352]

S3 gupdatem;Google Update Service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [3/7/2010 6:09 PM 135664]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:program filesMcAfee Security Scan2.0.181McCHSvc.exe [1/15/2010 7:49 AM 227232]

S3 SASENUM;SASENUM;c:program filesSuperAntiSpywareSASENUM.SYS [1/5/2010 7:56 AM 12872]

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-10 c:windowsTasksAd-Aware Update (Weekly).job

- c:program filesLavasoftAd-AwareAd-AwareAdmin.exe [2011-10-28 21:52]

.

2011-12-08 c:windowsTasksAppleSoftwareUpdate.job

- c:program filesApple Software UpdateSoftwareUpdate.exe [2011-06-01 21:57]

.

2010-04-06 c:windowsTasksEasy Internet Sign-up.job

- c:program filesHewlett-PackardSDPHPSdpApp.exe [2005-09-08 20:23]

.

2011-12-10 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-07 23:09]

.

2011-12-10 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program filesGoogleUpdateGoogleUpdate.exe [2010-03-07 23:09]

.

2011-12-10 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-2169891929-1308194038-3238692466-1008.job

- c:program filesRealRealUpgraderealupgrade.exe [2011-09-27 17:40]

.

2011-12-07 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-2169891929-1308194038-3238692466-1008.job

- c:program filesRealRealUpgraderealupgrade.exe [2011-09-27 17:40]

.

2011-12-10 c:windowsTasksUser_Feed_Synchronization-{14113E78-B761-4450-824B-C213608E3C5F}.job

- c:windowssystem32msfeedssync.exe [2009-03-08 08:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

IE: &Google Search - c:program filesGoogleGoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:program filesGoogleGoogleToolbar1.dll/cmwordtrans.html

IE: Backward Links - c:program filesGoogleGoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:program filesGoogleGoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:progra~1MICROS~4OFFICE11EXCEL.EXE/3000

IE: Similar Pages - c:program filesGoogleGoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:program filesGoogleGoogleToolbar1.dll/cmtrans.html

Trusted Zone: trymedia.com

TCP: DhcpNameServer = 68.87.71.230 68.87.73.246

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:program filesCommon FilesAVG Secure SearchViProtocolInstaller9.0.1ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SunJavaUpdateSched - c:program filesJavajre6binjusched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-10 17:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERSS-1-5-21-2169891929-1308194038-3238692466-1008SoftwareMicrosoftSystemCertificatesAddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1116)

c:program filesSuperAntiSpywareSASWINLO.dll

c:windowssystem32WININET.dll

c:windowssystem32Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(1244)

c:windowssystem32WININET.dll

c:documents and settingsAll UsersApplication DataAd-Aware Browsing Protectionadawarebp.dll

c:progra~1mcafeeSITEAD~1saHook.dll

c:windowssystem32ieframe.dll

c:windowssystem32webcheck.dll

c:windowssystem32WPDShServiceObj.dll

c:windowssystem32PortableDeviceTypes.dll

c:windowssystem32PortableDeviceApi.dll

c:program filesCommon FilesAdobeAcrobatActiveXPDFShell.dll

c:windowsWinSxSx86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86MSVCR80.dll

.

------------------------ Other Running Processes ------------------------

.

c:progra~1AVGAVG2012avgrsx.exe

c:program filesAVGAVG2012avgcsrvx.exe

c:windowssystem32Ati2evxx.exe

c:windowssystem32Ati2evxx.exe

c:program filesCommon FilesArcSoftConnection ServiceBinACService.exe

c:windowsarservice.exe

c:program filesBonjourmDNSResponder.exe

c:windowseHomeehRecvr.exe

c:windowseHomeehSched.exe

c:program filesAVGAVG2012avgnsx.exe

c:program filesJavajre6binjqs.exe

c:program filesCommon FilesLightScribeLSSrvc.exe

c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE

c:windowsSystem32spoolDRIVERSW32X863HPZIPM12.EXE

c:program filesYahoo!SoftwareUpdateYahooAUService.exe

c:windowsehomemcrdsvc.exe

c:windowsARPWRMSG.EXE

c:windowssystem32rundll32.exe

c:windowssystem32wbemunsecapp.exe

c:windowseHomeehmsas.exe

c:program filesDISCDiscGui.exe

c:program filesLavasoftAd-AwareAAWTray.exe

c:hpKBDKBD.EXE

c:program filesDISCDiscStreamHub.exe

c:windowsRTHDCPL.EXE

c:program filesATI TechnologiesATI Control Panelatiptaxx.exe

.

**************************************************************************

.

Completion time: 2011-12-10 17:54:19 - machine was rebooted

ComboFix-quarantined-files.txt 2011-12-10 22:53

ComboFix2.txt 2011-12-08 01:19

.

Pre-Run: 212,818,583,552 bytes free

Post-Run: 212,817,760,256 bytes free

.

- - End Of File - - 98D174520C8856010B6EFD8F43006E0C

Link to comment
Share on other sites

JonTom here is the Security Scan, I will check back in here in a little while for any of your replys and JonTom I thank you so much for helping me out!

 

 

Results of screen317's Security Check version 0.99.28

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

AVG 2012

ESET Online Scanner v3

McAfee Security Scan Plus

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Ad-Aware

Malwarebytes' Anti-Malware

Java 6 Update 29

Adobe Reader 9 Adobe Reader out of date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

``````````End of Log````````````

Link to comment
Share on other sites

Hello darkeyes

 

machine did not restart itself so I copied and pasted the results of the log

That is a new OTL scan log. I needed to see the OTL fix log (the log that should have appeared after you pasted the script into OTL and clicked the "Run Fix" button).

 

Are you sure you clicked on "Run Fix" and not on "Run Scan"?

 

You mentioned multiple instances of chrome.exe running in task manager.

 

Please check to see if there are any chrome.exe processes running when your chrome browser is closed. If you find any, please let me know.

 

Also, besides the slow boot/shutdown issues, please let me know if the machine is being redirected and any other symptoms that remain (I'm trying to rule out a few things before we continue so the more information you provide about the symptoms, the better :) ).

Link to comment
Share on other sites

well it is very possible that I may have hit Run Scan instead of Run Fix. Sorry, I will do it again and post a new log. Thank you!

 

 

I just opened the Chrome browser and then brought up the task manager and it is showing 9 (nine) chrome.exe in there. Then at times my computer will start making a kind of whining noise and it sounds like something is running really fast. That is what made me take a look at the Task Manager in the first place. If this means anything, some of the Chrome's are showing Mem Usage at over 46,000??

Link to comment
Share on other sites

Hi again Jon Tom,

 

Ran the scan again, the right way this time....when the scan finished running the computer rebooted itself and it took a very long time again to boot. There was no results log to post here??? Nothing showed up after the reboot. While rebooting the computer started to "race" again several different times. I don't know why it is doing this?

 

Just opened chrome browser........it was slowwwwwww to open got a box saying page was unresponsive, with a choice to "wait" or "kill pages", also a message popped up near the address bar saying google chrome didn't shut down properly, with a Restore button. Also when I was waiting for chrome to open, I noticed by the start button "waiting for i.ying" or something like that. It only showed for a second or two. I don't know if that means anything.

 

Checking Task Manager again and there are now 10 chromes running. There are several svhost.exe also running actually 8 are showing. Thank you again!

Link to comment
Share on other sites

I found the log..... :huh:

 

 

All processes killed

========== OTL ==========

No active process named explorer.exe was found!

Registry key HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftInternet Explorercontrol panel deleted successfully.

Registry key HKEY_LOCAL_MACHINESoftwarePoliciesMicrosoftInternet Explorerrestrictions deleted successfully.

Registry key HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet Explorercontrol panel deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainstrymedia.com deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainstrymedia.com not found.

========== COMMANDS ==========

C:WINDOWSSystem32driversetcHosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: HP_Administrator

->Temp folder emptied: 12891 bytes

->Temporary Internet Files folder emptied: 5936058 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 20362163 bytes

->Flash cache emptied: 343 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32835 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32dllcache .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6469552 bytes

%systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 0 bytes

%systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 31.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: HP_Administrator

->Flash cache emptied: 0 bytes

 

User: LocalService

->Flash cache emptied: 0 bytes

 

User: NetworkService

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 12102011_223308

Link to comment
Share on other sites

Hello darkeyes

 

Thank you for the log (it looks fine).

 

There are several svhost.exe also running actually 8 are showing

Are you sure it says svhost? Multiple instances of svchost (notice the extra "C") is normal.

 

As for the multiple chrome.exe's running, there will be one for each tab you have open and one for each Add-On that you have installed.

 

However, I would like to rule out the possibility that there may be something wrong with your system MBR.

 

In order to do this, I would like to analyse a copy of your MBR obtained from outside of the normal windows environment.

 

 

Please read through all of the instructions carefully before doing anything.

 

Once you have read them, take your time with each step. If you have any questions just come back and ask. There is no rush.

  • xPUD

     

    We will need a USB stick and access to an uninfected machine.

     

    We need to prepare the USB stick. It is not absolutely essential that it is formatted, but it may help if it is:

  • Insert your USB drive ino the uninfected machine.
  • Click on Start > My Computer > right click your USB drive > choose Format > Quick format.

Next

 

  • Download both http://sourceforge.n...87.exe/download and http://noahdfear.net.../xpud-0.9.2.iso to the desktop of the uninfected machine.
  • Make sure you have the formatted USB stick in the uninfected system.
  • Double click on the unetbootin-xpud-windows-387.exe that you just downloaded.
  • Press Run and then OK.
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded.
  • Verify the correct drive letter is selected for your USB device then click OK.
  • It will install a little bootable OS on your USB device
  • After it has completed do not choose to reboot the clean computer, simply close the installer.
Next

 

Next

 

  • Take the USB to the infected computer and boot with it.
  • The computer must be set to boot from the USB (as soon as BIOS is loaded tap F12 and choose to boot from the USB drive).
  • A Welcome to xPUD screen will appear.
  • Press File.
  • Expand mnt.
  • sda1,2...usually corresponds to your HDD.
  • sdb1 is likely your USB drive.
  • Click on the folder that represents your USB drive (sdb1 ?).
  • Confirm that you see dumpit that you downloaded there.
  • Double click on dumpit.
  • Once completed, a file called mbr.zip will be saved to the USB drive.
  • Take the USB drive back to the uninfected system and attach the mbr.zip in your next reply.

If you encounter any difficulties just let me know.

Link to comment
Share on other sites

"The computer must be set to boot from the USB (as soon as BIOS is loaded tap F12 and choose to boot from the USB drive)."

 

JonTom

 

Did most of the above until it came down to ...see above. My computer does not offer this option. I may need to update my Bios? And I have no clue on how this is done. Thank you!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...