Privacy protection messed up my computer

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

4 Pages
←
1
2
3
4
→

You cannot start a new topic
This topic is locked

Privacy protection messed up my computer Virus

#16 nurpzilla

Member

Group: Members
Posts: 23
Joined: 05-January 12

Posted 30 January 2012 - 03:45 PM

ok I will run the AVg remover than trry the combo fix and see what happens

#17 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 30 January 2012 - 07:02 PM

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#18 nurpzilla

Member

Group: Members
Posts: 23
Joined: 05-January 12

Posted 31 January 2012 - 07:14 AM

OK so I ran the AVG removal, and then tried combofix, that did not work. So I did the removal again and restarted my computer and then ran combofix, this time it did not tell me that AVG was running, but another box poppep up about the combofix and something to the matter of it being outdate and may not run properly, I hit yes to continue and it did nothing, combofix went off my screen. I tried to put it back on again from my drive where I have been downloading things and it would not come up anymore or work. I ran the AVG removal again and then tried the same steps but it would not work.
I am figuring by me hitting yes instead of no that it wiped that out. I am not sure if we were heading down the right path but I think that by me hitting yes it screwed things up.

I ran the system look again and have attached it, let me know how we should proceed next.

Thanks

Attached File(s)

SystemLook.txt (127.96K)
Number of downloads: 2

#19 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 31 January 2012 - 08:08 PM

It's easily dealt with. The Combofix copy is now out of date so uninstall it

Uninstall ComboFix

Remove Combofix now that we're done with it.

Disable any realtime antivirus or antispyware programs.
Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
(For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
Please follow the prompts to uninstall Combofix.
You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything associated with it.

Then redownload the latest version from one of the links below and try it again. Post the log when it's created

Please download ComboFix from one of these locations:

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#20 nurpzilla

Member

Group: Members
Posts: 23
Joined: 05-January 12

Posted 02 February 2012 - 07:08 AM

alright I ran the uninstall and it said that there was no combofix on my computer. I ran the AVG removal again, restarted then ran the new combofix on my computer. Computer still told me that AVG was active at that time.

I ran the AVG removal again, restarted and tried it again, same thing.

I am not sure what is going on but for some reason it is not working. I am not sure by me hitting that yes button on that box that popped up when the Combofix was running did not hurt the computer more.

Please let me know where we should go from here.

Thank you

#21 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 02 February 2012 - 06:11 PM

We'll try and remove the AVG elements now.

Backup Your Registry with ERUNT

Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
For version with the Installer:
Use the setup program to install ERUNT on your computer
For the zipped version:
Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTM script

Please download OTM by OldTimer and save it to your desktop.
Double click the icon on your desktop.

Paste the following code under the Posted Image

area.

:Files
C:\Documents and Settings\All Users\Application Data\AVG2012	
C:\Documents and Settings\All Users\Application Data\avg9
C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012	
C:\Documents and Settings\HP_Administrator\Application Data\AVG2012	
C:\Program Files\AVG	
C:\Program Files\Common Files\AVG Secure Search

Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Post the OTM log.

Give the Combofix another go now. If that fails please rerun SystemLook again and attach it.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#22 nurpzilla

Member

Group: Members
Posts: 23
Joined: 05-January 12

Posted 03 February 2012 - 08:38 AM

Will do this weekend and get back to you no later than Monday, thanks again

#23 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 03 February 2012 - 08:43 PM

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#24 nurpzilla

Member

Group: Members
Posts: 23
Joined: 05-January 12

Posted 06 February 2012 - 06:07 PM

alright so I did the registry thing than ran the OTM, I have attached the log, tried to do combofix (did not restart after OTM) and it told me that AVG was still running. Attached System look as well.

Thanks,

Attached File(s)

SystemLook1.txt (147.43K)
Number of downloads: 1
otmlog.txt (7.61K)
Number of downloads: 0

#25 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 06 February 2012 - 06:51 PM

AVG is a great antivirus but this is really counterproductive.

Can you run OTM again

Backup Your Registry with ERUNT

Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
For version with the Installer:
Use the setup program to install ERUNT on your computer
For the zipped version:
Unzip all the files into a folder of your choice.

Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTM script

Please download OTM by OldTimer and save it to your desktop.
Double click the icon on your desktop.

Paste the following code under the Posted Image

area.

:Files
C:\Documents and Settings\All Users\Application Data\MFAData	
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@avgtechnologies.112.2o7[1].txt	
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@avgtechnologies.112.2o7[2].txt	
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@avg[2].txt	
C:\Documents and Settings\HP_Administrator\Desktop\avgremover.exe	
C:\Documents and Settings\HP_Administrator\Desktop\avgremover.log	
C:\Documents and Settings\HP_Administrator\Desktop\avg_free_stb_all_2012_1869_cnet.exe	
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\BD8EZDV6\www.avg[1].xml	
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EBJR6H4V\forums.avg[1].xml	
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EBJR6H4V\free.avg[1].xml
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EBJR6H4V\isearch.avg[1].xml	
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EBJR6H4V\myaccount.avg[1].xml	
C:\Documents and Settings\HP_Administrator\Recent\AVG Secure Search.lnk
C:\Documents and Settings\HP_Administrator\Recent\AVG10.lnk	
C:\Documents and Settings\HP_Administrator\Recent\avgfree_zt.lnk
C:\Documents and Settings\HP_Administrator\Recent\avgremover.lnk
C:\Program Files\AVG
C:\WINDOWS\Prefetch\AVGCMGR.EXE-3B0FF4AD.pf
C:\WINDOWS\Prefetch\AVGREMOVER.EXE-1B9624F6.pf
C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012	
:Commands
[Reboot]

Push the large button.
OTM may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Post the OTM log.

Then please do the same, run Combofix and this that fails then run SystemLook again and let's see what's left.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#26 nurpzilla

Member

Group: Members
Posts: 23
Joined: 05-January 12

Posted 06 February 2012 - 08:57 PM

alright I backed up the registry again. Ran OTM per your instructions. It rebooted. Ran Combo fix again, same thing, said I was still running the AVG.

I have attached the OTM lot and the system look

SystemLook 30.07.11 by jpshortstuff
Log created at 20:48 on 06/02/2012 by HP_Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "*avg*"
C:\Program Files\Quicken\dllapps_savgol.dll --a---- 38400 bytes [05:07 15/01/2005] [05:07 15/01/2005] 688D2284AE518752026E12BEB40BCF69
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcfg.log --a---- 356324 bytes [22:55 19/10/2011] [23:01 05/01/2012] 67D9E3F10D46C61DB5F743BCADE37B3B
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcfg.log.lock --a---- 0 bytes [22:55 19/10/2011] [00:59 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjw.log --a---- 855648 bytes [22:55 19/10/2011] [00:13 05/01/2012] C92BE70636AD89AE60365507F2FD1E64
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjw.log.1 --a---- 1024130 bytes [22:55 19/10/2011] [17:23 29/12/2011] FB4E34121B0157737CFCA80FE7A568F2
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjw.log.10 --a---- 1024186 bytes [22:55 19/10/2011] [19:44 22/10/2011] CE68F3340C498C37BCC5BD618F925BEA
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjw.log.2 --a---- 1024310 bytes [22:55 19/10/2011] [08:19 21/11/2011] 2A6152278624B0885DDE4BCEE3F6B84D
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjw.log.3 --a---- 1024272 bytes [22:55 19/10/2011] [00:04 19/11/2011] 20FBEA20E741AB15AA80294655E9979E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjw.log.4 --a---- 1024210 bytes [22:55 19/10/2011] [21:14 08/11/2011] 497B7FB2FB00E8414BFC239EDD61069E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjw.log.5 --a---- 1024238 bytes [22:55 19/10/2011] [12:11 04/11/2011] 67B9691C7B99FAB2A15215BE220E7964
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjw.log.6 --a---- 1024322 bytes [22:55 19/10/2011] [12:11 04/11/2011] A9C0D3934E2539771D40B269099608C4
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjw.log.7 --a---- 1024240 bytes [22:55 19/10/2011] [21:43 02/11/2011] 434591147DD2E72CD9A3A464510FCC3F
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjw.log.8 --a---- 1024098 bytes [22:55 19/10/2011] [14:36 30/10/2011] 80C677C0F4EE6DCEB74DC8E29B967E2D
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjw.log.9 --a---- 1024076 bytes [22:55 19/10/2011] [06:07 26/10/2011] 610C789A309E27736A7D3BA4A3781445
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjw.log.lock --a---- 0 bytes [22:55 19/10/2011] [00:59 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjwsrv.log --a---- 748102 bytes [22:55 19/10/2011] [00:14 05/01/2012] 9754A979D93D340842220E17CCF0CB5F
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjwsrv.log.1 --a---- 1024170 bytes [22:55 19/10/2011] [17:33 22/11/2011] D8A9DD8061F19B9C65F628969D0C36A6
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjwsrv.log.2 --a---- 1024756 bytes [22:55 19/10/2011] [05:33 18/11/2011] A4D38FB1A730D7A105CD856F4FE3DF6E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjwsrv.log.3 --a---- 1024504 bytes [22:55 19/10/2011] [13:54 25/10/2011] CB29F57EA8ABE5B217AAAE42E89AF76B
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjwsrv.log.4 --a---- 1024474 bytes [22:55 19/10/2011] [23:26 11/09/2011] 49DE411A99AB21D002A19D859BBEEA07
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjwsrv.log.5 --a---- 1024872 bytes [22:55 19/10/2011] [07:25 13/07/2011] 6D5B7C1E36E0AA98C6A69A45A85A85F0
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjwsrv.log.6 --a---- 1024146 bytes [22:55 19/10/2011] [13:55 27/05/2011] 21E11570B1D57E9C889401449A0C65B4
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjwsrv.log.7 --a---- 1025190 bytes [22:55 19/10/2011] [16:00 06/04/2011] 849F5E82CEA4A9D476A29B46A987395F
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjwsrv.log.8 --a---- 1024832 bytes [22:55 19/10/2011] [08:23 10/02/2011] DF24FD84643FABE5448D383B1FD784CB
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjwsrv.log.9 --a---- 1024356 bytes [22:55 19/10/2011] [13:57 21/12/2010] A6239F7668225AA5B4DE9C41245E2FDF
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgchjwsrv.log.lock --a---- 0 bytes [22:55 19/10/2011] [00:59 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcore.log --a---- 536042 bytes [22:55 19/10/2011] [23:01 05/01/2012] B6BA72A022B5A1DFE26B144CA63F4D30
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcore.log.1 --a---- 1024490 bytes [22:55 19/10/2011] [16:17 30/12/2011] 6B4ABD2232A6BABF0C23ECD6EF5CD01A
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcore.log.10 --a---- 1024608 bytes [22:55 19/10/2011] [10:33 03/11/2011] D204A57A5C52471D1E4B636AF415E9F2
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcore.log.2 --a---- 1024690 bytes [22:55 19/10/2011] [02:24 21/11/2011] 291FD34E0A4737DD3334B6554A56FD93
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcore.log.3 --a---- 1024496 bytes [22:55 19/10/2011] [02:14 18/11/2011] 91B11E5FD99B6968DA62A86F6A257B60
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcore.log.4 --a---- 1024206 bytes [22:55 19/10/2011] [03:13 09/11/2011] DE647A801684629A8A6090D60DB419AD
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcore.log.5 --a---- 1025342 bytes [22:55 19/10/2011] [14:27 05/11/2011] C4D2560688AF78F7516417F05D5526EC
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcore.log.6 --a---- 1025776 bytes [22:55 19/10/2011] [14:23 05/11/2011] 25B07A799566AA03A8622C01FB56F3BD
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcore.log.7 --a---- 1024922 bytes [22:55 19/10/2011] [14:38 05/11/2011] 95D8D3FDB60E7157235F0DCBF93F24F3
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcore.log.8 --a---- 1024126 bytes [22:55 19/10/2011] [14:05 05/11/2011] CDFF621B39B535E0E89E348246E20ACA
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcore.log.9 --a---- 1025298 bytes [22:55 19/10/2011] [22:51 04/11/2011] 21B37F8863F84BD9B0B7D428F6CB9DAE
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcore.log.lock --a---- 0 bytes [22:55 19/10/2011] [01:00 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcsl.log --a---- 5134256 bytes [22:55 19/10/2011] [00:20 05/01/2012] CF3029DF6EB17C73527A97258405BCEF
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcsl.log.1 --a---- 10240198 bytes [22:55 19/10/2011] [05:21 08/09/2011] DE814D10EBEF893985899D95DD680787
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcsl.log.2 --a---- 10240268 bytes [22:55 19/10/2011] [12:58 02/04/2011] A6D1BE2A828E9D6C04B548219667C004
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgcsl.log.lock --a---- 0 bytes [22:55 19/10/2011] [01:00 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgdecider.log --a---- 380036 bytes [00:55 20/10/2011] [14:31 05/11/2011] 937ED19149B67416E92D536DC75486D4
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgdecider.log.lock --a---- 0 bytes [00:55 20/10/2011] [00:55 20/10/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgdiagex.log --a---- 422034 bytes [22:55 19/10/2011] [22:58 05/01/2012] FF4563B409EEF14B58886DCE13A11526
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgdiagex.log.lock --a---- 0 bytes [22:55 19/10/2011] [12:59 17/05/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgemc.log --a---- 56150 bytes [22:55 19/10/2011] [14:19 28/12/2010] ABEAF6C68EC577A03EB206273A1318D7
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgemc.log.lock --a---- 0 bytes [22:55 19/10/2011] [01:00 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgexc.log --a---- 752716 bytes [22:55 19/10/2011] [02:17 18/11/2011] CEE14B0185D889B338C117698F392011
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgexc.log.lock --a---- 0 bytes [22:55 19/10/2011] [00:59 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgidpagent.log --a---- 7447322 bytes [00:55 20/10/2011] [00:14 05/01/2012] AB6EB07F7F0CA936662C3E3FD986F78D
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgidpagent.log.1 --a---- 10240126 bytes [00:55 20/10/2011] [08:01 22/11/2011] 802389785BC4594EBBA6C3B256034B64
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgidpagent.log.lock --a---- 0 bytes [00:55 20/10/2011] [00:55 20/10/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgidpagentremoved.log --a---- 2656 bytes [14:12 05/11/2011] [14:12 05/11/2011] 2309A963359D28207A10057D3AD74F7B
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgidpagentremoved.log.lock --a---- 0 bytes [14:12 05/11/2011] [14:12 05/11/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgldr.log --a---- 951312 bytes [22:55 19/10/2011] [00:11 05/01/2012] 2691C50575D104D9E70E9811797D6EA4
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgldr.log.lock --a---- 0 bytes [22:55 19/10/2011] [00:59 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avglng.log --a---- 576002 bytes [22:55 19/10/2011] [22:55 05/01/2012] 8F2046BDC8BADC20B2AB6EBC1A315C8C
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avglng.log.1 --a---- 1024010 bytes [22:55 19/10/2011] [06:49 28/09/2011] 3F47CBEF3F9714492825180C80116749
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avglng.log.10 --a---- 1024040 bytes [22:55 19/10/2011] [00:18 14/05/2011] CC4FCFBF1B6CDC36B9A5190E17B72A8B
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avglng.log.2 --a---- 1025090 bytes [22:55 19/10/2011] [01:57 12/08/2011] 7D332C4BB8DDBE3AD233C42D8E86EEE9
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avglng.log.3 --a---- 1024510 bytes [22:55 19/10/2011] [00:05 13/08/2011] 88EC626CB88B20327BD32C3F439C5EAF
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avglng.log.4 --a---- 1024198 bytes [22:55 19/10/2011] [07:23 13/07/2011] 602729232EB4DE9DD9E7391E64F60B72
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avglng.log.5 --a---- 1024040 bytes [22:55 19/10/2011] [00:57 16/05/2011] 819787B958EE65B14521002E74A8FAA7
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avglng.log.6 --a---- 1024040 bytes [22:55 19/10/2011] [00:55 16/05/2011] 0DAD0A678C3739DE7CA8C3EC97FE0A9F
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avglng.log.7 --a---- 1024040 bytes [22:55 19/10/2011] [15:15 15/05/2011] 21A6933957341303E4DA179ACE9443D5
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avglng.log.8 --a---- 1024040 bytes [22:55 19/10/2011] [15:14 15/05/2011] 2367F3B2CC8477CDD69182DD476335AB
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avglng.log.9 --a---- 1024040 bytes [22:55 19/10/2011] [15:12 15/05/2011] 86D0A55D99061E803BA2999BE6FB467C
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avglng.log.lock --a---- 0 bytes [22:55 19/10/2011] [01:03 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgmail.cfg --a---- 538 bytes [22:55 19/10/2011] [22:55 19/10/2011] 7C4073E0131BD323EC7FD09575ED604C
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgns.log --a---- 720414 bytes [15:49 05/11/2011] [00:15 05/01/2012] EF30E5EA5D9E2C88AF4B4805033559F8
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgns.log.1 --a---- 1024124 bytes [22:55 19/10/2011] [15:48 05/11/2011] D380CA73A6095435EA91FA28B428DEB2
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgns.log.2 --a---- 1024540 bytes [22:55 19/10/2011] [13:45 10/05/2011] 30E3851B61633EF44BFE6E2B7AD7A0A8
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgns.log.lock --a---- 0 bytes [22:55 19/10/2011] [01:00 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgpostinst.log --a---- 18528 bytes [22:55 19/10/2011] [12:12 04/11/2011] 418757017C48ACD387F800304731D656
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgpostinst.log.lock --a---- 0 bytes [22:55 19/10/2011] [01:00 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgrs.log --a---- 576958 bytes [22:55 19/10/2011] [00:27 05/01/2012] 7EDBBECD7BF4A4B96486ABFDDB52B2EF
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgrs.log.1 --a---- 1024516 bytes [22:55 19/10/2011] [17:20 29/12/2011] 6008FA407450B61B57335978C961B540
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgrs.log.10 --a---- 1024556 bytes [22:55 19/10/2011] [21:56 31/10/2011] C5354FC02D56DB2B9ABB56ECE7EB42AD
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgrs.log.2 --a---- 1025270 bytes [22:55 19/10/2011] [02:14 18/11/2011] 814359BE97E5AB9F1822F8562EBE4183
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgrs.log.3 --a---- 1024348 bytes [22:55 19/10/2011] [07:49 09/11/2011] 6D92050956C2733FFE05A78D7B75B999
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgrs.log.4 --a---- 1025810 bytes [22:55 19/10/2011] [12:10 08/11/2011] CC86680D4EE11F7289016BD2C008786F
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgrs.log.5 --a---- 1025056 bytes [22:55 19/10/2011] [07:25 06/11/2011] 378906B26A8E0DC3914DEB18F95EE6AD
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgrs.log.6 --a---- 1025420 bytes [22:55 19/10/2011] [13:52 05/11/2011] 68D9EECF52319BDF503F0E0D8A0CCCD2
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgrs.log.7 --a---- 1025348 bytes [22:55 19/10/2011] [00:52 05/11/2011] A5697603BE29762E0EC0F68763F8AAA1
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgrs.log.8 --a---- 1024516 bytes [22:55 19/10/2011] [22:47 04/11/2011] 9BD9768A1BF1C35039E73E24A400B5F5
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgrs.log.9 --a---- 1025766 bytes [22:55 19/10/2011] [19:57 04/11/2011] 0F81C32580334E9D34E7E30029E8864E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgrs.log.lock --a---- 0 bytes [22:55 19/10/2011] [00:59 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgscan.log --a---- 182996 bytes [22:55 19/10/2011] [00:22 05/01/2012] 31E7F6BEA015C22CE3CB174ED17C70A1
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgscan.log.1 --a---- 1024756 bytes [22:55 19/10/2011] [14:58 05/11/2011] 6B13BAC6CC8CF270131B8145E1D72967
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgscan.log.2 --a---- 1024080 bytes [22:55 19/10/2011] [16:00 24/08/2011] BA3BDC65844B26F947627CDD68793DF0
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgscan.log.3 --a---- 1024178 bytes [22:55 19/10/2011] [16:00 27/04/2011] F1F9B218027513EB8D4DB04B876DF756
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgscan.log.lock --a---- 0 bytes [22:55 19/10/2011] [01:05 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsched.log --a---- 56924 bytes [23:04 30/10/2011] [00:20 05/01/2012] AEFD2DD1FB02D493242FECF24D0FBC89
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsched.log.1 --a---- 1024070 bytes [22:55 19/10/2011] [00:19 05/01/2012] AD2C63DAF3AF26E52E6FE9571DA1C26F
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsched.log.10 --a---- 1024210 bytes [22:55 19/10/2011] [15:20 09/11/2011] 92E4D95E1B2DE335F4FB74B2CE69F77D
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsched.log.2 --a---- 1024342 bytes [22:55 19/10/2011] [09:50 31/12/2011] 9C9CF893406739028353936373E4B7B5
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsched.log.3 --a---- 1024026 bytes [22:55 19/10/2011] [16:50 30/12/2011] B033AB19B1CE008DF476D82976A4DE62
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsched.log.4 --a---- 1024042 bytes [22:55 19/10/2011] [19:14 22/11/2011] 483467B00112D4BDBE8219ED36C9FC1A
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsched.log.5 --a---- 1024196 bytes [22:55 19/10/2011] [02:20 22/11/2011] 647C1CAF273B71B40FC96131C54592AE
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsched.log.6 --a---- 1024112 bytes [22:55 19/10/2011] [10:19 21/11/2011] AFAAC9FBEC0D1BDBB337A20A97080047
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsched.log.7 --a---- 1024108 bytes [22:55 19/10/2011] [12:52 19/11/2011] 3B95AA264332B6FE3B7EB567A114377C
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsched.log.8 --a---- 1024192 bytes [22:55 19/10/2011] [21:50 18/11/2011] 1319344E3B7436FA8411A96A75AD8BF3
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsched.log.9 --a---- 1024214 bytes [22:55 19/10/2011] [04:54 18/11/2011] 5AFFE153BC2EEB79BD81D0460E91BAA6
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsched.log.lock --a---- 0 bytes [22:55 19/10/2011] [01:03 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrm.log --a---- 718918 bytes [22:55 19/10/2011] [00:22 05/01/2012] 1FA01834C07AE5FF2DD9D7D63F776ECA
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrm.log.1 --a---- 1024306 bytes [22:55 19/10/2011] [16:00 02/11/2011] B52BC56D6E4E1EE824227EA215E1FDE6
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrm.log.10 --a---- 1024070 bytes [22:55 19/10/2011] [10:24 05/07/2011] 053C5C8C747D1DDF2F2982E847805364
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrm.log.2 --a---- 1024232 bytes [22:55 19/10/2011] [21:03 18/10/2011] E85A101697442EFCBA5501FC4135A321
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrm.log.3 --a---- 1024248 bytes [22:55 19/10/2011] [20:30 05/10/2011] 8C176C96F6FAAB942ED6E8CE78ED67FF
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrm.log.4 --a---- 1024916 bytes [22:55 19/10/2011] [14:32 22/09/2011] 80CD747C8C0D43C6954B06349119FEAF
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrm.log.5 --a---- 1024224 bytes [22:55 19/10/2011] [08:25 08/09/2011] 59A6A491DB873002E361DB011E9A362C
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrm.log.6 --a---- 1024136 bytes [22:55 19/10/2011] [08:35 26/08/2011] 2087F9B0318C2F95C535D4ADFDBADE7D
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrm.log.7 --a---- 1024022 bytes [22:55 19/10/2011] [07:33 13/08/2011] DF154BB2E816BC0A4E3A5EACFC79AE25
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrm.log.8 --a---- 1024234 bytes [22:55 19/10/2011] [09:34 31/07/2011] A8FDA4A976C30F1A5D7849243D7D1CA9
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrm.log.9 --a---- 1024176 bytes [22:55 19/10/2011] [09:32 18/07/2011] 8FC5B25B2108958B8A8B41D33B74699E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrm.log.lock --a---- 0 bytes [22:55 19/10/2011] [01:03 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrmac.log --a---- 514186 bytes [22:55 19/10/2011] [00:22 05/01/2012] 5116553784CFDE01B3488F94655C736B
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrmac.log.1 --a---- 1024952 bytes [22:55 19/10/2011] [16:33 03/09/2011] 74C2315B5C30CE72D206458048B07C56
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrmac.log.2 --a---- 1024578 bytes [22:55 19/10/2011] [04:33 14/04/2011] 4A6B79724FCD4C2AC340DF892863A8F6
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgsrmac.log.lock --a---- 0 bytes [22:55 19/10/2011] [04:33 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgss.cfg --a---- 632 bytes [03:01 10/07/2011] [03:01 10/07/2011] 6A5A8A3C54F822A8AFA8CC7CA7AB3CBA
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtbapi.log --a---- 848620 bytes [22:55 19/10/2011] [13:50 15/10/2011] D99A57C0DF9B0A6666EE7353F51DB51E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtbapi.log.1 --a---- 1024044 bytes [22:55 19/10/2011] [14:35 13/10/2011] FA3CA0F8064BC703DC67D3A0FD7D399A
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtbapi.log.10 --a---- 1026124 bytes [22:55 19/10/2011] [03:04 07/09/2011] 2865731B94B993B123F0C21D045AEFB3
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtbapi.log.2 --a---- 1025114 bytes [22:55 19/10/2011] [02:41 11/10/2011] F96A88A21F56D5A64CF9133D4B0AF868
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtbapi.log.3 --a---- 1024756 bytes [22:55 19/10/2011] [17:05 09/10/2011] 1665D63288BF689038893505A27DF5A3
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtbapi.log.4 --a---- 1024258 bytes [22:55 19/10/2011] [22:51 02/10/2011] 2504A2AAD2B79CCF056ED50B09998A51
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtbapi.log.5 --a---- 1025286 bytes [22:55 19/10/2011] [15:10 28/09/2011] 222D157ECD55700298A833FF7923D8DA
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtbapi.log.6 --a---- 1025682 bytes [22:55 19/10/2011] [22:33 24/09/2011] E2D9DFED97397371163758F5029D11A0
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtbapi.log.7 --a---- 1024220 bytes [22:55 19/10/2011] [14:16 22/09/2011] CC83EE615ECED9B2280D09B34B6A0C3B
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtbapi.log.8 --a---- 1024034 bytes [22:55 19/10/2011] [02:23 21/09/2011] 91C6979921C29B13BB29101C96FC50A0
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtbapi.log.9 --a---- 1024718 bytes [22:55 19/10/2011] [20:05 10/09/2011] 133B69EF8E56AA1A343047EEF3FD50F3
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtbapi.log.lock --a---- 0 bytes [22:55 19/10/2011] [02:41 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtdi.log --a---- 217106 bytes [22:55 19/10/2011] [22:47 05/01/2012] 95E722D82164F9E468256A56A9555047
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtdi.log.lock --a---- 0 bytes [22:55 19/10/2011] [00:59 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtray_idp_HP_Administrator.log --a---- 124168 bytes [00:55 20/10/2011] [14:40 05/11/2011] 018313AAEEAFD42401D7B9BF3800F6AD
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtray_idp_HP_Administrator.log.1 --a---- 1024072 bytes [00:55 20/10/2011] [09:49 03/11/2011] 6924D8E7F88FE73D70D7F5A2C686B370
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgtray_idp_HP_Administrator.log.lock --a---- 0 bytes [00:55 20/10/2011] [00:55 20/10/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgual.log --a---- 5770 bytes [01:39 05/11/2011] [14:40 05/11/2011] 37035E67BE68C425F1E6F033B8998B03
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgual.log.lock --a---- 0 bytes [22:55 19/10/2011] [01:04 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui.log --a---- 34248 bytes [10:48 31/10/2011] [14:41 05/11/2011] CE5E1C76E36897AF7DFE1AD5EC6B74D0
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui.log.1 --a---- 1024182 bytes [22:55 19/10/2011] [14:15 05/11/2011] 081125B283C67E2AB0212E7CEA6B297C
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui.log.10 --a---- 1024176 bytes [22:55 19/10/2011] [15:42 10/09/2011] FA3B0BDBA12CD92826ACAAE3E120BAB0
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui.log.2 --a---- 1024314 bytes [22:55 19/10/2011] [10:35 31/10/2011] 265EB159012E4E0BF2F738CF94797A99
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui.log.3 --a---- 1024092 bytes [22:55 19/10/2011] [05:02 25/10/2011] 5933DB580FA01D6FDB43A7CB4EAFE86A
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui.log.4 --a---- 1024950 bytes [22:55 19/10/2011] [13:51 21/10/2011] 6CEEAEE860DA7E7EC857C3FB468300E1
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui.log.5 --a---- 1024186 bytes [22:55 19/10/2011] [14:48 15/10/2011] C28D27F7B6B57ED594AD6AD9191E0BB8
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui.log.6 --a---- 1024638 bytes [22:55 19/10/2011] [02:31 09/10/2011] 3E2651F56B835B0B56AEC82B540BECB5
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui.log.7 --a---- 1024246 bytes [22:55 19/10/2011] [14:46 01/10/2011] 1C7DE2D147C545195C9E6A12F2BC7656
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui.log.8 --a---- 1024072 bytes [22:55 19/10/2011] [23:28 24/09/2011] 8294200690F646C6C733102936B1CFB9
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui.log.9 --a---- 1024280 bytes [22:55 19/10/2011] [15:01 18/09/2011] 2E00057857C5F03DB21007C8D937D031
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui.log.lock --a---- 0 bytes [22:55 19/10/2011] [01:03 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avguidraw.log --a---- 1104802 bytes [22:55 19/10/2011] [14:41 05/11/2011] 4CD74FE307A2B10AE5AE28B8AAA98A4D
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avguidraw.log.lock --a---- 0 bytes [22:55 19/10/2011] [23:09 09/05/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avguilog.cfg --a---- 1679 bytes [22:55 19/10/2011] [22:55 19/10/2011] 8C1F287B80FCA16B7258753F77C3B3E8
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui_idp_HP_Administrator.log --a---- 23378 bytes [22:50 04/11/2011] [14:04 05/11/2011] A5AA45E4CA9DD92D6AEB984D5EDB30E1
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgui_idp_HP_Administrator.log.lock --a---- 0 bytes [22:50 04/11/2011] [22:50 04/11/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgupd.log --a---- 9914884 bytes [22:55 19/10/2011] [00:19 05/01/2012] 81B14360D0562FAC3C935CB106981DF4
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgupd.log.1 --a---- 10240112 bytes [22:55 19/10/2011] [00:58 20/10/2011] 17196E75E636648742011B9F0B0C2194
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgupd.log.2 --a---- 10240282 bytes [22:55 19/10/2011] [12:11 11/09/2011] 347B9DFBD088B47C34D11F0CA1A41C25
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgupd.log.lock --a---- 0 bytes [22:55 19/10/2011] [01:03 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgupdm.log --a---- 6679636 bytes [12:08 04/11/2011] [12:13 04/11/2011] 055234DBA64E11E1BB73B8C064ADB060
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwd.log --a---- 1005288 bytes [03:35 22/10/2011] [00:20 05/01/2012] 069600238923687F695FC6203C975D31
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwd.log.1 --a---- 1024362 bytes [22:55 19/10/2011] [01:07 22/11/2011] 44063D637409940A87FDFF9E06592551
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwd.log.10 --a---- 1024258 bytes [22:55 19/10/2011] [22:21 19/10/2011] 29DCD1D5593A7C19F1119215AF870050
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwd.log.2 --a---- 1024226 bytes [22:56 19/10/2011] [02:04 18/11/2011] FCCF46F45B183DD63626BC7A83280020
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwd.log.3 --a---- 1024118 bytes [22:56 19/10/2011] [18:35 08/11/2011] 93F620467009DE913E0F143FC60BFC6F
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwd.log.4 --a---- 1024276 bytes [22:56 19/10/2011] [14:40 05/11/2011] EC380A9506EF2A35EA1D7ABB110ADDD0
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwd.log.5 --a---- 1024470 bytes [22:56 19/10/2011] [19:58 04/11/2011] 800E7700D800C647F7F15717055978AE
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwd.log.6 --a---- 1024238 bytes [22:56 19/10/2011] [07:35 02/11/2011] A0EE438795E5F86B2852C0718C42CA5A
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwd.log.7 --a---- 1024004 bytes [22:56 19/10/2011] [00:45 29/10/2011] 24EF66EA8514714838ACBE25E6D33C4E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwd.log.8 --a---- 1024290 bytes [22:56 19/10/2011] [20:03 24/10/2011] AB15A0A10F6258069D4695252C97939D
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwd.log.9 --a---- 1024066 bytes [22:56 19/10/2011] [03:31 22/10/2011] A9AA9F1735BC54E10B2635BB487EF8DF
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwd.log.lock --a---- 0 bytes [22:56 19/10/2011] [01:00 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwdsvc.log --a---- 715162 bytes [22:56 19/10/2011] [00:14 05/01/2012] 1E971DC2BE5127C9AE4C3F2EB047BD6E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwdsvc.log.lock --a---- 0 bytes [22:56 19/10/2011] [01:00 31/10/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log --a---- 200442 bytes [22:59 19/10/2011] [00:14 05/01/2012] 4341733C47C0EB54124101A0167C9F35
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log.lock --a---- 0 bytes [22:59 19/10/2011] [22:59 19/10/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcfg.log --a---- 296280 bytes [23:31 30/01/2010] [12:46 06/10/2010] 81D89EB2BC37B569B38C197C66BF5BEC
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcfg.log.1 --a---- 1024068 bytes [23:31 30/01/2010] [13:15 05/02/2010] 2DCF3D1945933353CFC1F1BFED2E2ACC
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcfg.log.2 --a---- 1024060 bytes [23:31 30/01/2010] [13:10 01/02/2010] A3B3E5218DB3BA8F02B48CD27226204E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcfg.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjw.log --a---- 453940 bytes [23:31 30/01/2010] [00:54 31/10/2010] EF8B12F8313852A2C4B45DDBB9F1281C
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjw.log.1 --a---- 1024062 bytes [23:31 30/01/2010] [08:54 29/10/2010] BEE9CD0E7AE1A92A1445AC7ECE7A64B9
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjw.log.10 --a---- 1024140 bytes [23:31 30/01/2010] [04:51 04/10/2010] 710C604F2E2E5E9323C4D69A18C2E663
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjw.log.2 --a---- 1024108 bytes [23:31 30/01/2010] [19:06 25/10/2010] F52FBBA7BEDEA56D8285B8782AEFBA0A
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjw.log.3 --a---- 1024408 bytes [23:31 30/01/2010] [22:45 21/10/2010] 96BBF77622399CA7DD2A5BADA0931663
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjw.log.4 --a---- 1024168 bytes [23:31 30/01/2010] [07:22 18/10/2010] 0F167BC364FB002F5C41E7F328BD38C2
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjw.log.5 --a---- 1024164 bytes [23:31 30/01/2010] [11:22 14/10/2010] 2E1B2F83DB384E4951291342BB3CA95E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjw.log.6 --a---- 1024156 bytes [23:31 30/01/2010] [17:00 11/10/2010] 37D85E70D2D924DFEA0DEA27D3012266
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjw.log.7 --a---- 1024366 bytes [23:31 30/01/2010] [17:35 07/10/2010] 4C54DB8CC0D3D3241FF721F76C60C213
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjw.log.8 --a---- 1024184 bytes [23:31 30/01/2010] [17:59 04/10/2010] 8E43E26DD9500C14362EB1BEAD2593AA
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjw.log.9 --a---- 1024186 bytes [23:31 30/01/2010] [11:26 04/10/2010] 2E034F5251D8BFF26323B02C3CF25D6E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjw.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjwsrv.log --a---- 364210 bytes [23:31 30/01/2010] [00:54 31/10/2010] 01F789824F6D4343853716113D2B9758
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.1 --a---- 1024266 bytes [23:31 30/01/2010] [12:59 20/09/2010] 0130DE0DB57A2960F4C5220126DB65FD
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.2 --a---- 1024030 bytes [23:31 30/01/2010] [01:05 24/05/2010] AAC0E3FD510DD050FEAF3B4FAA041AFC
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgchjwsrv.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcore.log --a---- 792872 bytes [23:31 30/01/2010] [00:54 31/10/2010] 6770B16ED2E605AC983DBC435274EF84
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcore.log.1 --a---- 1025258 bytes [23:31 30/01/2010] [12:03 28/10/2010] 6C89E32C5E50788CE821B165FB76BC0E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcore.log.10 --a---- 1024394 bytes [23:31 30/01/2010] [16:00 15/09/2010] 073AD8918446CB4E7F7288016E771577
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcore.log.2 --a---- 1024308 bytes [23:31 30/01/2010] [22:34 22/10/2010] 57A3FC80B25956D330C88434CD15603D
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcore.log.3 --a---- 1024148 bytes [23:31 30/01/2010] [00:54 31/10/2010] D52387EFDB8C684715DDF6C1EA35BD81
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcore.log.4 --a---- 1025232 bytes [23:31 30/01/2010] [07:25 14/10/2010] A4F2BDD67F74F2D47D84A59A5DA61C2E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcore.log.5 --a---- 1024270 bytes [23:31 30/01/2010] [13:32 07/10/2010] 9A4151BBE3A4C98C5B4A3BFD464E6509
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcore.log.6 --a---- 1024284 bytes [23:31 30/01/2010] [13:27 03/10/2010] 6073E795CD834ED2288B661D39E3F96C
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcore.log.7 --a---- 1024806 bytes [23:31 30/01/2010] [07:16 06/10/2010] 8D03A011BBFFBC21C0C975A255E20D4B
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcore.log.8 --a---- 1024186 bytes [23:31 30/01/2010] [13:01 23/09/2010] 7FA4EB4C401AA3A69138D9819464CFD8
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcore.log.9 --a---- 1024014 bytes [23:31 30/01/2010] [00:13 16/09/2010] 2F0378D9B97BA22A31894E9E191C40E6
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgcore.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgfrw.log --a---- 1964 bytes [23:31 30/01/2010] [23:33 30/01/2010] CE05B483C23C064E0E6D0B0462068BE3
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgfrw.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgldr.log --a---- 530354 bytes [23:31 30/01/2010] [00:54 31/10/2010] D2564B40965F6D11FC8F96F913E7A312
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgldr.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avglng.log --a---- 376106 bytes [23:31 30/01/2010] [22:56 26/10/2010] B0AD42F84254B221F69D9A22ABE55867
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avglng.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgns.log --a---- 739582 bytes [23:31 30/01/2010] [00:54 31/10/2010] 4EE10CC50F645F4F10E63BE39FE2B9CE
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgns.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgrs.log --a---- 964178 bytes [23:31 30/01/2010] [00:52 31/10/2010] E28A33552D72981535088F268E2DE286
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgrs.log.1 --a---- 1024222 bytes [23:31 30/01/2010] [04:53 02/10/2010] ECD0E90BC1FA2AD5886DCF366007A023
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgrs.log.2 --a---- 1024030 bytes [23:31 30/01/2010] [17:52 21/08/2010] 80A46C8024EFAA2DACFAC809D5E37BDE
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgrs.log.3 --a---- 1024366 bytes [23:31 30/01/2010] [23:52 18/07/2010] 2FC14A92E69102853F05BB49C22A2A0A
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgrs.log.4 --a---- 1024322 bytes [23:31 30/01/2010] [04:56 10/06/2010] 1B91C54323274761E3896DFF8FF26F9C
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgrs.log.5 --a---- 1024014 bytes [23:31 30/01/2010] [07:38 26/05/2010] 9D25EA2C6D093503B33F5C3583FD2FEC
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgrs.log.6 --a---- 1024284 bytes [23:31 30/01/2010] [03:59 13/05/2010] EB1D4DA998DA4A97034D0F2D7DEE1E77
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgrs.log.7 --a---- 1024022 bytes [23:31 30/01/2010] [18:50 29/04/2010] 95A19F29085BD5F21C4F6C71E5E5F640
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgrs.log.8 --a---- 1024068 bytes [23:31 30/01/2010] [19:37 02/04/2010] F4101F419B25B1711ADC815FC022F88C
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgrs.log.9 --a---- 1024014 bytes [23:31 30/01/2010] [01:23 23/02/2010] 44BD9BAFBE94197849DDECA0345085DD
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgrs.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgscan.log --a---- 816332 bytes [23:34 30/01/2010] [17:28 27/10/2010] F251FDACCAD39463F80FF1B5FEEEDEE1
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgscan.log.lock --a---- 0 bytes [23:34 30/01/2010] [23:34 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsched.log --a---- 311314 bytes [23:33 30/01/2010] [00:54 31/10/2010] F64FE8A0330DE1C034CB0D8F30F58217
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsched.log.1 --a---- 1024116 bytes [23:33 30/01/2010] [18:01 30/10/2010] C6ABC8FD9C8C856FBB350F54EF9D05E6
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsched.log.10 --a---- 1024164 bytes [23:33 30/01/2010] [17:46 21/10/2010] B4FD445B86F2B3121ECA1F098201E81A
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsched.log.2 --a---- 1024056 bytes [23:33 30/01/2010] [17:46 29/10/2010] CA6D5F6AB357D785D5A1293B9F7E1518
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsched.log.3 --a---- 1024268 bytes [23:33 30/01/2010] [17:46 28/10/2010] F6C55404363A8AF865519BA46B16603E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsched.log.4 --a---- 1024108 bytes [23:33 30/01/2010] [17:46 27/10/2010] 09120217ED8875D59489E29F1C1CBE39
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsched.log.5 --a---- 1024220 bytes [23:33 30/01/2010] [18:01 26/10/2010] B27CF20D48E7D431A1CA3732F87CB011
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsched.log.6 --a---- 1024314 bytes [23:33 30/01/2010] [17:46 25/10/2010] 144343CA9EE83FF37AFFF837119F5C92
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsched.log.7 --a---- 1024220 bytes [23:33 30/01/2010] [17:46 24/10/2010] CED436F5D9EEA367554983D7C318317D
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsched.log.8 --a---- 1024234 bytes [23:33 30/01/2010] [17:46 23/10/2010] EB75D8EF4866B6559E8DB23B3678463E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsched.log.9 --a---- 1024268 bytes [23:33 30/01/2010] [17:46 22/10/2010] 7A72A1CA25FC57A75D3E152F1E709B70
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsched.log.lock --a---- 0 bytes [23:33 30/01/2010] [23:33 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsrm.log --a---- 185438 bytes [23:34 30/01/2010] [12:03 28/10/2010] 7DE4DFEAA74B4D75E585587BDC62DEA6
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgsrm.log.lock --a---- 0 bytes [23:34 30/01/2010] [23:34 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgtdi.log --a---- 77602 bytes [23:31 30/01/2010] [03:16 15/10/2010] 2907FD71456F619F91D512B19126F30F
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgtdi.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgui.log --a---- 636188 bytes [23:31 30/01/2010] [00:54 31/10/2010] E0C0EC74ECAABA11C99439F37D090794
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgui.log.1 --a---- 1024016 bytes [23:31 30/01/2010] [10:16 14/10/2010] 865433C09E02162E33EFF627AFF9959B
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgui.log.2 --a---- 1024120 bytes [23:31 30/01/2010] [19:16 15/09/2010] C1D9752F3B958A2AE8D66D8D34633F88
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgui.log.3 --a---- 1024056 bytes [23:31 30/01/2010] [22:31 17/08/2010] F0461D650012FD65085B9A603214BEEF
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgui.log.4 --a---- 1024098 bytes [23:31 30/01/2010] [02:46 20/07/2010] 196FDA77E986CA36F73C092FD7B5BBB1
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgui.log.5 --a---- 1024092 bytes [23:31 30/01/2010] [18:51 29/04/2010] C950740D7B0730AD2A8EBAB4D0DE8510
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgui.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgupd.log --a---- 10181102 bytes [23:31 30/01/2010] [22:57 30/10/2010] 8763DB582EF37C267A3321090FE38A80
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgupd.log.1 --a---- 10241434 bytes [23:31 30/01/2010] [21:12 23/08/2010] 30C362992FAAE018584C677A2AC1DDE6
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgupd.log.2 --a---- 10240250 bytes [23:31 30/01/2010] [12:31 19/06/2010] 6E797ADA6CEAB8B9B5695EC2036FD2F9
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgupd.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwd.log --a---- 209480 bytes [23:31 30/01/2010] [00:54 31/10/2010] A78DE8B942B682B7897773C260A6EEE2
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwd.log.1 --a---- 1024104 bytes [23:31 30/01/2010] [21:01 27/10/2010] 6D81C4643B7E513A8FFB978DC1F4539E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwd.log.10 --a---- 1024022 bytes [23:31 30/01/2010] [21:00 07/06/2010] F314CDC4F860F696F71C718573157A40
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwd.log.2 --a---- 1024520 bytes [23:31 30/01/2010] [13:18 12/10/2010] D16BBF2C065FF793913064D7A22B2203
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwd.log.3 --a---- 1024118 bytes [23:31 30/01/2010] [21:27 26/09/2010] C6522101DBFE2079D76B267A1E90CD57
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwd.log.4 --a---- 1024012 bytes [23:31 30/01/2010] [03:19 12/09/2010] 4758C33C44ECFEC16465E444AD262766
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwd.log.5 --a---- 1024000 bytes [23:31 30/01/2010] [16:16 26/08/2010] C31F9354FD9FCA7409F00475860E8BCA
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwd.log.6 --a---- 1024242 bytes [23:31 30/01/2010] [20:18 11/08/2010] 08467C673F8288811B91AC35A7807BA9
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwd.log.7 --a---- 1024242 bytes [23:31 30/01/2010] [11:11 26/07/2010] E489EC335850C7D759B4DE091568F6BC
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwd.log.8 --a---- 1024106 bytes [23:31 30/01/2010] [08:52 10/07/2010] 34F160E0EF341A825B3328805F84A15D
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwd.log.9 --a---- 1024054 bytes [23:31 30/01/2010] [12:31 23/06/2010] 4287A2478E5F0FEB38012A669750722B
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwd.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwdsvc.log --a---- 240490 bytes [23:31 30/01/2010] [00:54 31/10/2010] 156E30E304509D5A6F358F85C607A3C0
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\Log\avgwdsvc.log.lock --a---- 0 bytes [23:31 30/01/2010] [23:31 30/01/2010] D41D8CD98F00B204E9800998ECF8427E
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\update\backup\avg9us.lng --a---- 619430 bytes [12:02 26/10/2010] [12:02 26/10/2010] CCA9720454C2BD25FFC9437765021AF5
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\update\backup\avgcorex.dll --a---- 4394336 bytes [17:28 04/10/2010] [17:28 04/10/2010] 80942CEFD61B7C8A4951A254D2EAE9A1
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\update\backup\avgfree_us.mht --a---- 14342 bytes [17:28 04/10/2010] [17:28 04/10/2010] D9B51953A836FA26EF221BF20FF38794
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\update\backup\avgssie.dll --a---- 1619296 bytes [12:02 26/10/2010] [12:02 26/10/2010] CD834322855258F50C7B26EC9C49FED3
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\update\backup\avgtray.exe --a---- 2065760 bytes [17:28 04/10/2010] [17:28 04/10/2010] E9B04FD2921ACE22CA17FA7D5131F491
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\update\backup\avgui.exe --a---- 4100960 bytes [17:28 04/10/2010] [17:28 04/10/2010] 31DA79C99F0420F2AAE79BEB89FCF348
C:\_OTM\MovedFiles\02032012_212831\C_Program Files\AVG\AVG10\avgfree_zh.mht --a---- 42116 bytes [13:06 31/10/2010] [13:06 31/10/2010] 6F16B7E2578DC632ED8E3B5C30FDBEB1
C:\_OTM\MovedFiles\02032012_212831\C_Program Files\AVG\AVG10\avgfree_zt.mht --a---- 42122 bytes [13:06 31/10/2010] [13:06 31/10/2010] CA20538C2414E588EC49DCBDC528DBB0
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avg.snu --a---- 134 bytes [22:31 19/10/2011] [23:11 09/05/2011] 7C30051AF2696076166A5F1677A68B73
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgabout.dll --a---- 1227616 bytes [22:31 19/10/2011] [09:39 13/04/2011] 4AAAF56222E0ACC070DDBA038998D6C8
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgamnot.dll --a---- 476000 bytes [22:31 19/10/2011] [09:33 08/02/2011] DE81240BD5476BB8AA2261349AB32FF8
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgapix.dll --a---- 4193632 bytes [22:31 19/10/2011] [05:33 18/08/2011] FD5AB675C3C308AE767032502B6BF881
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgar_us.chm --a---- 35871 bytes [22:31 19/10/2011] [22:49 13/05/2011] 72D8535164BAF188D07ADC06AA8D4DC8
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgatend.stp --a---- 32 bytes [22:32 19/10/2011] [22:32 19/10/2011] 34C50B69C2B299929457A85A8E030F38
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgatupd.stp --a---- 32 bytes [22:32 19/10/2011] [22:32 19/10/2011] 34C50B69C2B299929457A85A8E030F38
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcclix.dll --a---- 450912 bytes [22:31 19/10/2011] [07:00 28/03/2011] E175A3A80D3626A3EB01A378D758DF8C
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcertx.dll --a---- 867168 bytes [22:31 19/10/2011] [09:32 08/02/2011] 1E9839FD8F51E4836A219ABCBDCBEA6B
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcfgex.exe --a---- 580960 bytes [22:31 19/10/2011] [09:33 08/02/2011] 525C1BB5EB4F216714DF6348E68B8822
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcfgx.dll --a---- 1128800 bytes [22:31 19/10/2011] [18:03 22/08/2011] F564B7BE14C719D12C53B902B840CF2A
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgchclx.dll --a---- 246112 bytes [22:31 19/10/2011] [09:32 08/02/2011] DB359D68D8B5D7E1C0A1961916BBA905
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgchjwx.dll --a---- 544096 bytes [22:31 19/10/2011] [23:07 27/05/2011] 1A3579ECEE56C4D4D32204D8C667CA6C
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgchsvx.exe --a---- 657248 bytes [22:31 19/10/2011] [18:13 23/05/2011] 853AB2F2A2267FE90D1D4E9B0C8CF314
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgclitx.dll --a---- 334688 bytes [22:31 19/10/2011] [05:32 18/08/2011] F71ECAB18972467500609A8FA4E98F33
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcmgr.exe --a---- 1559392 bytes [22:31 19/10/2011] [09:56 20/04/2011] CAE3131129F253979E879C84D72D57A0
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcorex.dll --a---- 4992352 bytes [22:31 19/10/2011] [22:59 08/10/2011] 507CE205C9BDAAF928C52420AFAC5859
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcremx.exe --a---- 3769184 bytes [22:31 19/10/2011] [22:59 08/10/2011] C0EB003D22F1C354CC6253BE7124D7A4
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcslx.dll --a---- 1854280 bytes [22:31 19/10/2011] [00:09 10/05/2011] B01E5E3CFB0CE27CBEF9011EB09A0A71
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgcsrvx.exe --a---- 351072 bytes [22:31 19/10/2011] [07:00 28/03/2011] 2FE694541C5D0D2A874CCC222BBFC7D0
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgdg_us.chm --a---- 33696 bytes [22:31 19/10/2011] [22:49 13/05/2011] AC89AEEF6438CAA9228B416CFB1BFA9D
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgdiagex.exe --a---- 3833696 bytes [22:31 19/10/2011] [05:33 18/08/2011] 71C940B4D31A803CF42D2C384BF72711
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgdumpx.exe --a---- 278880 bytes [22:31 19/10/2011] [09:33 08/02/2011] 7425F9710FA02197E4C616293D5FBE83
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgemcx.exe --a---- 1025888 bytes [22:31 19/10/2011] [20:05 16/03/2011] 04DA8CE286070477EF33925615520E6F
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgfree_us.mht --a---- 40287 bytes [22:31 19/10/2011] [20:11 20/09/2011] FB569F27A34BD5AF92AC8CF9E600FDF6
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgfree_zh.mht --a---- 42116 bytes [22:31 19/10/2011] [13:06 31/10/2010] 6F16B7E2578DC632ED8E3B5C30FDBEB1
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgfree_zt.mht --a---- 42122 bytes [22:31 19/10/2011] [13:06 31/10/2010] CA20538C2414E588EC49DCBDC528DBB0
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgf_us.chm --a---- 336574 bytes [22:31 19/10/2011] [22:49 13/05/2011] 90F897D16E9641AE534308C8C67B7069
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgidpsdkx.dll --a---- 2547040 bytes [22:31 19/10/2011] [11:55 10/02/2011] 8F2E5F841DF279C41FA011E8F2E945BC
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgidp_us.chm --a---- 42609 bytes [22:31 19/10/2011] [22:49 13/05/2011] D1F2BCB64D624D74CCE74C4356B10CBE
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avglngx.dll --a---- 246624 bytes [22:31 19/10/2011] [21:39 18/04/2011] 199F9ADDB1C1E633169B9F6CB40D7724
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avglogx.dll --a---- 796512 bytes [22:31 19/10/2011] [09:52 21/02/2011] 3FA61EF87E49FFACE4ED58C4F1A98EB1
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avglscanx.exe --a---- 218464 bytes [22:31 19/10/2011] [09:33 08/02/2011] DE1C35CB89C0B800DE6ED82C438039CB
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgls_us.chm --a---- 90010 bytes [22:31 19/10/2011] [22:49 13/05/2011] 90953BE9027779AFCC7CEA00EEE4A5BA
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe --a---- 5592416 bytes [22:32 19/10/2011] [22:32 19/10/2011] A19EF143E096CD8D62203F2FF6AED5EA
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfarx.dll --a---- 1757024 bytes [22:32 19/10/2011] [22:32 19/10/2011] EF5F944A694B08BED8AE1E4FD3C042C1
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmtrapx.dll --a---- 1045344 bytes [22:31 19/10/2011] [09:33 08/02/2011] EFC07F5DD54A4659369534FF4A60DC88
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmvflx.dll --a---- 154464 bytes [22:31 19/10/2011] [09:33 08/02/2011] 350CB5AAB7EC0F562D8A90AEDD70BFE5
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmwdef_us.mht --a---- 30255 bytes [22:31 19/10/2011] [01:27 26/08/2010] 62D68860E68478AD7A61B02247A4BCB0
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgnsx.exe --a---- 1082208 bytes [22:31 19/10/2011] [07:10 09/09/2011] E8A6413CE73FD6C7586F27443A3171C8
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgntdumpx.exe --a---- 598368 bytes [22:32 19/10/2011] [22:32 19/10/2011] 5A052593834E79C345C7B276BFB874E8
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgoutlookx.dll --a---- 1064800 bytes [22:31 19/10/2011] [07:10 09/09/2011] 26FE114934DDA786B566F729B9EB3D89
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgpostinstx.dll --a---- 748896 bytes [22:31 19/10/2011] [05:27 30/08/2011] 8B8732E15BCB1891A6DE1C9A0A7E6634
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgpp.dll --a---- 183136 bytes [22:31 19/10/2011] [09:33 08/02/2011] 380DA1A62D2E15CE912311F161EDC4AC
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgresf.dll --a---- 661344 bytes [22:31 19/10/2011] [09:33 08/02/2011] 4188691D4DC6FBDB8A0A1D6F2888CFD5
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgrktx.dll --a---- 548192 bytes [22:31 19/10/2011] [23:07 27/05/2011] FF7231ADE1695FED8C56EBF25762F113
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgrsx.exe --a---- 659296 bytes [22:31 19/10/2011] [05:33 18/08/2011] E0E0B180CFA3B1A1322AC4AEA5FFBEBF
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgsals_us.mht --a---- 42165 bytes [22:31 19/10/2011] [01:26 26/08/2010] D7F6091448220024BD1294C7655072E1
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgsbfree_us.mht --a---- 16566 bytes [22:31 19/10/2011] [22:04 29/10/2009] A08274E9F97507796BB03D3589895C54
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgscanx.dll --a---- 219488 bytes [22:31 19/10/2011] [00:29 16/04/2011] DA2A930CA4A75D1C2BA245F19129C8F3
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgscanx.exe --a---- 1088864 bytes [22:31 19/10/2011] [09:33 08/02/2011] 1633EAB3C7CB7301A4734191DE18DB79
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgsched.dll --a---- 609632 bytes [22:31 19/10/2011] [23:07 27/05/2011] 96EC140D8EC76556A3651987B7102F92
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgse.dll --a---- 207200 bytes [22:31 19/10/2011] [09:33 08/02/2011] 6FBFA21869A09EDE8F3A2427BAEBCBDB
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgsrmax.exe --a---- 1265504 bytes [22:31 19/10/2011] [09:35 09/02/2011] DF96A17994CC265F98078C00BCCEBF5D
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgsrmx.dll --a---- 620896 bytes [22:31 19/10/2011] [09:33 08/02/2011] 90F4C3D61C6722BB0962962DBC29AD7A
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgssie.dll --a---- 2276704 bytes [22:31 19/10/2011] [07:10 09/09/2011] E37DBC42F405F0B804CF83EF6F08361D
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgtbapi.dll --a---- 945504 bytes [22:31 19/10/2011] [05:30 12/04/2011] C6EFBCF67F55041EE331203A59937676
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\AVGTBInstall.exe --a---- 5996872 bytes [22:31 19/10/2011] [21:32 08/09/2011] 5ACE18F28F6928E68D81607208F25A1E
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgtray.exe --a---- 2338656 bytes [22:31 19/10/2011] [10:28 10/09/2011] BDDBAA0906EB612971C0FCD6030DBA14
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgtrial_us.mht --a---- 18421 bytes [22:31 19/10/2011] [14:41 26/04/2011] A1A2EA681542A265FEA201BE75ADEF09
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgui.exe --a---- 3593056 bytes [22:31 19/10/2011] [10:28 10/09/2011] 9184D32514A02B9322ABFF261C3B54ED
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avguiadv.dll --a---- 2652512 bytes [22:31 19/10/2011] [23:37 22/04/2011] 0D1CCAC74BA0ECFC4369B78612D78851
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avguires.dll --a---- 2897248 bytes [22:32 19/10/2011] [05:30 12/04/2011] 61B12427CCBF5512E3439664C00D5FCD
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgupd.sig --a---- 300 bytes [22:32 19/10/2011] [22:32 19/10/2011] 34715B8B96BFCCEE1B41BF0BED9F5D0C
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgupdx.dll --a---- 2250592 bytes [22:32 19/10/2011] [22:32 19/10/2011] EF9E34DA2338D140E7777E7BADE85A2C
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgvvx.dll --a---- 737632 bytes [22:32 19/10/2011] [05:33 18/08/2011] A8E994FE476F00BE2ADC0B7E8A1D175C
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgwd.dll --a---- 2033928 bytes [22:32 19/10/2011] [05:29 02/09/2011] 2FA4BD725500104292CB80F61F8AC1D7
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgwdsvc.exe --a---- 269520 bytes [22:32 19/10/2011] [09:33 08/02/2011] FC2BC51120A945F7C70376495E4E7737
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgwdwsc.dll --a---- 460600 bytes [22:32 19/10/2011] [09:33 08/02/2011] 80AEC7987F4F315DC8B65FA1A42FF554
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgwebui.dll --a---- 583520 bytes [22:32 19/10/2011] [09:38 13/04/2011] 9AA48B408E2AB8D298444C4558E86606
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgwsc.exe --a---- 754120 bytes [22:32 19/10/2011] [09:33 08/02/2011] DD00E5497967D46D82222215B76F69C9
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgxpl.dll --a---- 1859424 bytes [22:32 19/10/2011] [05:33 18/08/2011] 82D8DC61C24C5B4D754CCD97E78DA876
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avg_us.chm --a---- 347868 bytes [22:32 19/10/2011] [22:49 13/05/2011] E350F5895EEA3E675032FE77E4938512
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avg_us.lng --a---- 669077 bytes [22:32 19/10/2011] [05:04 06/09/2011] 6A682AAF883E3460CB158254A39E018B
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Cookies\hp_administrator@avgtechnologies.112.2o7[1].txt --a---- 126 bytes [23:23 30/01/2010] [23:23 30/01/2010] 86460720C00F52F2F640084A6C8CE916
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Cookies\hp_administrator@avgtechnologies.112.2o7[2].txt --a---- 132 bytes [23:52 29/10/2010] [23:52 29/10/2010] 2F9D964EE073A4A5C0CC7E7CFAC003D5
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Cookies\hp_administrator@avg[2].txt --a---- 494 bytes [22:27 08/06/2010] [22:27 08/06/2010] B327F6A1F7E45F3743ADB585184AC50E
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Desktop\avgremover.exe --a---- 718104 bytes [01:43 31/01/2012] [20:44 30/01/2012] FB77421B92DA80ECB9B6289D68B4360C
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Desktop\avgremover.log --a---- 599258 bytes [01:43 31/01/2012] [23:15 01/02/2012] 018FE4DD39D4310FAC2E49998BA45579
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Desktop\avg_free_stb_all_2012_1869_cnet.exe --a---- 3903608 bytes [14:24 05/11/2011] [14:30 05/11/2011] 23D42D46AA242B305B128C9F2B0D618B
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\BD8EZDV6\www.avg[1].xml --a---- 61049 bytes [22:54 04/11/2011] [14:22 05/11/2011] DFB54359EAC4446584C7FA52045B5C63
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EBJR6H4V\forums.avg[1].xml --a---- 15242 bytes [22:54 04/11/2011] [22:54 04/11/2011] 9BA95F18B287A64F53BCD7111AD12639
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EBJR6H4V\free.avg[1].xml --a---- 15228 bytes [22:51 04/11/2011] [22:52 04/11/2011] 0BB88A053E5433F0980A80B8D3972C3A
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EBJR6H4V\isearch.avg[1].xml --a---- 15645 bytes [22:30 30/10/2011] [11:58 08/11/2011] 7107628CF9A49B59046784DA7A2A301D
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EBJR6H4V\myaccount.avg[1].xml --a---- 15269 bytes [23:01 04/11/2011] [23:01 04/11/2011] 5C39CFDEAAD6E069CF3628C1AB7EE185
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Recent\AVG Secure Search.lnk --a---- 571 bytes [23:57 07/11/2011] [23:57 07/11/2011] B7A8770117CEA565A6EC4A58271A1F46
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Recent\AVG10.lnk --a---- 567 bytes [22:56 06/01/2012] [22:56 06/01/2012] 3DFB6094500DE359A53539F87AF77B18
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Recent\avgfree_zt.lnk --a---- 995 bytes [22:56 06/01/2012] [22:56 06/01/2012] 156F6F424BBF7F9368255A5BB543FE37
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\HP_Administrator\Recent\avgremover.lnk --a---- 537 bytes [01:43 31/01/2012] [01:43 31/01/2012] 7EE41BCDB875F5441185156E16971501
C:\_OTM\MovedFiles\02062012_203245\C_Program Files\AVG\AVG2012\avgtray.exe --a---- 2415456 bytes [00:29 25/10/2011] [00:29 25/10/2011] (Unable to calculate MD5)
C:\_OTM\MovedFiles\02062012_203245\C_Program Files\AVG\AVG2012\avgui.exe --a---- 4196704 bytes [10:10 25/10/2011] [10:10 25/10/2011] (Unable to calculate MD5)
C:\_OTM\MovedFiles\02062012_203245\C_WINDOWS\Prefetch\AVGCMGR.EXE-3B0FF4AD.pf --a---- 33406 bytes [01:03 31/10/2010] [22:46 19/10/2011] 48B2F20D810D871BB5E5BF83E983EDAC
C:\_OTM\MovedFiles\02062012_203245\C_WINDOWS\Prefetch\AVGREMOVER.EXE-1B9624F6.pf --a---- 35646 bytes [01:43 31/01/2012] [23:15 01/02/2012] 6025263D75B6CE356821A9033AFCC43F

========== folderfind ==========

Searching for "*avg*"
C:\$AVG d------ [23:31 30/01/2010]
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\AVG2012 d------ [02:28 04/02/2012]
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9 d------ [02:28 04/02/2012]
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\AvgAm d------ [23:31 30/01/2010]
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\All Users\Application Data\avg9\AvgApi d------ [23:31 30/01/2010]
C:\_OTM\MovedFiles\02032012_212831\C_Documents and Settings\HP_Administrator\Application Data\AVG2012 d------ [02:28 04/02/2012]
C:\_OTM\MovedFiles\02032012_212831\C_Program Files\AVG d------ [02:28 04/02/2012]
C:\_OTM\MovedFiles\02032012_212831\C_Program Files\AVG\AVG10 d------ [02:28 04/02/2012]
C:\_OTM\MovedFiles\02032012_212831\C_Program Files\AVG\AVG2012 d------ [02:28 04/02/2012]
C:\_OTM\MovedFiles\02032012_212831\C_Program Files\AVG\AVG9 d------ [02:28 04/02/2012]
C:\_OTM\MovedFiles\02032012_212831\C_Program Files\Common Files\AVG Secure Search d------ [02:28 04/02/2012]
C:\_OTM\MovedFiles\02062012_203245\C_Documents and Settings\All Users\Start Menu\Programs\AVG 2012 d------ [22:58 19/10/2011]
C:\_OTM\MovedFiles\02062012_203245\C_Program Files\AVG d------ [01:32 07/02/2012]
C:\_OTM\MovedFiles\02062012_203245\C_Program Files\AVG\AVG2012 d------ [22:51 19/10/2011]

========== regfind ==========

Searching for "*avg"
No data found.

-= EOF =-

OTM Report
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\pack folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData\logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\MFAData folder moved successfully.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@avgtechnologies.112.2o7[1].txt moved successfully.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@avgtechnologies.112.2o7[2].txt moved successfully.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@avg[2].txt moved successfully.
C:\Documents and Settings\HP_Administrator\Desktop\avgremover.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Desktop\avgremover.log moved successfully.
C:\Documents and Settings\HP_Administrator\Desktop\avg_free_stb_all_2012_1869_cnet.exe moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\BD8EZDV6\www.avg[1].xml moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EBJR6H4V\forums.avg[1].xml moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EBJR6H4V\free.avg[1].xml moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EBJR6H4V\isearch.avg[1].xml moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\EBJR6H4V\myaccount.avg[1].xml moved successfully.
C:\Documents and Settings\HP_Administrator\Recent\AVG Secure Search.lnk moved successfully.
C:\Documents and Settings\HP_Administrator\Recent\AVG10.lnk moved successfully.
C:\Documents and Settings\HP_Administrator\Recent\avgfree_zt.lnk moved successfully.
C:\Documents and Settings\HP_Administrator\Recent\avgremover.lnk moved successfully.
C:\Program Files\AVG\AVG2012 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\WINDOWS\Prefetch\AVGCMGR.EXE-3B0FF4AD.pf moved successfully.
C:\WINDOWS\Prefetch\AVGREMOVER.EXE-1B9624F6.pf moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012 folder moved successfully.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.19.0 log created on 02062012_203245

#27 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 06 February 2012 - 09:00 PM

Please run OTL

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Under the Standard Registry box change it to All.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#28 nurpzilla

Member

Group: Members
Posts: 23
Joined: 05-January 12

Posted 07 February 2012 - 10:23 PM

ok here is the two items

OTL logfile created on: 2/7/2012 10:13:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 592.84 Mb Available Physical Memory | 61.85% Memory free
2.26 Gb Paging File | 2.05 Gb Available in Paging File | 90.63% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 78.96 Gb Free Space | 44.29% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.88 Gb Free Space | 11.00% Space Free | Partition Type: FAT32
Drive K: | 3.77 Gb Total Space | 3.75 Gb Free Space | 99.57% Space Free | Partition Type: FAT32

Computer Name: USER | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.5.0\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()

========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Microsoft Office\Office\MSO97.DLL ()
MOD - C:\Program Files\Microsoft Office\Office\OSA.EXE ()

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ftsata2) -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys (Promise Technology, Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (bb-run) -- C:\WINDOWS\system32\DRIVERS\bb-run.sys (Promise Technology, Inc.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20111044,16898,0,8,0
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.rr.com"

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2061: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2122: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1059: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: C:\Program Files\EpicPlay\npEpicHost.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

[2011/10/29 19:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2011/10/29 19:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2012/01/05 18:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5w9ye8ko.default\extensions
[2011/10/29 19:38:38 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\5w9ye8ko.default\extensions\textlinks@epicplay.com
[2008/04/05 14:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/05 14:21:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/05 14:21:07 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/05 14:21:08 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/04/05 14:21:19 | 000,000,000 | ---D | M] (Talkback) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2008/05/04 10:42:13 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD
[2007/03/18 17:26:45 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\SITEADVISOR\6028\FF
[2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2006/10/11 03:04:59 | 000,017,030 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/05/04 10:42:05 | 000,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2010/01/09 21:01:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2010/01/09 21:01:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2010/01/09 21:01:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2010/01/09 21:01:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2010/01/09 21:01:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2010/01/09 21:01:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2010/01/09 21:01:32 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/05/04 10:42:21 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/05/04 10:41:50 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2006/10/11 03:05:04 | 000,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2006/10/11 03:05:04 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2006/10/11 03:05:04 | 000,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2006/10/11 03:05:04 | 000,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2006/10/11 03:05:04 | 000,002,320 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2006/10/11 03:05:04 | 000,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2012/01/06 18:21:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe (Hewlett-Packard)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer for HDD Camcorder.lnk = C:\Program Files\PIXELA\ImageMixer for HDD Camcorder\IMx3Launcher.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {23A2712A-7A4F-4D0C-822C-D7BA9974447B} https://registration.rr.com/RegHelper.cab (SettingsHelper Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264905998062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5D42A72-50E8-4DD8-B173-65778B29328B}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -Explorer.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/09 08:03:37 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 05:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/07 22:12:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2012/02/06 20:47:07 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/06 20:30:51 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTM.exe
[2012/02/06 20:30:48 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\HP_Administrator\Desktop\erunt-setup.exe
[2012/02/03 21:28:31 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/02/03 21:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/02/03 21:23:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/01/23 17:49:35 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2012/01/19 18:44:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/07 07:11:18 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTL.exe
[2012/02/06 20:46:14 | 000,000,282 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2012/02/06 20:34:40 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/02/06 20:34:00 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImageMixer destination folder.lnk
[2012/02/06 20:33:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/06 20:31:27 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/06 20:31:21 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk
[2012/02/06 20:31:21 | 000,000,603 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2012/02/06 20:28:34 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator\Desktop\OTM.exe
[2012/02/06 20:27:46 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\HP_Administrator\Desktop\erunt-setup.exe
[2012/02/06 20:25:49 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 19:00:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/01/27 07:26:46 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\SystemLook.exe
[2012/01/25 07:06:26 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
[2012/01/23 08:05:58 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.exe
[2012/01/19 19:06:39 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2012/01/17 07:07:32 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\2of3phof.exe
[2012/01/17 07:07:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/06 20:46:14 | 000,000,282 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2012/02/03 21:23:13 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/02/03 21:23:03 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\NTREGOPT.lnk
[2012/02/03 21:23:03 | 000,000,603 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\ERUNT.lnk
[2012/01/29 14:22:07 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\SystemLook.exe
[2012/01/25 16:06:10 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\MBRCheck.exe
[2012/01/19 19:06:39 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\defogger_reenable
[2012/01/19 18:37:33 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\Defogger.exe
[2012/01/19 18:37:30 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Desktop\2of3phof.exe
[2010/12/19 09:51:13 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2010/12/19 09:51:02 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2010/12/19 09:21:16 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2010/12/19 09:21:02 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/12/18 17:35:14 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/12/08 18:55:59 | 000,088,397 | ---- | C] () -- C:\WINDOWS\hpoins06.dat.temp
[2010/12/08 18:55:59 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat.temp
[2010/08/20 21:51:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010/02/21 19:38:31 | 000,040,532 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/30 22:59:55 | 050,295,240 | ---- | C] () -- C:\WINDOWS\System32\MRT.exe
[2010/01/30 18:09:30 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\fusioncache.dat
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2007/01/20 15:03:40 | 000,000,476 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/11/18 21:47:05 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
[2005/11/18 21:42:04 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/31 16:56:47 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/10/31 16:56:39 | 000,105,168 | ---- | C] () -- C:\WINDOWS\NSUninst.exe
[2005/10/31 16:56:26 | 000,105,168 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2005/10/31 16:56:22 | 000,009,375 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/10/31 13:10:06 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2005/10/31 12:50:36 | 000,088,485 | ---- | C] () -- C:\WINDOWS\hpoins06.dat
[2005/10/31 12:50:36 | 000,005,389 | ---- | C] () -- C:\WINDOWS\hpomdl06.dat
[2005/08/09 08:32:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/09 08:30:18 | 000,001,040 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/08/09 08:06:55 | 000,014,288 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/08/09 08:06:49 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/08/09 08:04:18 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/08/09 07:59:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/09 07:54:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/08/09 07:54:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/08/09 07:54:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/08/09 07:54:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/08/09 07:54:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/08/09 07:54:40 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/08/09 07:47:41 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/08/09 07:41:21 | 000,112,873 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2005/08/09 07:41:21 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2005/08/09 07:36:09 | 000,080,418 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2005/08/09 07:36:08 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2005/08/09 07:34:06 | 000,072,881 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2005/08/09 07:34:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2005/08/09 07:33:05 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/09 07:28:38 | 000,094,574 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/09 07:18:23 | 000,000,036 | ---- | C] () -- C:\WINDOWS\wwwbatch.ini
[2005/08/09 07:15:07 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/08/09 07:11:17 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2005/08/09 07:11:17 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2005/08/09 07:10:58 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/07/07 15:07:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/06/07 17:48:54 | 000,195,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/06/07 01:57:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/06/07 01:55:32 | 000,382,022 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/06/07 01:55:32 | 000,053,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/11/17 06:32:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/11/17 06:27:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/27 00:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/24 01:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/24 01:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/07 00:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2010/10/30 20:00:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/04 20:55:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/06/02 19:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/09 21:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/10/15 00:00:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 2/7/2012 10:13:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.48 Mb Total Physical Memory | 592.84 Mb Available Physical Memory | 61.85% Memory free
2.26 Gb Paging File | 2.05 Gb Available in Paging File | 90.63% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 178.30 Gb Total Space | 78.96 Gb Free Space | 44.29% Space Free | Partition Type: NTFS
Drive D: | 8.00 Gb Total Space | 0.88 Gb Free Space | 11.00% Space Free | Partition Type: FAT32
Drive K: | 3.77 Gb Total Space | 3.75 Gb Free Space | 99.57% Space Free | Partition Type: FAT32

Computer Name: USER | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8085:TCP" = 8085:TCP:*:Enabled:HASPNT

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP -- (Hewlett-Packard)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Microsoft Help and Support Center -- (Microsoft Corporation)
"C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe" = C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe:*:Enabled:Microsoft Help Center Hosting Server -- (Microsoft Corporation)
"C:\WINDOWS\system32\dwwin.exe" = C:\WINDOWS\system32\dwwin.exe:*:Enabled:Microsoft Application Error Reporting -- (Microsoft Corporation)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Apple Software Update\SoftwareUpdate.exe" = C:\Program Files\Apple Software Update\SoftwareUpdate.exe:*:Enabled:Apple Software Update -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{044146E4-A924-458A-9948-4B9C7C7D9321}" = LightScribe 1.4.31.1
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{069730C2-755A-485B-A205-27A1AAFA836A}" = InstantShareAlert
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2C3D719A-92C7-4323-89CC-C937D0267B84}" = muvee autoProducer 4.0
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3076D235-59F2-448E-889F-D04F985B4CF1}" = HP Tunes
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4CD67A02-DF59-43f7-8E8F-86DCF40543EF}" = 2570_Help
"{50E7BB78-02B4-469a-9D8B-B2F42835F90E}" = ProductContextNPI
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8D0C57BC-4942-4960-BB6D-142456D6F233}" = HP Image Zone for Media Center PC
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A8D91906-4032-4443-8C49-69F90E38F39D}" = 2570
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B1931B3A-29E9-4F91-9B61-BE2CF05E84F1}" = muvee autoProducer unPlugged 1.1 - HPD
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}" = Office 2003 Tour
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EE55FD52-0D47-4c5a-96EC-48F70FF30520}" = 2570Trb
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"049D60AF-B425-4F8A-BD66-9D8C1B519D59" = Barnyard Invasion from HP Media Center (remove only)
"0814ADC6-5B36-4144-A8EA-439C36B1BB11" = Puzzle Express from HP Media Center (remove only)
"0AA27562-3C4E-4860-8742-7ADEBE2EFC43" = Ricochet Lost Worlds from HP Media Center (remove only)
"0C20CAB1-F8BC-4AC1-A796-535B005C1B83" = Super Granny from HP Media Center (remove only)
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"1280194E-E9D5-4253-95E7-40169E2A4848" = Flip Words from HP Media Center (remove only)
"133F647D-B454-42BC-ADBE-387482A29B88" = Swarm from HP Media Center (remove only)
"1B497FAA-E53E-420D-8408-FFDD3278CD50" = Blasterball 2 Holidays from HP Media Center (remove only)
"1FFA88DF-0AC3-4D9E-9139-5FF98813C12C" = Polar Bowler from HP Media Center (remove only)
"2BA80327-9385-4EC8-9796-47C49BD73352" = SCRABBLE Blast from HP Media Center (remove only)
"3D61540E-C88C-4358-B6A1-DC26648F2A3D" = Crystal Maze from HP Media Center (remove only)
"47D5A62B-1B41-4DB1-8267-ADA434FA782B" = Bejeweled 2 Deluxe from HP Media Center (remove only)
"538B9061-0C77-4FB2-903F-EC42A1FF5DD8" = Mah Jong Quest from HP Media Center (remove only)
"55275778-F7D9-4BA0-95F4-DEFD71ADDFD9" = Polar Golfer from HP Media Center (remove only)
"581538B9-2ED3-45E2-96CB-22AD8F811D2A" = Shrek 2 Ogre Bowler from HP Media Center (remove only)
"5DAA9E44-1B31-41CD-88A8-228EDED6E36E" = Bounce Symphony from HP Media Center (remove only)
"600C800C-5985-4E74-AFE7-571001AC3FA4" = Slyder from HP Media Center (remove only)
"758619C0-7C97-42BB-B1E9-775F72FDAD1E" = Blackhawk Striker 2 from HP Media Center (remove only)
"90EA5584-4290-407B-B8F2-D6E6D65A4796" = Boggle Supreme from HP Media Center (remove only)
"A09026AE-8F16-4929-B4E6-1825535844DB" = Insaniquarium Deluxe from HP Media Center (remove only)
"A51671BD-9BE5-4944-AC62-A2A0B6FF5E54" = Digby's Donuts from HP Media Center (remove only)
"A73FAC36-8925-465D-8FA2-4DA98BD9B441" = Jewel Quest from HP Media Center (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"alotToolbar" = ALOT Toolbar
"ATI Display Driver" = ATI Display Driver
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"B3FF79F4-CDA8-4845-A7C0-9CE017719F36" = Tradewinds from HP Media Center (remove only)
"B68BB501-10CD-46E2-BB45-075A2ABFD242" = FATE Demo from HP Media Center (remove only)
"B7217206-A362-446B-A0F7-A2622B82F821" = SCRABBLE from HP Media Center (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79" = Blasterball 2 from HP Media Center (remove only)
"D77E8A46-BEB4-49ED-B2D3-B77180169FA3" = Big Kahuna Reef from HP Media Center (remove only)
"E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E" = Slingo Deluxe from HP Media Center (remove only)
"E59F75D0-A38B-40F4-ABA2-CA35A7735473" = Bookworm Deluxe from HP Media Center (remove only)
"EC03679F-C9F0-46E8-864D-FCCF83F4EB86" = SCRABBLE Rack Attack from HP Media Center (remove only)
"EpicPlay" = EpicPlay
"ERUNT_is1" = ERUNT 1.1j
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"HPOOVClient-9972322 Uninstaller" = Updates from HP (remove only)
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"PS2" = PS2
"Python 2.2.3" = Python 2.2.3
"pywin32-py2.2" = Python 2.2 pywin32 extensions (build 203)
"RealPlayer 6.0" = RealPlayer
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/4/2012 8:38:22 PM | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/5/2012 6:46:03 PM | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 1/5/2012 6:46:03 PM | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/5/2012 6:46:03 PM | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/5/2012 6:46:04 PM | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/5/2012 6:46:04 PM | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/5/2012 6:46:04 PM | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/5/2012 6:46:04 PM | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/5/2012 6:46:04 PM | Computer Name = USER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 1/19/2012 7:37:09 PM | Computer Name = USER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 2/1/2012 7:13:38 PM | Computer Name = USER | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%2

Error - 2/1/2012 7:13:38 PM | Computer Name = USER | Source = Service Control Manager | ID = 7000
Description = The TCP/IP Protocol Driver service failed to start due to the following
error: %%2

Error - 2/1/2012 7:13:38 PM | Computer Name = USER | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness (NLA) service depends on the TCP/IP
Protocol Driver service which failed to start because of the following error: %%2

Error - 2/3/2012 10:19:16 PM | Computer Name = USER | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 2/3/2012 10:21:25 PM | Computer Name = USER | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 2/6/2012 9:26:09 PM | Computer Name = USER | Source = NetBT | ID = 4311
Description = Initialization failed because the driver device could not be created.

Error - 2/6/2012 9:28:17 PM | Computer Name = USER | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 2/6/2012 9:28:17 PM | Computer Name = USER | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 2/6/2012 9:46:49 PM | Computer Name = USER | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 2/6/2012 9:46:49 PM | Computer Name = USER | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

< End of report >

#29 m0le

I know the drill!

Group: Malware Response Instructor
Posts: 29,114
Joined: 24-July 08
Gender:Male
Location:London, UK

Posted 08 February 2012 - 05:34 PM

Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:files
C:\$AVG
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"

Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

If Combofix fails again then run MBAM next

Please download

Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If MBAM won't update then download and update MBAM on a clean computer then save the rules.ref folder to a memory stick. This file is found here: 'C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware' then transfer it across to the infected computer.
On the Scanner tab:
- Make sure the "Perform Full Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

If I have helped you fix your PC then please donate. Thanks

Posted Image

m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#30 nurpzilla

Member

Group: Members
Posts: 23
Joined: 05-January 12

Posted 08 February 2012 - 08:28 PM

ok here is what came up, after running and getting the note pad I tried combofix, would not work again still said AVG was still running. Next question you said to download MBAM, i can not get to my internet that is part of the problem. Can I still download to the portable hard drive like everything else then put onto my comuter and run it. I ask because you said that it will look for updates. So it can not do that since my internet is not working. Let me know. Thanks

========== FILES ==========
C:\$AVG\$VAULT folder moved successfully.
C:\$AVG\$CHJW folder moved successfully.
C:\$AVG folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.31.0 log created on 02082012_202217