Jump to content

jeffds

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by jeffds

  1. jeffds
    Sorry for complicating this
  2. jeffds
    Sorry I asked you if it was safe to plug in my usb drives and scan them which I did... I didn't know the drives were infected. Sorry the new MBAM Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4514 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 02/09/2010 10:46:34 AM mbam-log-2010-09-02 (10-46-34).txt Scan type: Quick scan Objects scanned: 129977 Time elapsed: 10 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Documents and Settings\Admin\Local Settings\temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Admin\Local Settings\temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Admin\Local Settings\temp\E_N4 (Worm.Autorun) -> Delete on reboot. Files Infected: C:\Documents and Settings\Admin\Local Settings\temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Admin\Local Settings\temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot. C:\Documents and Settings\Admin\Local Settings\temp\E_N4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully. C:\Documents and Settings\Admin\Local Settings\temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot. C:\Documents and Settings\Admin\Local Settings\temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot.
  3. jeffds
    I think I have been infected again by this drive. AVG LOG 4.10.2009 05:28:23.718 [ec0] AVG for E-mail [8.5.401] started 4.10.2009 05:28:23.796 [ec0] Registered in WatchDog 4.10.2009 05:28:23.796 [ec0] EMC changed state :@EMC_Init_Short 4.10.2009 05:28:29.703 [ec0] Using AVG Kernel: 8.5.409 [270.14.3/2412] 4.10.2009 05:28:29 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 4.10.2009 05:28:30 Using Cyrus SASL 2.1.13 4.10.2009 05:28:30 Starting the main loop 4.10.2009 05:28:30 Redirector version 80000 4.10.2009 05:28:30 EMC changed state :@EMC_Init_Short 4.10.2009 05:28:30 EMC changed state :@EMC_Not_Fully_Functional_Short 4.10.2009 05:28:30 AutoPOP3(10110): Starting server 4.10.2009 05:28:30 Queue processing started 4.10.2009 05:28:30 EMC changed state :@EMC_Running_Short 4.10.2009 05:51:21 EMC changed state :@EMC_Stopping_Short 4.10.2009 05:51:22 End of program 4.10.2009 05:51:22 AVG for E-mail ended 4.10.2009 05:52:22.328 [8c] AVG for E-mail [8.5.401] started 4.10.2009 05:52:22.718 [8c] Registered in WatchDog 4.10.2009 05:52:22.718 [8c] EMC changed state :@EMC_Init_Short 4.10.2009 05:52:38.625 [8c] Using AVG Kernel: 8.5.409 [270.14.3/2412] 4.10.2009 05:52:38 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 4.10.2009 05:52:39 Using Cyrus SASL 2.1.13 4.10.2009 05:52:40 Starting the main loop 4.10.2009 05:52:40 Redirector version 80000 4.10.2009 05:52:40 EMC changed state :@EMC_Init_Short 4.10.2009 05:52:40 EMC changed state :@EMC_Not_Fully_Functional_Short 4.10.2009 05:52:40 AutoPOP3(10110): Starting server 4.10.2009 05:52:40 Queue processing started 4.10.2009 05:52:40 EMC changed state :@EMC_Running_Short 4.10.2009 05:54:04 EMC changed state :@EMC_Stopping_Short 4.10.2009 05:54:05 End of program 4.10.2009 05:54:05 AVG for E-mail ended 4.10.2009 05:58:56.093 [1c4] AVG for E-mail [8.5.401] started 4.10.2009 05:58:56.656 [1c4] Registered in WatchDog 4.10.2009 05:58:57.734 [1c4] EMC changed state :@EMC_Init_Short 4.10.2009 05:59:03.718 [1c4] Using AVG Kernel: 8.5.409 [270.14.3/2412] 4.10.2009 05:59:03 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 4.10.2009 05:59:04 Using Cyrus SASL 2.1.13 4.10.2009 05:59:05 Starting the main loop 4.10.2009 05:59:05 Redirector version 80000 4.10.2009 05:59:05 EMC changed state :@EMC_Init_Short 4.10.2009 05:59:05 EMC changed state :@EMC_Not_Fully_Functional_Short 4.10.2009 05:59:05 Queue processing started 4.10.2009 05:59:05 AutoPOP3(10110): Starting server 4.10.2009 05:59:05 EMC changed state :@EMC_Running_Short 4.10.2009 06:41:56 EMC changed state :@EMC_Stopping_Short 4.10.2009 06:41:57 End of program 4.10.2009 06:41:57 AVG for E-mail ended 4.10.2009 06:42:58.593 [368] AVG for E-mail [8.5.401] started 4.10.2009 06:42:59.062 [368] Registered in WatchDog 4.10.2009 06:42:59.109 [368] EMC changed state :@EMC_Init_Short 4.10.2009 06:43:10.406 [368] Using AVG Kernel: 8.5.409 [270.14.3/2412] 4.10.2009 06:43:10 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 4.10.2009 06:43:11 Using Cyrus SASL 2.1.13 4.10.2009 06:43:12 Starting the main loop 4.10.2009 06:43:12 Redirector version 80000 4.10.2009 06:43:12 EMC changed state :@EMC_Init_Short 4.10.2009 06:43:12 EMC changed state :@EMC_Not_Fully_Functional_Short 4.10.2009 06:43:12 AutoPOP3(10110): Starting server 4.10.2009 06:43:12 Queue processing started 4.10.2009 06:43:12 EMC changed state :@EMC_Running_Short 4.10.2009 11:10:03 EMC changed state :@EMC_Stopping_Short 4.10.2009 11:10:05 End of program 4.10.2009 11:10:05 AVG for E-mail ended 4.10.2009 11:10:11.000 [914] AVG for E-mail [8.5.401] started 4.10.2009 11:10:12.234 [914] Registered in WatchDog 4.10.2009 11:10:12.250 [914] EMC changed state :@EMC_Init_Short 4.10.2009 11:10:20.343 [914] Using AVG Kernel: 8.5.409 [270.14.3/2413] 4.10.2009 11:10:20 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 4.10.2009 11:10:20 Using Cyrus SASL 2.1.13 4.10.2009 11:10:20 Starting the main loop 4.10.2009 11:10:20 Redirector version 80000 4.10.2009 11:10:20 EMC changed state :@EMC_Init_Short 4.10.2009 11:10:20 EMC changed state :@EMC_Not_Fully_Functional_Short 4.10.2009 11:10:20 Queue processing started 4.10.2009 11:10:20 AutoPOP3(10110): Starting server 4.10.2009 11:10:20 EMC changed state :@EMC_Running_Short 5.10.2009 00:58:03 EMC changed state :@EMC_Stopping_Short 5.10.2009 00:58:05 End of program 5.10.2009 00:58:05 AVG for E-mail ended 5.10.2009 23:31:36.406 [254] AVG for E-mail [8.5.401] started 5.10.2009 23:31:36.796 [254] Registered in WatchDog 5.10.2009 23:31:36.828 [254] EMC changed state :@EMC_Init_Short 5.10.2009 23:31:52.921 [254] Using AVG Kernel: 8.5.420 [270.14.3/2414] 5.10.2009 23:31:58 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 5.10.2009 23:31:59 Using Cyrus SASL 2.1.13 5.10.2009 23:32:01 Starting the main loop 5.10.2009 23:32:01 Redirector version 80000 5.10.2009 23:32:01 EMC changed state :@EMC_Init_Short 5.10.2009 23:32:01 EMC changed state :@EMC_Not_Fully_Functional_Short 5.10.2009 23:32:02 AutoPOP3(10110): Starting server 5.10.2009 23:32:02 Queue processing started 5.10.2009 23:32:02 EMC changed state :@EMC_Running_Short 6.10.2009 19:47:37 EMC changed state :@EMC_Stopping_Short 6.10.2009 19:47:43 End of program 6.10.2009 19:47:43 AVG for E-mail ended 6.10.2009 19:48:48.078 [3c4] AVG for E-mail [8.5.401] started 6.10.2009 19:48:52.640 [3c4] Registered in WatchDog 6.10.2009 19:48:53.671 [3c4] EMC changed state :@EMC_Init_Short 6.10.2009 19:49:30.562 [3c4] Using AVG Kernel: 8.5.420 [270.14.4/2416] 6.10.2009 19:49:32 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 6.10.2009 19:49:38 Using Cyrus SASL 2.1.13 6.10.2009 19:49:44 Starting the main loop 6.10.2009 19:49:44 Redirector version 80000 6.10.2009 19:49:44 EMC changed state :@EMC_Init_Short 6.10.2009 19:49:44 EMC changed state :@EMC_Not_Fully_Functional_Short 6.10.2009 19:49:44 AutoPOP3(10110): Starting server 6.10.2009 19:49:44 Queue processing started 6.10.2009 19:49:44 EMC changed state :@EMC_Running_Short 6.10.2009 23:37:22 EMC changed state :@EMC_Stopping_Short 6.10.2009 23:37:24 End of program 6.10.2009 23:37:24 AVG for E-mail ended 7.10.2009 21:49:42.203 [3b4] AVG for E-mail [8.5.401] started 7.10.2009 21:49:42.281 [3b4] Registered in WatchDog 7.10.2009 21:49:42.281 [3b4] EMC changed state :@EMC_Init_Short 7.10.2009 21:49:47.796 [3b4] Using AVG Kernel: 8.5.420 [270.14.5/2418] 7.10.2009 21:49:47 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 7.10.2009 21:49:48 Using Cyrus SASL 2.1.13 7.10.2009 21:49:50 Starting the main loop 7.10.2009 21:49:50 Redirector version 80000 7.10.2009 21:49:50 EMC changed state :@EMC_Init_Short 7.10.2009 21:49:50 EMC changed state :@EMC_Not_Fully_Functional_Short 7.10.2009 21:49:50 AutoPOP3(10110): Starting server 7.10.2009 21:49:50 Queue processing started 7.10.2009 21:49:50 EMC changed state :@EMC_Running_Short 8.10.2009 00:46:10 EMC changed state :@EMC_Stopping_Short 8.10.2009 00:46:15 End of program 8.10.2009 00:46:15 AVG for E-mail ended 8.10.2009 00:47:18.703 [438] AVG for E-mail [8.5.401] started 8.10.2009 00:47:19.265 [438] Registered in WatchDog 8.10.2009 00:47:19.328 [438] EMC changed state :@EMC_Init_Short 8.10.2009 00:47:25.093 [438] Using AVG Kernel: 8.5.421 [270.14.7/2421] 8.10.2009 00:47:25 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 8.10.2009 00:47:26 Using Cyrus SASL 2.1.13 8.10.2009 00:47:27 Starting the main loop 8.10.2009 00:47:27 Redirector version 80000 8.10.2009 00:47:27 EMC changed state :@EMC_Init_Short 8.10.2009 00:47:27 EMC changed state :@EMC_Not_Fully_Functional_Short 8.10.2009 00:47:27 AutoPOP3(10110): Starting server 8.10.2009 00:47:27 Queue processing started 8.10.2009 00:47:28 EMC changed state :@EMC_Running_Short 8.10.2009 08:11:44 EMC changed state :@EMC_Stopping_Short 8.10.2009 08:11:46 End of program 8.10.2009 08:11:46 AVG for E-mail ended 8.10.2009 18:29:20.531 [3b8] AVG for E-mail [8.5.401] started 8.10.2009 18:29:21.375 [3b8] Registered in WatchDog 8.10.2009 18:29:21.437 [3b8] EMC changed state :@EMC_Init_Short 8.10.2009 18:29:29.984 [3b8] Using AVG Kernel: 8.5.421 [270.14.7/2421] 8.10.2009 18:29:30 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 8.10.2009 18:29:31 Using Cyrus SASL 2.1.13 8.10.2009 18:29:34 Starting the main loop 8.10.2009 18:29:34 Redirector version 80000 8.10.2009 18:29:34 EMC changed state :@EMC_Init_Short 8.10.2009 18:29:34 EMC changed state :@EMC_Not_Fully_Functional_Short 8.10.2009 18:29:34 AutoPOP3(10110): Starting server 8.10.2009 18:29:34 Queue processing started 8.10.2009 18:29:34 EMC changed state :@EMC_Running_Short 12.10.2009 19:47:23.343 [458] AVG for E-mail [8.5.401] started 12.10.2009 19:47:23.390 [458] Registered in WatchDog 12.10.2009 19:47:23.390 [458] EMC changed state :@EMC_Init_Short 12.10.2009 19:47:29.515 [458] Using AVG Kernel: 8.5.421 [270.14.9/2428] 12.10.2009 19:47:29 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 12.10.2009 19:47:30 Using Cyrus SASL 2.1.13 12.10.2009 19:47:31 Starting the main loop 12.10.2009 19:47:31 Redirector version 80000 12.10.2009 19:47:31 EMC changed state :@EMC_Init_Short 12.10.2009 19:47:31 EMC changed state :@EMC_Not_Fully_Functional_Short 12.10.2009 19:47:31 AutoPOP3(10110): Starting server 12.10.2009 19:47:31 Queue processing started 12.10.2009 19:47:31 EMC changed state :@EMC_Running_Short 15.10.2009 23:02:23 EMC changed state :@EMC_Stopping_Short 15.10.2009 23:02:27 End of program 15.10.2009 23:02:27 AVG for E-mail ended 15.10.2009 23:03:36.421 [4d4] AVG for E-mail [8.5.401] started 15.10.2009 23:03:36.593 [4d4] Registered in WatchDog 15.10.2009 23:03:36.593 [4d4] EMC changed state :@EMC_Init_Short 15.10.2009 23:03:53.406 [4d4] Using AVG Kernel: 8.5.421 [270.14.16/2435] 15.10.2009 23:03:55 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 15.10.2009 23:04:02 Using Cyrus SASL 2.1.13 15.10.2009 23:04:04 Starting the main loop 15.10.2009 23:04:04 Redirector version 80000 15.10.2009 23:04:04 EMC changed state :@EMC_Init_Short 15.10.2009 23:04:04 EMC changed state :@EMC_Not_Fully_Functional_Short 15.10.2009 23:04:04 AutoPOP3(10110): Starting server 15.10.2009 23:04:04 Queue processing started 15.10.2009 23:04:04 EMC changed state :@EMC_Running_Short 20.10.2009 14:51:17 EMC changed state :@EMC_Stopping_Short 20.10.2009 14:51:21 End of program 20.10.2009 14:51:21 AVG for E-mail ended 20.10.2009 14:51:33.578 [bf0] AVG for E-mail [8.5.401] started 20.10.2009 14:51:33.609 [bf0] Registered in WatchDog 20.10.2009 14:51:33.609 [bf0] EMC changed state :@EMC_Init_Short 20.10.2009 14:51:37.046 [bf0] Using AVG Kernel: 8.5.422 [270.14.24/2449] 20.10.2009 14:51:37 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 20.10.2009 14:51:37 Using Cyrus SASL 2.1.13 20.10.2009 14:51:38 Starting the main loop 20.10.2009 14:51:38 Redirector version 80000 20.10.2009 14:51:38 EMC changed state :@EMC_Init_Short 20.10.2009 14:51:38 EMC changed state :@EMC_Not_Fully_Functional_Short 20.10.2009 14:51:38 AutoPOP3(10110): Starting server 20.10.2009 14:51:38 Queue processing started 20.10.2009 14:51:38 EMC changed state :@EMC_Running_Short 24.10.2009 16:32:05.953 [628] AVG for E-mail [8.5.401] started 24.10.2009 16:32:06.468 [628] Registered in WatchDog 24.10.2009 16:32:06.500 [628] EMC changed state :@EMC_Init_Short 24.10.2009 16:32:20.546 [628] Using AVG Kernel: 8.5.423 [270.14.31/2457] 24.10.2009 16:32:21 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 24.10.2009 16:32:22 Using Cyrus SASL 2.1.13 24.10.2009 16:32:25 Starting the main loop 24.10.2009 16:32:25 Redirector version 80000 24.10.2009 16:32:25 EMC changed state :@EMC_Init_Short 24.10.2009 16:32:25 EMC changed state :@EMC_Not_Fully_Functional_Short 24.10.2009 16:32:25 AutoPOP3(10110): Starting server 24.10.2009 16:32:25 Queue processing started 24.10.2009 16:32:25 EMC changed state :@EMC_Running_Short 28.10.2009 20:49:47.359 [65c] AVG for E-mail [8.5.401] started 28.10.2009 20:49:47.640 [65c] Registered in WatchDog 28.10.2009 20:49:47.640 [65c] EMC changed state :@EMC_Init_Short 28.10.2009 20:50:01.390 [65c] Using AVG Kernel: 8.5.423 [270.14.37/2466] 28.10.2009 20:50:02 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 28.10.2009 20:50:04 Using Cyrus SASL 2.1.13 28.10.2009 20:50:07 Starting the main loop 28.10.2009 20:50:07 Redirector version 80000 28.10.2009 20:50:07 EMC changed state :@EMC_Init_Short 28.10.2009 20:50:07 EMC changed state :@EMC_Not_Fully_Functional_Short 28.10.2009 20:50:07 AutoPOP3(10110): Starting server 28.10.2009 20:50:07 Queue processing started 28.10.2009 20:50:07 EMC changed state :@EMC_Running_Short 5.11.2009 21:09:45 EMC changed state :@EMC_Stopping_Short 5.11.2009 21:09:50 End of program 5.11.2009 21:09:50 AVG for E-mail ended 5.11.2009 21:09:57.109 [89c] AVG for E-mail [8.5.401] started 5.11.2009 21:09:57.203 [89c] Registered in WatchDog 5.11.2009 21:09:57.203 [89c] EMC changed state :@EMC_Init_Short 5.11.2009 21:10:05.171 [89c] Using AVG Kernel: 8.5.424 [270.14.52/2483] 5.11.2009 21:10:05 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 5.11.2009 21:10:05 Using Cyrus SASL 2.1.13 5.11.2009 21:10:05 Starting the main loop 5.11.2009 21:10:05 Redirector version 80000 5.11.2009 21:10:05 EMC changed state :@EMC_Init_Short 5.11.2009 21:10:05 EMC changed state :@EMC_Not_Fully_Functional_Short 5.11.2009 21:10:05 AutoPOP3(10110): Starting server 5.11.2009 21:10:05 Queue processing started 5.11.2009 21:10:05 EMC changed state :@EMC_Running_Short 8.11.2009 10:33:38 EMC changed state :@EMC_Stopping_Short 8.11.2009 10:33:39 End of program 8.11.2009 10:33:39 AVG for E-mail ended 8.11.2009 10:34:31.171 [59c] AVG for E-mail [8.5.401] started 8.11.2009 10:34:31.312 [59c] Registered in WatchDog 8.11.2009 10:34:31.312 [59c] EMC changed state :@EMC_Init_Short 8.11.2009 10:34:37.734 [59c] Using AVG Kernel: 8.5.425 [270.14.55/2489] 8.11.2009 10:34:37 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 8.11.2009 10:34:38 Using Cyrus SASL 2.1.13 8.11.2009 10:34:38 Starting the main loop 8.11.2009 10:34:38 Redirector version 80000 8.11.2009 10:34:38 EMC changed state :@EMC_Init_Short 8.11.2009 10:34:38 EMC changed state :@EMC_Not_Fully_Functional_Short 8.11.2009 10:34:40 AutoPOP3(10110): Starting server 8.11.2009 10:34:40 Queue processing started 8.11.2009 10:34:40 EMC changed state :@EMC_Running_Short 14.11.2009 00:43:01 EMC changed state :@EMC_Stopping_Short 14.11.2009 00:43:06 End of program 14.11.2009 00:43:06 AVG for E-mail ended 14.11.2009 00:43:58.171 [508] AVG for E-mail [8.5.401] started 14.11.2009 00:43:58.437 [508] Registered in WatchDog 14.11.2009 00:43:58.453 [508] EMC changed state :@EMC_Init_Short 14.11.2009 00:44:05.328 [508] Using AVG Kernel: 8.5.425 [270.14.64/2501] 14.11.2009 00:44:05 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 14.11.2009 00:44:06 Using Cyrus SASL 2.1.13 14.11.2009 00:44:08 Starting the main loop 14.11.2009 00:44:08 Redirector version 80000 14.11.2009 00:44:08 EMC changed state :@EMC_Init_Short 14.11.2009 00:44:08 EMC changed state :@EMC_Not_Fully_Functional_Short 14.11.2009 00:44:08 AutoPOP3(10110): Starting server 14.11.2009 00:44:08 Queue processing started 14.11.2009 00:44:08 EMC changed state :@EMC_Running_Short 21.11.2009 17:43:07 EMC changed state :@EMC_Stopping_Short 21.11.2009 17:44:20.671 [510] AVG for E-mail [8.5.401] started 21.11.2009 17:44:21.500 [510] Registered in WatchDog 21.11.2009 17:44:21.515 [510] EMC changed state :@EMC_Init_Short 21.11.2009 17:44:34.812 [510] Using AVG Kernel: 8.5.425 [270.14.76/2518] 21.11.2009 17:44:35 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 21.11.2009 17:44:36 Using Cyrus SASL 2.1.13 21.11.2009 17:44:36 Starting the main loop 21.11.2009 17:44:36 Redirector version 80000 21.11.2009 17:44:36 EMC changed state :@EMC_Init_Short 21.11.2009 17:44:36 EMC changed state :@EMC_Not_Fully_Functional_Short 21.11.2009 17:44:36 AutoPOP3(10110): Starting server 21.11.2009 17:44:36 Queue processing started 21.11.2009 17:44:36 EMC changed state :@EMC_Running_Short 25.11.2009 03:16:01 EMC changed state :@EMC_Stopping_Short 25.11.2009 03:16:05 End of program 25.11.2009 03:16:05 AVG for E-mail ended 25.11.2009 03:17:00.328 [650] AVG for E-mail [8.5.401] started 25.11.2009 03:17:00.593 [650] Registered in WatchDog 25.11.2009 03:17:00.609 [650] EMC changed state :@EMC_Init_Short 25.11.2009 03:17:10.812 [650] Using AVG Kernel: 8.5.425 [270.14.81/2524] 25.11.2009 03:17:11 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 25.11.2009 03:17:13 Using Cyrus SASL 2.1.13 25.11.2009 03:17:15 Starting the main loop 25.11.2009 03:17:15 Redirector version 80000 25.11.2009 03:17:15 EMC changed state :@EMC_Init_Short 25.11.2009 03:17:15 EMC changed state :@EMC_Not_Fully_Functional_Short 25.11.2009 03:17:15 Queue processing started 25.11.2009 03:17:15 AutoPOP3(10110): Starting server 25.11.2009 03:17:15 EMC changed state :@EMC_Running_Short 25.11.2009 22:31:14 EMC changed state :@EMC_Stopping_Short 25.11.2009 22:31:16 End of program 25.11.2009 22:31:16 AVG for E-mail ended 25.11.2009 22:31:22.750 [f90] AVG for E-mail [8.5.401] started 25.11.2009 22:31:24.250 [f90] Registered in WatchDog 25.11.2009 22:31:24.343 [f90] EMC changed state :@EMC_Init_Short 25.11.2009 22:31:27.687 [f90] Using AVG Kernel: 8.5.425 [270.14.83/2526] 25.11.2009 22:31:27 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 25.11.2009 22:31:28 Using Cyrus SASL 2.1.13 25.11.2009 22:31:28 Starting the main loop 25.11.2009 22:31:28 Redirector version 80000 25.11.2009 22:31:28 EMC changed state :@EMC_Init_Short 25.11.2009 22:31:28 EMC changed state :@EMC_Not_Fully_Functional_Short 25.11.2009 22:31:28 AutoPOP3(10110): Starting server 25.11.2009 22:31:28 Queue processing started 25.11.2009 22:31:28 EMC changed state :@EMC_Running_Short 10.12.2009 21:36:04 EMC changed state :@EMC_Stopping_Short 10.12.2009 21:36:09 End of program 10.12.2009 21:36:09 AVG for E-mail ended 10.12.2009 21:37:15.250 [690] AVG for E-mail [8.5.401] started 10.12.2009 21:37:16.406 [690] Registered in WatchDog 10.12.2009 21:37:16.421 [690] EMC changed state :@EMC_Init_Short 10.12.2009 21:37:35.140 [690] Using AVG Kernel: 8.5.426 [270.14.102/2556] 10.12.2009 21:37:36 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 10.12.2009 21:37:42 Using Cyrus SASL 2.1.13 10.12.2009 21:37:46 Starting the main loop 10.12.2009 21:37:46 Redirector version 80000 10.12.2009 21:37:46 EMC changed state :@EMC_Init_Short 10.12.2009 21:37:46 EMC changed state :@EMC_Not_Fully_Functional_Short 10.12.2009 21:37:47 AutoPOP3(10110): Starting server 10.12.2009 21:37:47 Queue processing started 10.12.2009 21:37:48 EMC changed state :@EMC_Running_Short 11.12.2009 19:37:26 EMC changed state :@EMC_Stopping_Short 11.12.2009 19:37:28 End of program 11.12.2009 19:37:28 AVG for E-mail ended 11.12.2009 19:37:38.156 [f04] AVG for E-mail [8.5.401] started 11.12.2009 19:37:38.703 [f04] Registered in WatchDog 11.12.2009 19:37:38.781 [f04] EMC changed state :@EMC_Init_Short 11.12.2009 19:37:46.375 [f04] Using AVG Kernel: 8.5.426 [270.14.104/2559] 11.12.2009 19:37:46 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 11.12.2009 19:37:46 Using Cyrus SASL 2.1.13 11.12.2009 19:37:46 Starting the main loop 11.12.2009 19:37:46 Redirector version 80000 11.12.2009 19:37:46 EMC changed state :@EMC_Init_Short 11.12.2009 19:37:46 EMC changed state :@EMC_Not_Fully_Functional_Short 11.12.2009 19:37:46 AutoPOP3(10110): Starting server 11.12.2009 19:37:46 Queue processing started 11.12.2009 19:37:46 EMC changed state :@EMC_Running_Short 21.12.2009 21:27:49 EMC changed state :@EMC_Stopping_Short 21.12.2009 21:27:53 End of program 21.12.2009 21:27:53 AVG for E-mail ended 21.12.2009 21:28:09.109 [8e4] AVG for E-mail [8.5.401] started 21.12.2009 21:28:10.546 [8e4] Registered in WatchDog 21.12.2009 21:28:10.578 [8e4] EMC changed state :@EMC_Init_Short 21.12.2009 21:28:14.656 [8e4] Using AVG Kernel: 8.5.427 [270.14.116/2580] 21.12.2009 21:28:14 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 21.12.2009 21:28:15 Using Cyrus SASL 2.1.13 21.12.2009 21:28:15 Starting the main loop 21.12.2009 21:28:15 Redirector version 80000 21.12.2009 21:28:15 EMC changed state :@EMC_Init_Short 21.12.2009 21:28:15 EMC changed state :@EMC_Not_Fully_Functional_Short 21.12.2009 21:28:15 AutoPOP3(10110): Starting server 21.12.2009 21:28:15 Queue processing started 21.12.2009 21:28:15 EMC changed state :@EMC_Running_Short 28.12.2009 11:45:46 EMC changed state :@EMC_Stopping_Short 28.12.2009 11:45:47 End of program 28.12.2009 11:45:47 AVG for E-mail ended 28.12.2009 11:45:55.484 [1b4] AVG for E-mail [8.5.401] started 28.12.2009 11:45:56.953 [1b4] Registered in WatchDog 28.12.2009 11:45:56.984 [1b4] EMC changed state :@EMC_Init_Short 28.12.2009 11:46:00.562 [1b4] Using AVG Kernel: 8.5.430 [270.14.122/2590] 28.12.2009 11:46:00 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 28.12.2009 11:46:01 Using Cyrus SASL 2.1.13 28.12.2009 11:46:01 Starting the main loop 28.12.2009 11:46:01 Redirector version 80000 28.12.2009 11:46:01 EMC changed state :@EMC_Init_Short 28.12.2009 11:46:01 EMC changed state :@EMC_Not_Fully_Functional_Short 28.12.2009 11:46:01 AutoPOP3(10110): Starting server 28.12.2009 11:46:01 Queue processing started 28.12.2009 11:46:01 EMC changed state :@EMC_Running_Short 4.1.2010 19:06:25 EMC changed state :@EMC_Stopping_Short 4.1.2010 19:06:29 End of program 4.1.2010 19:06:29 AVG for E-mail ended 4.1.2010 19:06:41.109 [9fc] AVG for E-mail [8.5.401] started 4.1.2010 19:06:43.093 [9fc] Registered in WatchDog 4.1.2010 19:06:43.093 [9fc] EMC changed state :@EMC_Init_Short 4.1.2010 19:06:45.578 [9fc] Using AVG Kernel: 8.5.431 [270.14.125/2600] 4.1.2010 19:06:45 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 4.1.2010 19:06:46 Using Cyrus SASL 2.1.13 4.1.2010 19:06:46 Starting the main loop 4.1.2010 19:06:46 Redirector version 80000 4.1.2010 19:06:46 EMC changed state :@EMC_Init_Short 4.1.2010 19:06:46 EMC changed state :@EMC_Not_Fully_Functional_Short 4.1.2010 19:06:46 AutoPOP3(10110): Starting server 4.1.2010 19:06:46 Queue processing started 4.1.2010 19:06:46 EMC changed state :@EMC_Running_Short 13.1.2010 22:54:17 EMC changed state :@EMC_Stopping_Short 13.1.2010 22:54:22 End of program 13.1.2010 22:54:22 AVG for E-mail ended 13.1.2010 22:55:15.578 [440] AVG for E-mail [8.5.401] started 13.1.2010 22:55:16.015 [440] Registered in WatchDog 13.1.2010 22:55:16.031 [440] EMC changed state :@EMC_Init_Short 13.1.2010 22:55:24.453 [440] Using AVG Kernel: 8.5.432 [270.14.138/2618] 13.1.2010 22:55:25 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 13.1.2010 22:55:29 Using Cyrus SASL 2.1.13 13.1.2010 22:55:31 Starting the main loop 13.1.2010 22:55:31 Redirector version 80000 13.1.2010 22:55:31 EMC changed state :@EMC_Init_Short 13.1.2010 22:55:31 EMC changed state :@EMC_Not_Fully_Functional_Short 13.1.2010 22:55:31 AutoPOP3(10110): Starting server 13.1.2010 22:55:31 EMC changed state :@EMC_Running_Short 13.1.2010 22:55:31 Queue processing started 21.1.2010 19:44:58 EMC changed state :@EMC_Stopping_Short 21.1.2010 19:45:01 End of program 21.1.2010 19:45:01 AVG for E-mail ended 21.1.2010 19:45:57.281 [580] AVG for E-mail [8.5.401] started 21.1.2010 19:45:58.140 [580] Registered in WatchDog 21.1.2010 19:45:58.140 [580] EMC changed state :@EMC_Init_Short 21.1.2010 19:46:10.640 [580] Using AVG Kernel: 8.5.432 [271.1.1/2637] 21.1.2010 19:46:11 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 21.1.2010 19:46:14 Using Cyrus SASL 2.1.13 21.1.2010 19:46:16 Starting the main loop 21.1.2010 19:46:16 Redirector version 80000 21.1.2010 19:46:16 EMC changed state :@EMC_Init_Short 21.1.2010 19:46:16 EMC changed state :@EMC_Not_Fully_Functional_Short 21.1.2010 19:46:16 AutoPOP3(10110): Starting server 21.1.2010 19:46:16 Queue processing started 21.1.2010 19:46:16 EMC changed state :@EMC_Running_Short 2.2.2010 20:50:41 EMC changed state :@EMC_Stopping_Short 2.2.2010 20:50:46 End of program 2.2.2010 20:50:46 AVG for E-mail ended 2.2.2010 20:50:55.859 [9d4] AVG for E-mail [8.5.401] started 2.2.2010 20:50:55.937 [9d4] Registered in WatchDog 2.2.2010 20:50:55.937 [9d4] EMC changed state :@EMC_Init_Short 2.2.2010 20:50:57.437 [9d4] Using AVG Kernel: 8.5.432 [271.1.1/2664] 2.2.2010 20:50:57 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 2.2.2010 20:50:57 Using Cyrus SASL 2.1.13 2.2.2010 20:50:57 Starting the main loop 2.2.2010 20:50:57 Redirector version 80000 2.2.2010 20:50:57 EMC changed state :@EMC_Init_Short 2.2.2010 20:50:57 EMC changed state :@EMC_Not_Fully_Functional_Short 2.2.2010 20:50:57 AutoPOP3(10110): Starting server 2.2.2010 20:50:57 Queue processing started 2.2.2010 20:50:57 EMC changed state :@EMC_Running_Short 5.2.2010 19:35:08 EMC changed state :@EMC_Stopping_Short 5.2.2010 19:35:09 End of program 5.2.2010 19:35:09 AVG for E-mail ended 5.2.2010 19:36:03.250 [664] AVG for E-mail [8.5.401] started 5.2.2010 19:36:03.328 [664] Registered in WatchDog 5.2.2010 19:36:03.328 [664] EMC changed state :@EMC_Init_Short 5.2.2010 19:36:19.703 [664] Using AVG Kernel: 8.5.435 [271.1.1/2670] 5.2.2010 19:36:20 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 5.2.2010 19:36:21 Using Cyrus SASL 2.1.13 5.2.2010 19:36:23 Starting the main loop 5.2.2010 19:36:23 Redirector version 80000 5.2.2010 19:36:23 EMC changed state :@EMC_Init_Short 5.2.2010 19:36:23 EMC changed state :@EMC_Not_Fully_Functional_Short 5.2.2010 19:36:23 AutoPOP3(10110): Starting server 5.2.2010 19:36:23 Queue processing started 5.2.2010 19:36:23 EMC changed state :@EMC_Running_Short 5.2.2010 21:04:30 EMC changed state :@EMC_Stopping_Short 5.2.2010 21:04:32 End of program 5.2.2010 21:04:32 AVG for E-mail ended 5.2.2010 21:05:41.812 [334] AVG for E-mail [8.5.401] started 5.2.2010 21:05:42.531 [334] Registered in WatchDog 5.2.2010 21:05:42.531 [334] EMC changed state :@EMC_Init_Short 5.2.2010 21:05:58.625 [334] Using AVG Kernel: 8.5.435 [271.1.1/2670] 5.2.2010 21:05:59 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 5.2.2010 21:06:01 Using Cyrus SASL 2.1.13 5.2.2010 21:06:06 Starting the main loop 5.2.2010 21:06:06 Redirector version 80000 5.2.2010 21:06:06 EMC changed state :@EMC_Init_Short 5.2.2010 21:06:06 EMC changed state :@EMC_Not_Fully_Functional_Short 5.2.2010 21:06:06 AutoPOP3(10110): Starting server 5.2.2010 21:06:06 Queue processing started 5.2.2010 21:06:06 EMC changed state :@EMC_Running_Short 8.2.2010 07:49:43.890 [680] AVG for E-mail [8.5.401] started 8.2.2010 07:49:44.000 [680] Registered in WatchDog 8.2.2010 07:49:44.000 [680] EMC changed state :@EMC_Init_Short 8.2.2010 07:49:53.796 [680] Using AVG Kernel: 8.5.435 [271.1.1/2674] 8.2.2010 07:49:54 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 8.2.2010 07:49:55 Using Cyrus SASL 2.1.13 8.2.2010 07:49:55 Starting the main loop 8.2.2010 07:49:55 Redirector version 80000 8.2.2010 07:49:55 EMC changed state :@EMC_Init_Short 8.2.2010 07:49:55 EMC changed state :@EMC_Not_Fully_Functional_Short 8.2.2010 07:49:55 AutoPOP3(10110): Starting server 8.2.2010 07:49:55 Queue processing started 8.2.2010 07:49:55 EMC changed state :@EMC_Running_Short 10.2.2010 08:41:53 EMC changed state :@EMC_Stopping_Short 10.2.2010 08:42:57.062 [53c] AVG for E-mail [8.5.401] started 10.2.2010 08:42:57.359 [53c] Registered in WatchDog 10.2.2010 08:42:57.359 [53c] EMC changed state :@EMC_Init_Short 10.2.2010 08:43:05.859 [53c] Using AVG Kernel: 8.5.435 [271.1.1/2678] 10.2.2010 08:43:06 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 10.2.2010 08:43:08 Using Cyrus SASL 2.1.13 10.2.2010 08:43:08 Starting the main loop 10.2.2010 08:43:08 Redirector version 80000 10.2.2010 08:43:08 EMC changed state :@EMC_Init_Short 10.2.2010 08:43:09 EMC changed state :@EMC_Not_Fully_Functional_Short 10.2.2010 08:43:09 AutoPOP3(10110): Starting server 10.2.2010 08:43:09 Queue processing started 10.2.2010 08:43:09 EMC changed state :@EMC_Running_Short 24.2.2010 23:26:05 EMC changed state :@EMC_Stopping_Short 24.2.2010 23:26:09 End of program 24.2.2010 23:26:09 AVG for E-mail ended 24.2.2010 23:27:03.812 [68c] AVG for E-mail [8.5.401] started 24.2.2010 23:27:03.875 [68c] Registered in WatchDog 24.2.2010 23:27:03.875 [68c] EMC changed state :@EMC_Init_Short 24.2.2010 23:27:09.781 [68c] Using AVG Kernel: 8.5.435 [271.1.1/2708] 24.2.2010 23:27:09 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 24.2.2010 23:27:10 Using Cyrus SASL 2.1.13 24.2.2010 23:27:10 Starting the main loop 24.2.2010 23:27:10 Redirector version 80000 24.2.2010 23:27:10 EMC changed state :@EMC_Init_Short 24.2.2010 23:27:10 EMC changed state :@EMC_Not_Fully_Functional_Short 24.2.2010 23:27:10 AutoPOP3(10110): Starting server 24.2.2010 23:27:10 Queue processing started 24.2.2010 23:27:10 EMC changed state :@EMC_Running_Short 6.3.2010 10:59:48 EMC changed state :@EMC_Stopping_Short 6.3.2010 11:04:38.937 [6b8] AVG for E-mail [8.5.401] started 6.3.2010 11:04:38.968 [6b8] Registered in WatchDog 6.3.2010 11:04:38.968 [6b8] EMC changed state :@EMC_Init_Short 6.3.2010 11:04:52.484 [6b8] Using AVG Kernel: 8.5.435 [271.1.1/2726] 6.3.2010 11:04:53 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 6.3.2010 11:04:55 Using Cyrus SASL 2.1.13 6.3.2010 11:04:57 Starting the main loop 6.3.2010 11:04:57 Redirector version 80000 6.3.2010 11:04:57 EMC changed state :@EMC_Init_Short 6.3.2010 11:04:57 EMC changed state :@EMC_Not_Fully_Functional_Short 6.3.2010 11:04:57 AutoPOP3(10110): Starting server 6.3.2010 11:04:57 Queue processing started 6.3.2010 11:04:57 EMC changed state :@EMC_Running_Short 11.3.2010 20:43:52 EMC changed state :@EMC_Stopping_Short 11.3.2010 20:45:32.250 [6f4] AVG for E-mail [8.5.401] started 11.3.2010 20:45:32.734 [6f4] Registered in WatchDog 11.3.2010 20:45:32.734 [6f4] EMC changed state :@EMC_Init_Short 11.3.2010 20:45:51.750 [6f4] Using AVG Kernel: 8.5.436 [271.1.1/2736] 11.3.2010 20:45:53 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 11.3.2010 20:45:58 Using Cyrus SASL 2.1.13 11.3.2010 20:46:01 Starting the main loop 11.3.2010 20:46:01 Redirector version 80000 11.3.2010 20:46:01 EMC changed state :@EMC_Init_Short 11.3.2010 20:46:01 EMC changed state :@EMC_Not_Fully_Functional_Short 11.3.2010 20:46:02 AutoPOP3(10110): Starting server 11.3.2010 20:46:02 Queue processing started 11.3.2010 20:46:02 EMC changed state :@EMC_Running_Short 18.3.2010 22:27:48 EMC changed state :@EMC_Stopping_Short 18.3.2010 22:27:52 End of program 18.3.2010 22:27:52 AVG for E-mail ended 18.3.2010 22:27:58.343 [1e8] AVG for E-mail [8.5.401] started 18.3.2010 22:27:58.515 [1e8] Registered in WatchDog 18.3.2010 22:27:58.531 [1e8] EMC changed state :@EMC_Init_Short 18.3.2010 22:28:06.281 [1e8] Using AVG Kernel: 8.5.436 [271.1.1/2755] 18.3.2010 22:28:06 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 18.3.2010 22:28:06 Using Cyrus SASL 2.1.13 18.3.2010 22:28:06 Starting the main loop 18.3.2010 22:28:06 Redirector version 80000 18.3.2010 22:28:06 EMC changed state :@EMC_Init_Short 18.3.2010 22:28:06 EMC changed state :@EMC_Not_Fully_Functional_Short 18.3.2010 22:28:06 AutoPOP3(10110): Starting server 18.3.2010 22:28:06 Queue processing started 18.3.2010 22:28:06 EMC changed state :@EMC_Running_Short 1.4.2010 00:39:19 EMC changed state :@EMC_Stopping_Short 1.4.2010 00:39:24 End of program 1.4.2010 00:39:24 AVG for E-mail ended 1.4.2010 00:40:23.687 [6bc] AVG for E-mail [8.5.401] started 1.4.2010 00:40:24.015 [6bc] Registered in WatchDog 1.4.2010 00:40:24.015 [6bc] EMC changed state :@EMC_Init_Short 1.4.2010 00:40:36.390 [6bc] Using AVG Kernel: 8.5.437 [271.1.1/2782] 1.4.2010 00:40:38 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 1.4.2010 00:40:40 Using Cyrus SASL 2.1.13 1.4.2010 00:40:42 Starting the main loop 1.4.2010 00:40:42 Redirector version 80000 1.4.2010 00:40:42 EMC changed state :@EMC_Init_Short 1.4.2010 00:40:42 EMC changed state :@EMC_Not_Fully_Functional_Short 1.4.2010 00:40:42 AutoPOP3(10110): Starting server 1.4.2010 00:40:42 EMC changed state :@EMC_Running_Short 1.4.2010 00:40:42 Queue processing started 2.4.2010 20:43:52.609 [898] AVG for E-mail [8.5.401] started 2.4.2010 20:43:55.937 [898] Registered in WatchDog 2.4.2010 20:43:56.062 [898] EMC changed state :@EMC_Init_Short 2.4.2010 20:44:33.609 [898] Using AVG Kernel: 8.5.437 [271.1.1/2786] 2.4.2010 20:44:34 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 2.4.2010 20:44:37 Using Cyrus SASL 2.1.13 2.4.2010 20:44:40 Starting the main loop 2.4.2010 20:44:40 Redirector version 80000 2.4.2010 20:44:40 EMC changed state :@EMC_Init_Short 2.4.2010 20:44:40 EMC changed state :@EMC_Not_Fully_Functional_Short 2.4.2010 20:44:40 AutoPOP3(10110): Starting server 2.4.2010 20:44:40 Queue processing started 2.4.2010 20:44:40 EMC changed state :@EMC_Running_Short 14.4.2010 08:03:32 EMC changed state :@EMC_Stopping_Short 14.4.2010 08:03:35 End of program 14.4.2010 08:03:35 AVG for E-mail ended 14.4.2010 08:04:48.875 [280] AVG for E-mail [8.5.401] started 14.4.2010 08:04:49.031 [280] Registered in WatchDog 14.4.2010 08:04:49.031 [280] EMC changed state :@EMC_Init_Short 14.4.2010 08:04:54.875 [280] Using AVG Kernel: 8.5.437 [271.1.1/2809] 14.4.2010 08:04:55 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 14.4.2010 08:04:56 Using Cyrus SASL 2.1.13 14.4.2010 08:04:58 Starting the main loop 14.4.2010 08:04:58 Redirector version 80000 14.4.2010 08:04:58 EMC changed state :@EMC_Init_Short 14.4.2010 08:04:58 EMC changed state :@EMC_Not_Fully_Functional_Short 14.4.2010 08:04:58 AutoPOP3(10110): Starting server 14.4.2010 08:04:58 Queue processing started 14.4.2010 08:04:58 EMC changed state :@EMC_Running_Short 26.4.2010 20:59:49.031 [53c] AVG for E-mail [8.5.401] started 26.4.2010 20:59:49.046 [53c] Registered in WatchDog 26.4.2010 20:59:49.046 [53c] EMC changed state :@EMC_Init_Short 26.4.2010 21:00:00.984 [53c] Using AVG Kernel: 8.5.437 [271.1.1/2837] 26.4.2010 21:00:01 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 26.4.2010 21:00:02 Using Cyrus SASL 2.1.13 26.4.2010 21:00:02 Starting the main loop 26.4.2010 21:00:02 Redirector version 80000 26.4.2010 21:00:02 EMC changed state :@EMC_Init_Short 26.4.2010 21:00:02 EMC changed state :@EMC_Not_Fully_Functional_Short 26.4.2010 21:00:02 AutoPOP3(10110): Starting server 26.4.2010 21:00:02 Queue processing started 26.4.2010 21:00:02 EMC changed state :@EMC_Running_Short 22.5.2010 22:10:51 EMC changed state :@EMC_Stopping_Short 22.5.2010 22:10:55 End of program 22.5.2010 22:10:55 AVG for E-mail ended 22.5.2010 22:11:55.312 [668] AVG for E-mail [8.5.401] started 22.5.2010 22:11:55.453 [668] Registered in WatchDog 22.5.2010 22:11:55.468 [668] EMC changed state :@EMC_Init_Short 22.5.2010 22:12:04.921 [668] Using AVG Kernel: 8.5.437 [271.1.1/2889] 22.5.2010 22:12:05 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 22.5.2010 22:12:06 Using Cyrus SASL 2.1.13 22.5.2010 22:12:09 Starting the main loop 22.5.2010 22:12:09 Redirector version 80000 22.5.2010 22:12:09 EMC changed state :@EMC_Init_Short 22.5.2010 22:12:09 EMC changed state :@EMC_Not_Fully_Functional_Short 22.5.2010 22:12:09 AutoPOP3(10110): Starting server 22.5.2010 22:12:09 Queue processing started 22.5.2010 22:12:09 EMC changed state :@EMC_Running_Short 26.5.2010 12:25:30 EMC changed state :@EMC_Stopping_Short 26.5.2010 12:25:36 End of program 26.5.2010 12:25:36 AVG for E-mail ended 26.5.2010 12:26:35.593 [524] AVG for E-mail [8.5.401] started 26.5.2010 12:26:36.281 [524] Registered in WatchDog 26.5.2010 12:26:36.281 [524] EMC changed state :@EMC_Init_Short 26.5.2010 12:26:49.625 [524] Using AVG Kernel: 8.5.437 [271.1.1/2897] 26.5.2010 12:26:50 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 26.5.2010 12:26:52 Using Cyrus SASL 2.1.13 26.5.2010 12:26:54 Starting the main loop 26.5.2010 12:26:54 Redirector version 80000 26.5.2010 12:26:54 EMC changed state :@EMC_Init_Short 26.5.2010 12:26:54 EMC changed state :@EMC_Not_Fully_Functional_Short 26.5.2010 12:26:54 Queue processing started 26.5.2010 12:26:54 AutoPOP3(10110): Starting server 26.5.2010 12:26:54 EMC changed state :@EMC_Running_Short 11.6.2010 03:34:00 EMC changed state :@EMC_Stopping_Short 11.6.2010 03:34:06 End of program 11.6.2010 03:34:06 AVG for E-mail ended 11.6.2010 03:35:14.828 [770] AVG for E-mail [8.5.401] started 11.6.2010 03:35:14.890 [770] Registered in WatchDog 11.6.2010 03:35:14.890 [770] EMC changed state :@EMC_Init_Short 11.6.2010 03:35:27.984 [770] Using AVG Kernel: 8.5.437 [271.1.1/2930] 11.6.2010 03:35:28 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 11.6.2010 03:35:31 Using Cyrus SASL 2.1.13 11.6.2010 03:35:31 Starting the main loop 11.6.2010 03:35:31 Redirector version 80000 11.6.2010 03:35:31 EMC changed state :@EMC_Init_Short 11.6.2010 03:35:31 EMC changed state :@EMC_Not_Fully_Functional_Short 11.6.2010 03:35:31 AutoPOP3(10110): Starting server 11.6.2010 03:35:31 Queue processing started 11.6.2010 03:35:31 EMC changed state :@EMC_Running_Short 12.6.2010 06:04:29 EMC changed state :@EMC_Stopping_Short 12.6.2010 06:04:32 End of program 12.6.2010 06:04:32 AVG for E-mail ended 12.6.2010 10:22:22.703 [3d0] AVG for E-mail [8.5.401] started 12.6.2010 10:22:29.218 [3d0] Registered in WatchDog 12.6.2010 10:22:29.343 [3d0] EMC changed state :@EMC_Init_Short 12.6.2010 10:22:41.796 [3d0] Using AVG Kernel: 8.5.437 [271.1.1/2931] 12.6.2010 10:22:42 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 12.6.2010 10:22:43 Using Cyrus SASL 2.1.13 12.6.2010 10:22:43 Starting the main loop 12.6.2010 10:22:43 Redirector version 80000 12.6.2010 10:22:43 EMC changed state :@EMC_Init_Short 12.6.2010 10:22:43 EMC changed state :@EMC_Not_Fully_Functional_Short 12.6.2010 10:22:43 AutoPOP3(10110): Starting server 12.6.2010 10:22:43 EMC changed state :@EMC_Running_Short 12.6.2010 10:22:43 Queue processing started 12.6.2010 15:49:47 EMC changed state :@EMC_Stopping_Short 12.6.2010 15:49:51 End of program 12.6.2010 15:49:51 AVG for E-mail ended 12.6.2010 15:51:06.250 [528] AVG for E-mail [8.5.401] started 12.6.2010 15:51:06.609 [528] Registered in WatchDog 12.6.2010 15:51:06.609 [528] EMC changed state :@EMC_Init_Short 12.6.2010 15:51:18.953 [528] Using AVG Kernel: 8.5.437 [271.1.1/2931] 12.6.2010 15:51:19 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 12.6.2010 15:51:20 Using Cyrus SASL 2.1.13 12.6.2010 15:51:20 Starting the main loop 12.6.2010 15:51:20 Redirector version 80000 12.6.2010 15:51:20 EMC changed state :@EMC_Init_Short 12.6.2010 15:51:20 EMC changed state :@EMC_Not_Fully_Functional_Short 12.6.2010 15:51:20 AutoPOP3(10110): Starting server 12.6.2010 15:51:20 Queue processing started 12.6.2010 15:51:20 EMC changed state :@EMC_Running_Short 12.6.2010 15:53:31 EMC changed state :@EMC_Stopping_Short 12.6.2010 15:53:32 Server 1 will be removed. 12.6.2010 15:53:32 Server 1 was removed. 12.6.2010 15:53:32 EMC changed state :failed 12.6.2010 15:53:32 Server 2 will be removed. 12.6.2010 15:53:32 Server 2 was removed. 12.6.2010 15:53:32 EMC changed state :failed 12.6.2010 15:53:33 End of program 12.6.2010 15:53:33 AVG for E-mail ended 12.6.2010 19:23:33.656 [508] AVG for E-mail [8.5.401] started 12.6.2010 19:23:33.906 [508] Registered in WatchDog 12.6.2010 19:23:33.906 [508] EMC changed state :@EMC_Init_Short 12.6.2010 19:23:44.687 [508] Using AVG Kernel: 8.5.437 [271.1.1/2931] 12.6.2010 19:23:45 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 12.6.2010 19:23:46 Using Cyrus SASL 2.1.13 12.6.2010 19:23:46 Starting the main loop 12.6.2010 19:23:46 Redirector version 80000 12.6.2010 19:23:46 EMC changed state :@EMC_Init_Short 12.6.2010 19:23:46 EMC changed state :@EMC_Not_Fully_Functional_Short 12.6.2010 19:23:46 AutoPOP3(10110): Starting server 12.6.2010 19:23:46 Queue processing started 12.6.2010 19:23:46 EMC changed state :@EMC_Running_Short 13.6.2010 00:06:16 EMC changed state :@EMC_Stopping_Short 13.6.2010 00:06:17 End of program 13.6.2010 00:06:17 AVG for E-mail ended 13.6.2010 03:57:08.828 [45c] AVG for E-mail [8.5.401] started 13.6.2010 03:57:08.984 [45c] Registered in WatchDog 13.6.2010 03:57:08.984 [45c] EMC changed state :@EMC_Init_Short 13.6.2010 03:57:21.093 [45c] Using AVG Kernel: 8.5.437 [271.1.1/2931] 13.6.2010 03:57:22 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 13.6.2010 03:57:24 Using Cyrus SASL 2.1.13 13.6.2010 03:57:24 Starting the main loop 13.6.2010 03:57:24 Redirector version 80000 13.6.2010 03:57:24 EMC changed state :@EMC_Init_Short 13.6.2010 03:57:24 EMC changed state :@EMC_Not_Fully_Functional_Short 13.6.2010 03:57:24 AutoPOP3(10110): Starting server 13.6.2010 03:57:24 Queue processing started 13.6.2010 03:57:24 EMC changed state :@EMC_Running_Short 13.6.2010 04:34:07 EMC changed state :@EMC_Stopping_Short 13.6.2010 04:34:09 End of program 13.6.2010 04:34:09 AVG for E-mail ended 13.6.2010 15:40:32.687 [438] AVG for E-mail [8.5.401] started 13.6.2010 15:40:32.968 [438] Registered in WatchDog 13.6.2010 15:40:32.984 [438] EMC changed state :@EMC_Init_Short 13.6.2010 15:40:42.000 [438] Using AVG Kernel: 8.5.437 [271.1.1/2931] 13.6.2010 15:40:42 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 13.6.2010 15:40:42 Using Cyrus SASL 2.1.13 13.6.2010 15:40:44 Starting the main loop 13.6.2010 15:40:44 Redirector version 80000 13.6.2010 15:40:44 EMC changed state :@EMC_Init_Short 13.6.2010 15:40:44 EMC changed state :@EMC_Not_Fully_Functional_Short 13.6.2010 15:40:44 AutoPOP3(10110): Starting server 13.6.2010 15:40:44 Queue processing started 13.6.2010 15:40:44 EMC changed state :@EMC_Running_Short 13.6.2010 16:40:24 EMC changed state :@EMC_Stopping_Short 13.6.2010 16:40:25 Server 1 will be removed. 13.6.2010 16:40:25 Server 1 was removed. 13.6.2010 16:40:25 EMC changed state :failed 13.6.2010 16:40:25 Server 2 will be removed. 13.6.2010 16:40:25 Server 2 was removed. 13.6.2010 16:40:25 EMC changed state :failed 13.6.2010 16:40:26 End of program 13.6.2010 16:40:26 AVG for E-mail ended 14.6.2010 02:09:45.203 [514] AVG for E-mail [8.5.401] started 14.6.2010 02:09:45.328 [514] Registered in WatchDog 14.6.2010 02:09:45.328 [514] EMC changed state :@EMC_Init_Short 14.6.2010 02:09:56.656 [514] Using AVG Kernel: 8.5.437 [271.1.1/2936] 14.6.2010 02:09:57 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 14.6.2010 02:09:58 Using Cyrus SASL 2.1.13 14.6.2010 02:09:58 Starting the main loop 14.6.2010 02:09:58 Redirector version 80000 14.6.2010 02:09:58 EMC changed state :@EMC_Init_Short 14.6.2010 02:09:58 EMC changed state :@EMC_Not_Fully_Functional_Short 14.6.2010 02:09:58 AutoPOP3(10110): Starting server 14.6.2010 02:09:58 Queue processing started 14.6.2010 02:09:58 EMC changed state :@EMC_Running_Short 17.6.2010 19:18:56 EMC changed state :@EMC_Stopping_Short 17.6.2010 19:19:02 End of program 17.6.2010 19:19:02 AVG for E-mail ended 17.6.2010 20:06:04.843 [33c] AVG for E-mail [8.5.401] started 17.6.2010 20:06:05.296 [33c] Registered in WatchDog 17.6.2010 20:06:05.328 [33c] EMC changed state :@EMC_Init_Short 17.6.2010 20:06:16.015 [33c] Using AVG Kernel: 8.5.437 [271.1.1/2936] 17.6.2010 20:06:16 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 17.6.2010 20:06:18 Using Cyrus SASL 2.1.13 17.6.2010 20:06:18 Starting the main loop 17.6.2010 20:06:18 Redirector version 80000 17.6.2010 20:06:18 EMC changed state :@EMC_Init_Short 17.6.2010 20:06:19 EMC changed state :@EMC_Not_Fully_Functional_Short 17.6.2010 20:06:19 AutoPOP3(10110): Starting server 17.6.2010 20:06:19 Queue processing started 17.6.2010 20:06:19 EMC changed state :@EMC_Running_Short 17.6.2010 13:20:55 EMC changed state :@EMC_Stopping_Short 17.6.2010 13:20:55 Server 1 will be removed. 17.6.2010 13:20:55 Server 1 was removed. 17.6.2010 13:20:55 EMC changed state :failed 17.6.2010 13:20:55 Server 2 will be removed. 17.6.2010 13:20:55 Server 2 was removed. 17.6.2010 13:20:56 EMC changed state :failed 17.6.2010 13:20:56 End of program 17.6.2010 13:20:56 AVG for E-mail ended 19.6.2010 07:29:10.359 [5ec] AVG for E-mail [8.5.401] started 19.6.2010 07:29:11.031 [5ec] Registered in WatchDog 19.6.2010 07:29:11.203 [5ec] EMC changed state :@EMC_Init_Short 19.6.2010 07:29:26.593 [5ec] Using AVG Kernel: 8.5.437 [271.1.1/2936] 19.6.2010 07:29:28 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 19.6.2010 07:29:30 Using Cyrus SASL 2.1.13 19.6.2010 07:29:32 Starting the main loop 19.6.2010 07:29:32 Redirector version 80000 19.6.2010 07:29:32 EMC changed state :@EMC_Init_Short 19.6.2010 07:29:32 EMC changed state :@EMC_Not_Fully_Functional_Short 19.6.2010 07:29:32 AutoPOP3(10110): Starting server 19.6.2010 07:29:32 Queue processing started 19.6.2010 07:29:32 EMC changed state :@EMC_Running_Short 22.6.2010 20:23:46 EMC changed state :@EMC_Stopping_Short 22.6.2010 20:23:51 End of program 22.6.2010 20:23:51 AVG for E-mail ended 22.6.2010 20:25:04.546 [1fc] AVG for E-mail [8.5.401] started 22.6.2010 20:25:04.906 [1fc] Registered in WatchDog 22.6.2010 20:25:04.921 [1fc] EMC changed state :@EMC_Init_Short 22.6.2010 20:25:15.187 [1fc] Using AVG Kernel: 8.5.439 [271.1.1/2956] 22.6.2010 20:25:15 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 22.6.2010 20:25:16 Using Cyrus SASL 2.1.13 22.6.2010 20:25:16 Starting the main loop 22.6.2010 20:25:16 Redirector version 80000 22.6.2010 20:25:16 EMC changed state :@EMC_Init_Short 22.6.2010 20:25:16 EMC changed state :@EMC_Not_Fully_Functional_Short 22.6.2010 20:25:16 AutoPOP3(10110): Starting server 22.6.2010 20:25:16 Queue processing started 22.6.2010 20:25:16 EMC changed state :@EMC_Running_Short 23.6.2010 20:08:07.781 [1e0] AVG for E-mail [8.5.401] started 23.6.2010 20:08:08.109 [1e0] Registered in WatchDog 23.6.2010 20:08:08.125 [1e0] EMC changed state :@EMC_Init_Short 23.6.2010 20:08:19.859 [1e0] Using AVG Kernel: 8.5.439 [271.1.1/2956] 23.6.2010 20:08:20 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 23.6.2010 20:08:21 Using Cyrus SASL 2.1.13 23.6.2010 20:08:21 Starting the main loop 23.6.2010 20:08:21 Redirector version 80000 23.6.2010 20:08:21 EMC changed state :@EMC_Init_Short 23.6.2010 20:08:21 EMC changed state :@EMC_Not_Fully_Functional_Short 23.6.2010 20:08:21 AutoPOP3(10110): Starting server 23.6.2010 20:08:21 EMC changed state :@EMC_Running_Short 23.6.2010 20:08:21 Queue processing started 24.6.2010 19:09:52.640 [b0] AVG for E-mail [8.5.401] started 24.6.2010 19:09:52.796 [b0] Registered in WatchDog 24.6.2010 19:09:52.796 [b0] EMC changed state :@EMC_Init_Short 24.6.2010 19:10:08.109 [b0] Using AVG Kernel: 8.5.439 [271.1.1/2961] 24.6.2010 19:10:08 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 24.6.2010 19:10:10 Using Cyrus SASL 2.1.13 24.6.2010 19:10:11 Starting the main loop 24.6.2010 19:10:11 Redirector version 80000 24.6.2010 19:10:11 EMC changed state :@EMC_Init_Short 24.6.2010 19:10:11 EMC changed state :@EMC_Not_Fully_Functional_Short 24.6.2010 19:10:11 AutoPOP3(10110): Starting server 24.6.2010 19:10:11 Queue processing started 24.6.2010 19:10:11 EMC changed state :@EMC_Running_Short 25.6.2010 20:27:03.000 [7e8] AVG for E-mail [8.5.401] started 25.6.2010 20:27:03.234 [7e8] Registered in WatchDog 25.6.2010 20:27:03.281 [7e8] EMC changed state :@EMC_Init_Short 25.6.2010 20:27:17.031 [7e8] Using AVG Kernel: 8.5.439 [271.1.1/2963] 25.6.2010 20:27:17 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 25.6.2010 20:27:18 Using Cyrus SASL 2.1.13 25.6.2010 20:27:19 Starting the main loop 25.6.2010 20:27:19 Redirector version 80000 25.6.2010 20:27:19 EMC changed state :@EMC_Init_Short 25.6.2010 20:27:19 EMC changed state :@EMC_Not_Fully_Functional_Short 25.6.2010 20:27:19 AutoPOP3(10110): Starting server 25.6.2010 20:27:19 Queue processing started 25.6.2010 20:27:20 EMC changed state :@EMC_Running_Short 27.6.2010 17:37:46 EMC changed state :@EMC_Stopping_Short 27.6.2010 17:37:50 End of program 27.6.2010 17:37:50 AVG for E-mail ended 28.6.2010 16:29:14.718 [4a0] AVG for E-mail [8.5.401] started 28.6.2010 16:29:15.437 [4a0] Registered in WatchDog 28.6.2010 16:29:15.437 [4a0] EMC changed state :@EMC_Init_Short 28.6.2010 16:29:28.390 [4a0] Using AVG Kernel: 8.5.439 [271.1.1/2965] 28.6.2010 16:29:28 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 28.6.2010 16:29:29 Using Cyrus SASL 2.1.13 28.6.2010 16:29:31 Starting the main loop 28.6.2010 16:29:31 Redirector version 80000 28.6.2010 16:29:31 EMC changed state :@EMC_Init_Short 28.6.2010 16:29:31 EMC changed state :@EMC_Not_Fully_Functional_Short 28.6.2010 16:29:31 AutoPOP3(10110): Starting server 28.6.2010 16:29:31 Queue processing started 28.6.2010 16:29:31 EMC changed state :@EMC_Running_Short 30.6.2010 17:34:12.484 [4fc] AVG for E-mail [8.5.401] started 30.6.2010 17:34:12.812 [4fc] Registered in WatchDog 30.6.2010 17:34:12.812 [4fc] EMC changed state :@EMC_Init_Short 30.6.2010 17:34:31.500 [4fc] Using AVG Kernel: 8.5.439 [271.1.1/2969] 30.6.2010 17:34:32 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 30.6.2010 17:34:33 Using Cyrus SASL 2.1.13 30.6.2010 17:34:35 Starting the main loop 30.6.2010 17:34:35 Redirector version 80000 30.6.2010 17:34:37 EMC changed state :@EMC_Init_Short 30.6.2010 17:34:37 EMC changed state :@EMC_Not_Fully_Functional_Short 30.6.2010 17:34:37 AutoPOP3(10110): Starting server 30.6.2010 17:34:37 Queue processing started 30.6.2010 17:34:37 EMC changed state :@EMC_Running_Short 1.7.2010 09:18:11 EMC changed state :@EMC_Stopping_Short 1.7.2010 09:18:15 End of program 1.7.2010 09:18:15 AVG for E-mail ended 2.7.2010 09:54:41.750 [7ac] AVG for E-mail [8.5.401] started 2.7.2010 09:54:42.093 [7ac] Registered in WatchDog 2.7.2010 09:54:42.109 [7ac] EMC changed state :@EMC_Init_Short 2.7.2010 09:54:51.390 [7ac] Using AVG Kernel: 8.5.439 [271.1.1/2971] 2.7.2010 09:54:51 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 2.7.2010 09:54:52 Using Cyrus SASL 2.1.13 2.7.2010 09:54:52 Starting the main loop 2.7.2010 09:54:52 Redirector version 80000 2.7.2010 09:54:52 EMC changed state :@EMC_Init_Short 2.7.2010 09:54:53 EMC changed state :@EMC_Not_Fully_Functional_Short 2.7.2010 09:54:53 AutoPOP3(10110): Starting server 2.7.2010 09:54:53 Queue processing started 2.7.2010 09:54:53 EMC changed state :@EMC_Running_Short 2.7.2010 10:14:29 EMC changed state :@EMC_Stopping_Short 2.7.2010 10:14:30 Server 1 will be removed. 2.7.2010 10:14:30 Server 1 was removed. 2.7.2010 10:14:30 EMC changed state :failed 2.7.2010 10:14:30 Server 2 will be removed. 2.7.2010 10:14:30 Server 2 was removed. 2.7.2010 10:14:30 EMC changed state :failed 2.7.2010 10:14:30 End of program 2.7.2010 10:14:30 AVG for E-mail ended 3.7.2010 09:40:49.890 [6e8] AVG for E-mail [8.5.401] started 3.7.2010 09:40:50.093 [6e8] Registered in WatchDog 3.7.2010 09:40:50.093 [6e8] EMC changed state :@EMC_Init_Short 3.7.2010 09:41:09.031 [6e8] Using AVG Kernel: 8.5.439 [271.1.1/2976] 3.7.2010 09:41:09 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 3.7.2010 09:41:13 Using Cyrus SASL 2.1.13 3.7.2010 09:41:14 Starting the main loop 3.7.2010 09:41:14 Redirector version 80000 3.7.2010 09:41:14 EMC changed state :@EMC_Init_Short 3.7.2010 09:41:14 EMC changed state :@EMC_Not_Fully_Functional_Short 3.7.2010 09:41:14 AutoPOP3(10110): Starting server 3.7.2010 09:41:14 Queue processing started 3.7.2010 09:41:14 EMC changed state :@EMC_Running_Short 4.7.2010 12:49:14 EMC changed state :@EMC_Stopping_Short 4.7.2010 12:49:16 End of program 4.7.2010 12:49:16 AVG for E-mail ended 4.7.2010 17:25:22.515 [4cc] AVG for E-mail [8.5.401] started 4.7.2010 17:25:23.031 [4cc] Registered in WatchDog 4.7.2010 17:25:23.078 [4cc] EMC changed state :@EMC_Init_Short 4.7.2010 17:25:34.359 [4cc] Using AVG Kernel: 8.5.439 [271.1.1/2980] 4.7.2010 17:25:34 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 4.7.2010 17:25:36 Using Cyrus SASL 2.1.13 4.7.2010 17:25:36 Starting the main loop 4.7.2010 17:25:36 Redirector version 80000 4.7.2010 17:25:36 EMC changed state :@EMC_Init_Short 4.7.2010 17:25:36 EMC changed state :@EMC_Not_Fully_Functional_Short 4.7.2010 17:25:36 AutoPOP3(10110): Starting server 4.7.2010 17:25:36 Queue processing started 4.7.2010 17:25:36 EMC changed state :@EMC_Running_Short 7.7.2010 10:39:20 EMC changed state :@EMC_Stopping_Short 7.7.2010 10:39:24 End of program 7.7.2010 10:39:24 AVG for E-mail ended 7.7.2010 21:00:41.765 [540] AVG for E-mail [8.5.401] started 7.7.2010 21:00:42.109 [540] Registered in WatchDog 7.7.2010 21:00:42.125 [540] EMC changed state :@EMC_Init_Short 7.7.2010 21:00:53.875 [540] Using AVG Kernel: 8.5.439 [271.1.1/2986] 7.7.2010 21:00:54 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 7.7.2010 21:00:55 Using Cyrus SASL 2.1.13 7.7.2010 21:00:57 Starting the main loop 7.7.2010 21:00:57 Redirector version 80000 7.7.2010 21:00:57 EMC changed state :@EMC_Init_Short 7.7.2010 21:00:57 EMC changed state :@EMC_Not_Fully_Functional_Short 7.7.2010 21:00:57 AutoPOP3(10110): Starting server 7.7.2010 21:00:57 Queue processing started 7.7.2010 21:00:57 EMC changed state :@EMC_Running_Short 10.7.2010 11:42:10.171 [59c] AVG for E-mail [8.5.401] started 10.7.2010 11:42:10.578 [59c] Registered in WatchDog 10.7.2010 11:42:10.593 [59c] EMC changed state :@EMC_Init_Short 10.7.2010 11:42:23.093 [59c] Using AVG Kernel: 8.5.439 [271.1.1/2986] 10.7.2010 11:42:23 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 10.7.2010 11:42:25 Using Cyrus SASL 2.1.13 10.7.2010 11:42:25 Starting the main loop 10.7.2010 11:42:25 Redirector version 80000 10.7.2010 11:42:25 EMC changed state :@EMC_Init_Short 10.7.2010 11:42:25 EMC changed state :@EMC_Not_Fully_Functional_Short 10.7.2010 11:42:25 AutoPOP3(10110): Starting server 10.7.2010 11:42:25 Queue processing started 10.7.2010 11:42:25 EMC changed state :@EMC_Running_Short 11.7.2010 09:07:59 EMC changed state :@EMC_Stopping_Short 11.7.2010 09:08:04 End of program 11.7.2010 09:08:04 AVG for E-mail ended 11.7.2010 18:20:03.453 [3d0] AVG for E-mail [8.5.401] started 11.7.2010 18:20:04.656 [3d0] Registered in WatchDog 11.7.2010 18:20:04.671 [3d0] EMC changed state :@EMC_Init_Short 11.7.2010 18:20:21.609 [3d0] Using AVG Kernel: 8.5.439 [271.1.1/2992] 11.7.2010 18:20:22 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 11.7.2010 18:20:24 Using Cyrus SASL 2.1.13 11.7.2010 18:20:26 Starting the main loop 11.7.2010 18:20:26 Redirector version 80000 11.7.2010 18:20:26 EMC changed state :@EMC_Init_Short 11.7.2010 18:20:26 EMC changed state :@EMC_Not_Fully_Functional_Short 11.7.2010 18:20:26 AutoPOP3(10110): Starting server 11.7.2010 18:20:26 Queue processing started 11.7.2010 18:20:26 EMC changed state :@EMC_Running_Short 13.7.2010 08:13:53 EMC changed state :@EMC_Stopping_Short 13.7.2010 08:14:00 End of program 13.7.2010 08:14:00 AVG for E-mail ended 13.7.2010 08:14:07.484 [fec] AVG for E-mail [8.5.401] started 13.7.2010 08:14:07.968 [fec] Registered in WatchDog 13.7.2010 08:14:08.015 [fec] EMC changed state :@EMC_Init_Short 13.7.2010 08:14:11.500 [fec] Using AVG Kernel: 8.5.439 [271.1.1/3001] 13.7.2010 08:14:11 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 13.7.2010 08:14:12 Using Cyrus SASL 2.1.13 13.7.2010 08:14:12 Starting the main loop 13.7.2010 08:14:12 Redirector version 80000 13.7.2010 08:14:12 EMC changed state :@EMC_Init_Short 13.7.2010 08:14:12 EMC changed state :@EMC_Not_Fully_Functional_Short 13.7.2010 08:14:12 Queue processing started 13.7.2010 08:14:12 AutoPOP3(10110): Starting server 13.7.2010 08:14:12 EMC changed state :@EMC_Running_Short 15.7.2010 23:39:36.015 [4e8] AVG for E-mail [8.5.401] started 15.7.2010 23:39:36.390 [4e8] Registered in WatchDog 15.7.2010 23:39:36.406 [4e8] EMC changed state :@EMC_Init_Short 15.7.2010 23:39:48.500 [4e8] Using AVG Kernel: 8.5.441 [271.1.1/3001] 15.7.2010 23:39:48 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 15.7.2010 23:39:51 Using Cyrus SASL 2.1.13 15.7.2010 23:39:52 Starting the main loop 15.7.2010 23:39:52 Redirector version 80000 15.7.2010 23:39:52 EMC changed state :@EMC_Init_Short 15.7.2010 23:39:52 EMC changed state :@EMC_Not_Fully_Functional_Short 15.7.2010 23:39:52 AutoPOP3(10110): Starting server 15.7.2010 23:39:52 Queue processing started 15.7.2010 23:39:52 EMC changed state :@EMC_Running_Short 16.7.2010 00:56:15 EMC changed state :@EMC_Stopping_Short 16.7.2010 00:56:21 End of program 16.7.2010 00:56:21 AVG for E-mail ended 16.7.2010 01:09:32.296 [518] AVG for E-mail [8.5.401] started 16.7.2010 01:09:32.484 [518] Registered in WatchDog 16.7.2010 01:09:32.515 [518] EMC changed state :@EMC_Init_Short 16.7.2010 01:09:46.437 [518] Using AVG Kernel: 8.5.441 [271.1.1/3001] 16.7.2010 01:09:47 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 16.7.2010 01:09:49 Using Cyrus SASL 2.1.13 16.7.2010 01:09:51 Starting the main loop 16.7.2010 01:09:51 Redirector version 80000 16.7.2010 01:09:51 EMC changed state :@EMC_Init_Short 16.7.2010 01:09:51 EMC changed state :@EMC_Not_Fully_Functional_Short 16.7.2010 01:09:51 AutoPOP3(10110): Starting server 16.7.2010 01:09:51 Queue processing started 16.7.2010 01:09:51 EMC changed state :@EMC_Running_Short 23.7.2010 21:58:02.296 [484] AVG for E-mail [8.5.401] started 23.7.2010 21:58:02.593 [484] Registered in WatchDog 23.7.2010 21:58:02.593 [484] EMC changed state :@EMC_Init_Short 23.7.2010 21:58:15.109 [484] Using AVG Kernel: 8.5.441 [271.1.1/3018] 23.7.2010 21:58:15 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 23.7.2010 21:58:17 Using Cyrus SASL 2.1.13 23.7.2010 21:58:19 Starting the main loop 23.7.2010 21:58:19 Redirector version 80000 23.7.2010 21:58:19 EMC changed state :@EMC_Init_Short 23.7.2010 21:58:19 EMC changed state :@EMC_Not_Fully_Functional_Short 23.7.2010 21:58:19 AutoPOP3(10110): Starting server 23.7.2010 21:58:19 Queue processing started 23.7.2010 21:58:19 EMC changed state :@EMC_Running_Short 29.7.2010 12:24:12 EMC changed state :@EMC_Stopping_Short 29.7.2010 12:24:16 End of program 29.7.2010 12:24:16 AVG for E-mail ended 29.7.2010 12:25:40.859 [6f8] AVG for E-mail [8.5.401] started 29.7.2010 12:25:41.062 [6f8] Registered in WatchDog 29.7.2010 12:25:41.093 [6f8] EMC changed state :@EMC_Init_Short 29.7.2010 12:25:48.593 [6f8] Using AVG Kernel: 8.5.441 [271.1.1/3035] 29.7.2010 12:25:48 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 29.7.2010 12:25:49 Using Cyrus SASL 2.1.13 29.7.2010 12:25:49 Starting the main loop 29.7.2010 12:25:49 Redirector version 80000 29.7.2010 12:25:49 EMC changed state :@EMC_Init_Short 29.7.2010 12:25:49 EMC changed state :@EMC_Not_Fully_Functional_Short 29.7.2010 12:25:49 AutoPOP3(10110): Starting server 29.7.2010 12:25:49 Queue processing started 29.7.2010 12:25:49 EMC changed state :@EMC_Running_Short 4.8.2010 23:03:43 EMC changed state :@EMC_Stopping_Short 4.8.2010 23:03:47 End of program 4.8.2010 23:03:47 AVG for E-mail ended 4.8.2010 23:05:07.562 [7b0] AVG for E-mail [8.5.401] started 4.8.2010 23:05:07.703 [7b0] Registered in WatchDog 4.8.2010 23:05:07.765 [7b0] EMC changed state :@EMC_Init_Short 4.8.2010 23:05:18.062 [7b0] Using AVG Kernel: 8.5.441 [271.1.1/3049] 4.8.2010 23:05:19 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 4.8.2010 23:05:20 Using Cyrus SASL 2.1.13 4.8.2010 23:05:20 Starting the main loop 4.8.2010 23:05:20 Redirector version 80000 4.8.2010 23:05:20 EMC changed state :@EMC_Init_Short 4.8.2010 23:05:20 EMC changed state :@EMC_Not_Fully_Functional_Short 4.8.2010 23:05:20 AutoPOP3(10110): Starting server 4.8.2010 23:05:20 Queue processing started 4.8.2010 23:05:20 EMC changed state :@EMC_Running_Short 7.8.2010 13:16:32 EMC changed state :@EMC_Stopping_Short 7.8.2010 13:16:37 End of program 7.8.2010 13:16:37 AVG for E-mail ended 7.8.2010 13:17:49.500 [564] AVG for E-mail [8.5.401] started 7.8.2010 13:17:50.015 [564] Registered in WatchDog 7.8.2010 13:17:50.015 [564] EMC changed state :@EMC_Init_Short 7.8.2010 13:18:09.187 [564] Using AVG Kernel: 8.5.441 [271.1.1/3055] 7.8.2010 13:18:09 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 7.8.2010 13:18:13 Using Cyrus SASL 2.1.13 7.8.2010 13:18:14 Starting the main loop 7.8.2010 13:18:14 Redirector version 80000 7.8.2010 13:18:14 EMC changed state :@EMC_Init_Short 7.8.2010 13:18:14 EMC changed state :@EMC_Not_Fully_Functional_Short 7.8.2010 13:18:17 AutoPOP3(10110): Starting server 7.8.2010 13:18:17 Queue processing started 7.8.2010 13:18:17 EMC changed state :@EMC_Running_Short 11.8.2010 10:43:01 EMC changed state :@EMC_Stopping_Short 11.8.2010 10:43:05 End of program 11.8.2010 10:43:05 AVG for E-mail ended 13.8.2010 01:24:44.593 [614] AVG for E-mail [8.5.401] started 13.8.2010 01:24:44.734 [614] Registered in WatchDog 13.8.2010 01:24:44.734 [614] EMC changed state :@EMC_Init_Short 13.8.2010 01:24:56.125 [614] Using AVG Kernel: 8.5.441 [271.1.1/3055] 13.8.2010 01:24:56 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 13.8.2010 01:24:58 Using Cyrus SASL 2.1.13 13.8.2010 01:24:58 Starting the main loop 13.8.2010 01:24:58 Redirector version 80000 13.8.2010 01:24:58 EMC changed state :@EMC_Init_Short 13.8.2010 01:24:58 EMC changed state :@EMC_Not_Fully_Functional_Short 13.8.2010 01:24:58 AutoPOP3(10110): Starting server 13.8.2010 01:24:58 Queue processing started 13.8.2010 01:24:58 EMC changed state :@EMC_Running_Short 14.8.2010 09:52:34 EMC changed state :@EMC_Stopping_Short 14.8.2010 09:52:38 End of program 14.8.2010 09:52:38 AVG for E-mail ended 14.8.2010 09:54:16.281 [5f0] AVG for E-mail [8.5.401] started 14.8.2010 09:54:20.593 [5f0] Registered in WatchDog 14.8.2010 09:54:20.593 [5f0] EMC changed state :@EMC_Init_Short 14.8.2010 09:54:36.046 [5f0] Using AVG Kernel: 8.5.441 [271.1.1/3067] 14.8.2010 09:54:36 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 14.8.2010 09:54:38 Using Cyrus SASL 2.1.13 14.8.2010 09:54:41 Starting the main loop 14.8.2010 09:54:41 Redirector version 80000 14.8.2010 09:54:41 EMC changed state :@EMC_Init_Short 14.8.2010 09:54:41 EMC changed state :@EMC_Not_Fully_Functional_Short 14.8.2010 09:54:41 AutoPOP3(10110): Starting server 14.8.2010 09:54:41 Queue processing started 14.8.2010 09:54:41 EMC changed state :@EMC_Running_Short 14.8.2010 10:03:17 EMC changed state :@EMC_Stopping_Short 14.8.2010 10:03:19 End of program 14.8.2010 10:03:19 AVG for E-mail ended 14.8.2010 10:04:50.453 [5f4] AVG for E-mail [8.5.401] started 14.8.2010 10:04:51.968 [5f4] Registered in WatchDog 14.8.2010 10:04:52.218 [5f4] EMC changed state :@EMC_Init_Short 14.8.2010 10:05:11.296 [5f4] Using AVG Kernel: 8.5.441 [271.1.1/3067] 14.8.2010 10:05:12 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 14.8.2010 10:05:14 Using Cyrus SASL 2.1.13 14.8.2010 10:05:17 Starting the main loop 14.8.2010 10:05:17 Redirector version 80000 14.8.2010 10:05:17 EMC changed state :@EMC_Init_Short 14.8.2010 10:05:17 EMC changed state :@EMC_Not_Fully_Functional_Short 14.8.2010 10:05:18 AutoPOP3(10110): Starting server 14.8.2010 10:05:18 Queue processing started 14.8.2010 10:05:18 EMC changed state :@EMC_Running_Short 14.8.2010 13:03:58.296 [5a0] AVG for E-mail [8.5.401] started 14.8.2010 13:03:58.390 [5a0] Registered in WatchDog 14.8.2010 13:03:58.390 [5a0] EMC changed state :@EMC_Init_Short 14.8.2010 13:04:09.937 [5a0] Using AVG Kernel: 8.5.441 [271.1.1/3067] 14.8.2010 13:04:10 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 14.8.2010 13:04:12 Using Cyrus SASL 2.1.13 14.8.2010 13:04:12 Starting the main loop 14.8.2010 13:04:12 Redirector version 80000 14.8.2010 13:04:12 EMC changed state :@EMC_Init_Short 14.8.2010 13:04:12 EMC changed state :@EMC_Not_Fully_Functional_Short 14.8.2010 13:04:12 AutoPOP3(10110): Starting server 14.8.2010 13:04:12 EMC changed state :@EMC_Running_Short 14.8.2010 13:04:12 Queue processing started 14.8.2010 13:37:33 EMC changed state :@EMC_Stopping_Short 14.8.2010 13:37:38 End of program 14.8.2010 13:37:38 AVG for E-mail ended 14.8.2010 13:38:48.750 [504] AVG for E-mail [8.5.401] started 14.8.2010 13:38:48.812 [504] Registered in WatchDog 14.8.2010 13:38:48.812 [504] EMC changed state :@EMC_Init_Short 14.8.2010 13:39:09.187 [504] Using AVG Kernel: 8.5.441 [271.1.1/3067] 14.8.2010 13:39:10 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 14.8.2010 13:39:12 Using Cyrus SASL 2.1.13 14.8.2010 13:39:12 Starting the main loop 14.8.2010 13:39:12 Redirector version 80000 14.8.2010 13:39:12 EMC changed state :@EMC_Init_Short 14.8.2010 13:39:13 EMC changed state :@EMC_Not_Fully_Functional_Short 14.8.2010 13:39:13 AutoPOP3(10110): Starting server 14.8.2010 13:39:13 Queue processing started 14.8.2010 13:39:13 EMC changed state :@EMC_Running_Short 17.8.2010 07:13:07.500 [79c] AVG for E-mail [8.5.401] started 17.8.2010 07:13:07.671 [79c] Registered in WatchDog 17.8.2010 07:13:07.687 [79c] EMC changed state :@EMC_Init_Short 17.8.2010 07:13:22.171 [79c] Using AVG Kernel: 8.5.441 [271.1.1/3074] 17.8.2010 07:13:22 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 17.8.2010 07:13:24 Using Cyrus SASL 2.1.13 17.8.2010 07:13:24 Starting the main loop 17.8.2010 07:13:24 Redirector version 80000 17.8.2010 07:13:24 EMC changed state :@EMC_Init_Short 17.8.2010 07:13:24 EMC changed state :@EMC_Not_Fully_Functional_Short 17.8.2010 07:13:24 AutoPOP3(10110): Starting server 17.8.2010 07:13:24 Queue processing started 17.8.2010 07:13:24 EMC changed state :@EMC_Running_Short 17.8.2010 19:29:09 EMC changed state :@EMC_Stopping_Short 17.8.2010 19:29:14 End of program 17.8.2010 19:29:14 AVG for E-mail ended 17.8.2010 19:30:42.281 [724] AVG for E-mail [8.5.401] started 17.8.2010 19:30:44.218 [724] Registered in WatchDog 17.8.2010 19:30:44.265 [724] EMC changed state :@EMC_Init_Short 17.8.2010 19:31:09.453 [724] Using AVG Kernel: 8.5.441 [271.1.1/3077] 17.8.2010 19:31:15 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 17.8.2010 19:31:20 Using Cyrus SASL 2.1.13 17.8.2010 19:31:20 Starting the main loop 17.8.2010 19:31:20 Redirector version 80000 17.8.2010 19:31:20 EMC changed state :@EMC_Init_Short 17.8.2010 19:31:20 EMC changed state :@EMC_Not_Fully_Functional_Short 17.8.2010 19:31:20 AutoPOP3(10110): Starting server 17.8.2010 19:31:20 Queue processing started 17.8.2010 19:31:20 EMC changed state :@EMC_Running_Short 18.8.2010 23:44:56.296 [228] AVG for E-mail [8.5.401] started 18.8.2010 23:44:56.625 [228] Registered in WatchDog 18.8.2010 23:44:56.625 [228] EMC changed state :@EMC_Init_Short 18.8.2010 23:45:22.390 [228] Using AVG Kernel: 8.5.441 [271.1.1/3080] 18.8.2010 23:45:24 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 18.8.2010 23:45:25 Using Cyrus SASL 2.1.13 18.8.2010 23:45:25 Starting the main loop 18.8.2010 23:45:25 Redirector version 80000 18.8.2010 23:45:25 EMC changed state :@EMC_Init_Short 18.8.2010 23:45:26 EMC changed state :@EMC_Not_Fully_Functional_Short 18.8.2010 23:45:26 AutoPOP3(10110): Starting server 18.8.2010 23:45:26 Queue processing started 18.8.2010 23:45:26 EMC changed state :@EMC_Running_Short 19.8.2010 04:35:16.015 [718] AVG for E-mail [8.5.401] started 19.8.2010 04:35:18.812 [718] Registered in WatchDog 19.8.2010 04:35:19.203 [718] EMC changed state :@EMC_Init_Short 19.8.2010 04:35:39.296 [718] Using AVG Kernel: 8.5.441 [271.1.1/3080] 19.8.2010 04:35:40 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 19.8.2010 04:35:42 Using Cyrus SASL 2.1.13 19.8.2010 04:35:42 Starting the main loop 19.8.2010 04:35:42 Redirector version 80000 19.8.2010 04:35:42 EMC changed state :@EMC_Init_Short 19.8.2010 04:35:42 EMC changed state :@EMC_Not_Fully_Functional_Short 19.8.2010 04:35:42 Queue processing started 19.8.2010 04:35:42 AutoPOP3(10110): Starting server 19.8.2010 04:35:42 EMC changed state :@EMC_Running_Short 19.8.2010 04:49:30 EMC changed state :@EMC_Stopping_Short 19.8.2010 04:49:32 End of program 19.8.2010 04:49:32 AVG for E-mail ended 19.8.2010 19:44:58.062 [434] AVG for E-mail [8.5.401] started 19.8.2010 19:44:58.125 [434] Registered in WatchDog 19.8.2010 19:44:58.125 [434] EMC changed state :@EMC_Init_Short 19.8.2010 19:45:14.781 [434] Using AVG Kernel: 8.5.441 [271.1.1/3080] 19.8.2010 19:45:15 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 19.8.2010 19:45:17 Using Cyrus SASL 2.1.13 19.8.2010 19:45:17 Starting the main loop 19.8.2010 19:45:17 Redirector version 80000 19.8.2010 19:45:17 EMC changed state :@EMC_Init_Short 19.8.2010 19:45:17 EMC changed state :@EMC_Not_Fully_Functional_Short 19.8.2010 19:45:17 AutoPOP3(10110): Starting server 19.8.2010 19:45:17 Queue processing started 19.8.2010 19:45:17 EMC changed state :@EMC_Running_Short 27.8.2010 03:09:03.703 [564] AVG for E-mail [8.5.401] started 27.8.2010 03:09:03.812 [564] Registered in WatchDog 27.8.2010 03:09:03.812 [564] EMC changed state :@EMC_Init_Short 27.8.2010 03:09:15.781 [564] Using AVG Kernel: 8.5.441 [271.1.1/3093] 27.8.2010 03:09:16 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 27.8.2010 03:09:17 Using Cyrus SASL 2.1.13 27.8.2010 03:09:19 Starting the main loop 27.8.2010 03:09:19 Redirector version 80000 27.8.2010 03:09:19 EMC changed state :@EMC_Init_Short 27.8.2010 03:09:19 EMC changed state :@EMC_Not_Fully_Functional_Short 27.8.2010 03:09:19 AutoPOP3(10110): Starting server 27.8.2010 03:09:19 Queue processing started 27.8.2010 03:09:19 EMC changed state :@EMC_Running_Short 27.8.2010 23:16:21.484 [450] AVG for E-mail [8.5.401] started 27.8.2010 23:16:21.843 [450] Registered in WatchDog 27.8.2010 23:16:21.843 [450] EMC changed state :@EMC_Init_Short 27.8.2010 23:16:35.703 [450] Using AVG Kernel: 8.5.441 [271.1.1/3096] 27.8.2010 23:16:36 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 27.8.2010 23:16:37 Using Cyrus SASL 2.1.13 27.8.2010 23:16:40 Starting the main loop 27.8.2010 23:16:40 Redirector version 80000 27.8.2010 23:16:40 EMC changed state :@EMC_Init_Short 27.8.2010 23:16:40 EMC changed state :@EMC_Not_Fully_Functional_Short 27.8.2010 23:16:40 AutoPOP3(10110): Starting server 27.8.2010 23:16:40 Queue processing started 27.8.2010 23:16:40 EMC changed state :@EMC_Running_Short 28.8.2010 15:41:17 EMC changed state :@EMC_Stopping_Short 28.8.2010 15:41:22 End of program 28.8.2010 15:41:22 AVG for E-mail ended 28.8.2010 15:42:45.000 [528] AVG for E-mail [8.5.401] started 28.8.2010 15:42:45.156 [528] Registered in WatchDog 28.8.2010 15:42:45.171 [528] EMC changed state :@EMC_Init_Short 28.8.2010 15:42:59.171 [528] Using AVG Kernel: 8.5.441 [271.1.1/3099] 28.8.2010 15:42:59 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 28.8.2010 15:43:01 Using Cyrus SASL 2.1.13 28.8.2010 15:43:01 Starting the main loop 28.8.2010 15:43:01 Redirector version 80000 28.8.2010 15:43:01 EMC changed state :@EMC_Init_Short 28.8.2010 15:43:01 EMC changed state :@EMC_Not_Fully_Functional_Short 28.8.2010 15:43:01 AutoPOP3(10110): Starting server 28.8.2010 15:43:01 Queue processing started 28.8.2010 15:43:01 EMC changed state :@EMC_Running_Short 28.8.2010 15:59:49 EMC changed state :@EMC_Stopping_Short 28.8.2010 15:59:53 End of program 28.8.2010 15:59:53 AVG for E-mail ended 28.8.2010 16:01:13.078 [464] AVG for E-mail [8.5.401] started 28.8.2010 16:01:13.968 [464] Registered in WatchDog 28.8.2010 16:01:13.984 [464] EMC changed state :@EMC_Init_Short 28.8.2010 16:01:28.968 [464] Using AVG Kernel: 8.5.441 [271.1.1/3099] 28.8.2010 16:01:29 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 28.8.2010 16:01:30 Using Cyrus SASL 2.1.13 28.8.2010 16:01:31 Starting the main loop 28.8.2010 16:01:31 Redirector version 80000 28.8.2010 16:01:31 EMC changed state :@EMC_Init_Short 28.8.2010 16:01:31 EMC changed state :@EMC_Not_Fully_Functional_Short 28.8.2010 16:01:31 AutoPOP3(10110): Starting server 28.8.2010 16:01:31 Queue processing started 28.8.2010 16:01:31 EMC changed state :@EMC_Running_Short 28.8.2010 23:27:09 EMC changed state :@EMC_Stopping_Short 28.8.2010 23:27:14 End of program 28.8.2010 23:27:14 AVG for E-mail ended 28.8.2010 23:28:34.109 [24c] AVG for E-mail [8.5.401] started 28.8.2010 23:28:34.250 [24c] Registered in WatchDog 28.8.2010 23:28:34.250 [24c] EMC changed state :@EMC_Init_Short 28.8.2010 23:28:44.187 [24c] Using AVG Kernel: 8.5.441 [271.1.1/3099] 28.8.2010 23:28:44 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 28.8.2010 23:28:45 Using Cyrus SASL 2.1.13 28.8.2010 23:28:45 Starting the main loop 28.8.2010 23:28:45 Redirector version 80000 28.8.2010 23:28:45 EMC changed state :@EMC_Init_Short 28.8.2010 23:28:45 EMC changed state :@EMC_Not_Fully_Functional_Short 28.8.2010 23:28:45 AutoPOP3(10110): Starting server 28.8.2010 23:28:45 Queue processing started 28.8.2010 23:28:45 EMC changed state :@EMC_Running_Short 29.8.2010 01:09:35 EMC changed state :@EMC_Stopping_Short 29.8.2010 01:09:39 End of program 29.8.2010 01:09:39 AVG for E-mail ended 29.8.2010 01:11:01.671 [728] AVG for E-mail [8.5.401] started 29.8.2010 01:11:01.703 [728] Registered in WatchDog 29.8.2010 01:11:01.703 [728] EMC changed state :@EMC_Init_Short 29.8.2010 01:11:12.906 [728] Using AVG Kernel: 8.5.441 [271.1.1/3099] 29.8.2010 01:11:13 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 29.8.2010 01:11:14 Using Cyrus SASL 2.1.13 29.8.2010 01:11:14 Starting the main loop 29.8.2010 01:11:14 Redirector version 80000 29.8.2010 01:11:14 EMC changed state :@EMC_Init_Short 29.8.2010 01:11:14 EMC changed state :@EMC_Not_Fully_Functional_Short 29.8.2010 01:11:14 AutoPOP3(10110): Starting server 29.8.2010 01:11:14 Queue processing started 29.8.2010 01:11:14 EMC changed state :@EMC_Running_Short 29.8.2010 03:24:02 EMC changed state :@EMC_Stopping_Short 29.8.2010 03:24:06 End of program 29.8.2010 03:24:06 AVG for E-mail ended 29.8.2010 03:25:30.343 [1f0] AVG for E-mail [8.5.401] started 29.8.2010 03:25:31.750 [1f0] Registered in WatchDog 29.8.2010 03:25:31.828 [1f0] EMC changed state :@EMC_Init_Short 29.8.2010 03:25:41.062 [1f0] Using AVG Kernel: 8.5.441 [271.1.1/3099] 29.8.2010 03:25:42 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 29.8.2010 03:25:57 Using Cyrus SASL 2.1.13 29.8.2010 03:25:58 Starting the main loop 29.8.2010 03:25:58 Redirector version 80000 29.8.2010 03:25:59 EMC changed state :@EMC_Init_Short 29.8.2010 03:25:59 EMC changed state :@EMC_Not_Fully_Functional_Short 29.8.2010 03:25:59 AutoPOP3(10110): Starting server 29.8.2010 03:25:59 Queue processing started 29.8.2010 03:26:01 EMC changed state :@EMC_Running_Short 29.8.2010 10:28:50 EMC changed state :@EMC_Stopping_Short 29.8.2010 10:28:53 End of program 29.8.2010 10:28:53 AVG for E-mail ended 29.8.2010 10:29:59.953 [49c] AVG for E-mail [8.5.401] started 29.8.2010 10:30:00.000 [49c] Registered in WatchDog 29.8.2010 10:30:00.000 [49c] EMC changed state :@EMC_Init_Short 29.8.2010 10:30:03.375 [49c] Using AVG Kernel: 8.5.441 [271.1.1/3099] 29.8.2010 10:30:03 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 29.8.2010 10:30:04 Using Cyrus SASL 2.1.13 29.8.2010 10:30:05 Starting the main loop 29.8.2010 10:30:05 Redirector version 80000 29.8.2010 10:30:05 EMC changed state :@EMC_Init_Short 29.8.2010 10:30:05 EMC changed state :@EMC_Not_Fully_Functional_Short 29.8.2010 10:30:05 AutoPOP3(10110): Starting server 29.8.2010 10:30:05 Queue processing started 29.8.2010 10:30:05 EMC changed state :@EMC_Running_Short 1.9.2010 17:26:44.531 [46c] AVG for E-mail [8.5.401] started 1.9.2010 17:26:44.828 [46c] Registered in WatchDog 1.9.2010 17:26:44.828 [46c] EMC changed state :@EMC_Init_Short 1.9.2010 17:26:53.828 [46c] Using AVG Kernel: 8.5.441 [271.1.1/3102] 1.9.2010 17:26:54 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 1.9.2010 17:26:55 Using Cyrus SASL 2.1.13 1.9.2010 17:26:56 Starting the main loop 1.9.2010 17:26:56 Redirector version 80000 1.9.2010 17:26:56 EMC changed state :@EMC_Init_Short 1.9.2010 17:26:56 EMC changed state :@EMC_Not_Fully_Functional_Short 1.9.2010 17:26:56 AutoPOP3(10110): Starting server 1.9.2010 17:26:56 EMC changed state :@EMC_Running_Short 1.9.2010 17:26:56 Queue processing started 2.9.2010 09:07:43 EMC changed state :@EMC_Stopping_Short 2.9.2010 09:07:46 End of program 2.9.2010 09:07:46 AVG for E-mail ended 2.9.2010 09:09:10.218 [544] AVG for E-mail [8.5.401] started 2.9.2010 09:09:10.390 [544] Registered in WatchDog 2.9.2010 09:09:10.390 [544] EMC changed state :@EMC_Init_Short 2.9.2010 09:09:18.015 [544] Using AVG Kernel: 8.5.441 [271.1.1/3102] 2.9.2010 09:09:18 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log' 2.9.2010 09:09:19 Using Cyrus SASL 2.1.13 2.9.2010 09:09:19 Starting the main loop 2.9.2010 09:09:19 Redirector version 80000 2.9.2010 09:09:19 EMC changed state :@EMC_Init_Short 2.9.2010 09:09:19 EMC changed state :@EMC_Not_Fully_Functional_Short 2.9.2010 09:09:19 AutoPOP3(10110): Starting server 2.9.2010 09:09:19 Queue processing started 2.9.2010 09:09:19 EMC changed state :@EMC_Running_Short
  4. jeffds
    One of my hard drives the folders some folders have switched to .exe files. I think this drive is infected with somthing. I tried to scan with MBAM but there were no threats found. Anything I can do? Thanks
  5. jeffds
    Thanks It said no threats found! Is there anyway to stop all auto-run files on usb drives/hard drives as i belive that is how I got infected. Also is it safe to connect the old usb drives and scan them with MBAM? Also Is there any programs I should use other then AVG, MBAM and SpyBot? I'm guessing a firewall is in order. Any help on keeping my computer secure would be much appreciated. Also I noticed that under add remove programs that there is acrobat 10 and 8.0 should I remove the old version? Can I re-enable AVG now? Thanks. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4514 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 31/08/2010 10:08:36 AM mbam-log-2010-08-31 (10-08-36).txt Scan type: Quick scan Objects scanned: 129771 Time elapsed: 6 minute(s), 28 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  6. jeffds
    This is the new log from the updated Combofix: ComboFix 10-08-30.02 - Admin 31/08/2010 9:00.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1299 [GMT -6:00] Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-31 ))))))))))))))))))))))))))))))) . 2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2010-08-28 21:26 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-28 21:26 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-14 19:28 . 2009-07-06 16:48 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys 2010-08-14 19:22 . 2010-08-14 19:22 -------- d-----w- c:\program files\Safari 2010-08-14 19:21 . 2010-08-14 19:21 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe 2010-08-14 19:20 . 2010-08-14 19:20 -------- d-----w- c:\program files\iPod 2010-08-14 19:14 . 2010-08-14 19:14 -------- d-----w- c:\program files\Bonjour 2010-08-14 19:13 . 2010-08-14 19:13 -------- d-----w- c:\program files\Common Files\Java 2010-08-14 19:11 . 2010-08-14 19:11 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-08-06 15:33 . 2010-08-06 15:33 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\msvcp71.dll 2010-08-06 15:33 . 2010-08-06 15:33 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\jmc.dll 2010-08-06 15:33 . 2010-08-06 15:33 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\msvcr71.dll 2010-08-06 15:33 . 2010-08-06 15:33 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-166fba1e-n\decora-sse.dll 2010-08-06 15:33 . 2010-08-06 15:33 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-166fba1e-n\decora-d3d.dll 2010-08-03 18:09 . 2010-08-03 18:09 -------- d-----w- c:\documents and settings\Admin\Application Data\AnvSoft 2010-08-03 18:09 . 2010-08-03 18:09 -------- d-----w- c:\program files\AnvSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-29 18:00 . 2009-10-04 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2010-08-24 14:32 . 2009-11-22 01:45 -------- d-----w- c:\program files\Diablo II 2010-08-17 15:03 . 2010-03-07 05:47 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc 2010-08-14 19:21 . 2010-05-26 22:04 -------- d-----w- c:\program files\iTunes 2010-08-14 19:20 . 2010-01-15 01:34 -------- d-----w- c:\program files\Common Files\Apple 2010-08-14 19:12 . 2009-10-04 12:11 -------- d-----w- c:\program files\Java 2010-08-14 09:07 . 2009-06-23 03:51 -------- d-----w- c:\program files\Microsoft Works 2010-08-14 08:52 . 2009-06-23 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-17 11:00 . 2010-05-26 21:56 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-07 16:39 . 2010-07-07 16:39 139752 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-07-07 15:44 . 2010-03-26 02:50 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-30 12:31 . 2009-05-20 19:07 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2009-05-20 19:07 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2009-05-20 19:07 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-23 01:39 . 2010-06-23 01:39 50354 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\uninstall.exe 2010-06-21 15:27 . 2009-05-20 19:07 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2009-05-20 19:07 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2009-05-20 19:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2009-05-20 19:07 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll . ((((((((((((((((((((((((((((( SnapShot@2010-08-29_16.30.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-20 19:07 . 2010-08-29 16:34 68062 c:\windows\system32\perfc009.dat - 2009-05-20 19:07 . 2010-08-29 09:29 68062 c:\windows\system32\perfc009.dat + 2009-05-20 19:07 . 2010-08-29 16:34 433256 c:\windows\system32\perfh009.dat - 2009-05-20 19:07 . 2010-08-29 09:29 433256 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 17:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1] @="{fe25455d-b4c2-4e32-97d2-92632ec1c224}" [HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}] 2009-11-07 07:07 297808 ----a-w- c:\windows\system32\mscoree.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2] @="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}" [HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}] 2009-11-07 07:07 297808 ----a-w- c:\windows\system32\mscoree.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-08 397312] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920] "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-08 3054136] "LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-13 2048352] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "ASUS VIBE"="c:\program files\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-22 376832] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776] HPAiODevice(hp officejet 7100 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2003-6-24 495682] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-10-04 11:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [14/08/2010 1:28 PM 11448] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/10/2009 5:28 AM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/10/2009 5:28 AM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [04/10/2009 5:27 AM 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/10/2009 5:27 AM 297752] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/06/2009 1:26 AM 38912] R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01/06/2009 1:26 AM 39040] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/10/2009 3:46 AM 133104] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/06/2009 9:49 PM 1684736] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [21/06/2010 1:37 AM 11520] . Contents of the 'Scheduled Tasks' folder 2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50] 2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 09:46] 2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 09:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4qt8msvl.default\ FF - prefs.js: browser.startup.homepage - www.google.ca FF - plugin: c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-31 09:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\docume~1\Admin\LOCALS~1\Temp\Perflib_Perfdata_ae0.dat 16384 bytes scan completed successfully hidden files: 1 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\igfxdev.dll - - - - - - - > 'explorer.exe'(2016) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\ASUS\Eee Storage\XPClient.dll c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll c:\program files\ASUS\Eee Storage\EcaremeDLL.dll c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-08-31 09:07:09 ComboFix-quarantined-files.txt 2010-08-31 15:07 ComboFix2.txt 2010-08-30 17:33 ComboFix3.txt 2010-08-29 16:36 Pre-Run: 15,929,176,064 bytes free Post-Run: 15,905,230,848 bytes free - - End Of File - - 6E5F73BF78922853095E42FEC08C1711
  7. jeffds
    Also Combofix said there was a new update, I clicked NO just incase. Let me know if I should let it update. Just a heads up.
  8. jeffds
    Hi sorry for the slow response the internet went down for a good 10 hours yesterday. I will scan the other drives when you give me the go ahead. Here is the latest scan log per your directions: ComboFix 10-08-28.02 - Admin 30/08/2010 11:24:33.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1287 [GMT -6:00] Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Admin\LOCALS~1\Temp\E_N4 c:\docume~1\Admin\LOCALS~1\Temp\E_N4\dp1.fne c:\docume~1\Admin\LOCALS~1\Temp\E_N4\eAPI.fne c:\docume~1\Admin\LOCALS~1\Temp\E_N4\HtmlView.fne c:\docume~1\Admin\LOCALS~1\Temp\E_N4\krnln.fnr c:\windows\system32\4699C3 c:\windows\system32\4699C3\85cbac.txt c:\windows\system32\4699C3\89083f.txt c:\windows\system32\4699C3\9f98fe.txt c:\windows\system32\4E8B89 c:\windows\system32\4E8B89\5706e424.txt c:\windows\system32\5F7F8F c:\windows\system32\5F7F8F\005C29.EXE c:\windows\system32\95874B c:\windows\system32\95874B\dp1.fne c:\windows\system32\95874B\eAPI.fne c:\windows\system32\95874B\krnln.fnr c:\windows\system32\95874B\wi4699c.exe c:\windows\system32\95874B\WV8E6052.EXE G:\autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 ))))))))))))))))))))))))))))))) . 2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2010-08-28 21:26 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-28 21:26 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-14 19:28 . 2009-07-06 16:48 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys 2010-08-14 19:22 . 2010-08-14 19:22 -------- d-----w- c:\program files\Safari 2010-08-14 19:21 . 2010-08-14 19:21 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe 2010-08-14 19:20 . 2010-08-14 19:20 -------- d-----w- c:\program files\iPod 2010-08-14 19:14 . 2010-08-14 19:14 -------- d-----w- c:\program files\Bonjour 2010-08-14 19:13 . 2010-08-14 19:13 -------- d-----w- c:\program files\Common Files\Java 2010-08-14 19:11 . 2010-08-14 19:11 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-08-06 15:33 . 2010-08-06 15:33 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\msvcp71.dll 2010-08-06 15:33 . 2010-08-06 15:33 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\jmc.dll 2010-08-06 15:33 . 2010-08-06 15:33 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\msvcr71.dll 2010-08-06 15:33 . 2010-08-06 15:33 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-166fba1e-n\decora-sse.dll 2010-08-06 15:33 . 2010-08-06 15:33 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-166fba1e-n\decora-d3d.dll 2010-08-03 18:09 . 2010-08-03 18:09 -------- d-----w- c:\documents and settings\Admin\Application Data\AnvSoft 2010-08-03 18:09 . 2010-08-03 18:09 -------- d-----w- c:\program files\AnvSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-29 18:00 . 2009-10-04 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2010-08-24 14:32 . 2009-11-22 01:45 -------- d-----w- c:\program files\Diablo II 2010-08-17 15:03 . 2010-03-07 05:47 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc 2010-08-14 19:21 . 2010-05-26 22:04 -------- d-----w- c:\program files\iTunes 2010-08-14 19:20 . 2010-01-15 01:34 -------- d-----w- c:\program files\Common Files\Apple 2010-08-14 19:12 . 2009-10-04 12:11 -------- d-----w- c:\program files\Java 2010-08-14 09:07 . 2009-06-23 03:51 -------- d-----w- c:\program files\Microsoft Works 2010-08-14 08:52 . 2009-06-23 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-17 11:00 . 2010-05-26 21:56 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-07 16:39 . 2010-07-07 16:39 139752 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-07-07 15:44 . 2010-03-26 02:50 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-30 12:31 . 2009-05-20 19:07 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2009-05-20 19:07 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2009-05-20 19:07 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-23 01:39 . 2010-06-23 01:39 50354 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\uninstall.exe 2010-06-21 15:27 . 2009-05-20 19:07 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2009-05-20 19:07 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2009-05-20 19:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2009-05-20 19:07 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll . ((((((((((((((((((((((((((((( SnapShot@2010-08-29_16.30.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-20 19:07 . 2010-08-29 16:34 68062 c:\windows\system32\perfc009.dat - 2009-05-20 19:07 . 2010-08-29 09:29 68062 c:\windows\system32\perfc009.dat + 2009-05-20 19:07 . 2010-08-29 16:34 433256 c:\windows\system32\perfh009.dat - 2009-05-20 19:07 . 2010-08-29 09:29 433256 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 17:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1] @="{fe25455d-b4c2-4e32-97d2-92632ec1c224}" [HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}] 2009-11-07 07:07 297808 ----a-w- c:\windows\system32\mscoree.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2] @="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}" [HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}] 2009-11-07 07:07 297808 ----a-w- c:\windows\system32\mscoree.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-08 397312] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920] "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-08 3054136] "LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-13 2048352] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "ASUS VIBE"="c:\program files\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] c:\documents and settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-22 376832] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776] HPAiODevice(hp officejet 7100 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2003-6-24 495682] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-10-04 11:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [14/08/2010 1:28 PM 11448] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/10/2009 5:28 AM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/10/2009 5:28 AM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [04/10/2009 5:27 AM 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/10/2009 5:27 AM 297752] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/06/2009 1:26 AM 38912] R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01/06/2009 1:26 AM 39040] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/10/2009 3:46 AM 133104] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/06/2009 9:49 PM 1684736] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [21/06/2010 1:37 AM 11520] . Contents of the 'Scheduled Tasks' folder 2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50] 2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 09:46] 2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 09:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4qt8msvl.default\ FF - prefs.js: browser.startup.homepage - www.google.ca FF - plugin: c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-30 11:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\igfxdev.dll . Completion time: 2010-08-30 11:33:21 ComboFix-quarantined-files.txt 2010-08-30 17:33 ComboFix2.txt 2010-08-29 16:36 Pre-Run: 15,967,293,440 bytes free Post-Run: 15,943,942,144 bytes free - - End Of File - - 4A2BBBA39B7CCA969E9AEE4017F7E3FD
  9. jeffds
    Thankyou so much for your quick reply! *I Have a few HD's and SD cards that I may have used since I was infected. Is there a way to check if they are safe? Here are the results of Combofix: ComboFix 10-08-28.02 - Admin 29/08/2010 10:23:57.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1307 [GMT -6:00] Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Admin\LOCALS~1\Temp\E_N4 c:\docume~1\Admin\LOCALS~1\Temp\E_N4\dp1.fne c:\docume~1\Admin\LOCALS~1\Temp\E_N4\eAPI.fne c:\docume~1\Admin\LOCALS~1\Temp\E_N4\HtmlView.fne c:\docume~1\Admin\LOCALS~1\Temp\E_N4\krnln.fnr c:\windows\system32\Drivers\aiut.sys c:\windows\system32\Thumbs.db G:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_apcju ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 ))))))))))))))))))))))))))))))) . 2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2010-08-28 21:26 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-28 21:26 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-18 10:09 . 2010-08-29 16:30 -------- d-----w- c:\windows\system32\95874B 2010-08-18 10:09 . 2010-08-20 02:02 -------- d-----w- c:\windows\system32\4E8B89 2010-08-18 10:09 . 2010-08-20 02:02 -------- d-----w- c:\windows\system32\4699C3 2010-08-18 10:09 . 2010-08-18 10:26 -------- d-----w- c:\windows\system32\5F7F8F 2010-08-14 19:28 . 2009-07-06 16:48 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys 2010-08-14 19:22 . 2010-08-14 19:22 -------- d-----w- c:\program files\Safari 2010-08-14 19:21 . 2010-08-14 19:21 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe 2010-08-14 19:20 . 2010-08-14 19:20 -------- d-----w- c:\program files\iPod 2010-08-14 19:14 . 2010-08-14 19:14 -------- d-----w- c:\program files\Bonjour 2010-08-14 19:13 . 2010-08-14 19:13 -------- d-----w- c:\program files\Common Files\Java 2010-08-14 19:11 . 2010-08-14 19:11 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe 2010-08-06 15:33 . 2010-08-06 15:33 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\msvcp71.dll 2010-08-06 15:33 . 2010-08-06 15:33 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\jmc.dll 2010-08-06 15:33 . 2010-08-06 15:33 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\msvcr71.dll 2010-08-06 15:33 . 2010-08-06 15:33 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-166fba1e-n\decora-sse.dll 2010-08-06 15:33 . 2010-08-06 15:33 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-166fba1e-n\decora-d3d.dll 2010-08-03 18:09 . 2010-08-03 18:09 -------- d-----w- c:\documents and settings\Admin\Application Data\AnvSoft 2010-08-03 18:09 . 2010-08-03 18:09 -------- d-----w- c:\program files\AnvSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-29 07:11 . 2009-10-04 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2010-08-24 14:32 . 2009-11-22 01:45 -------- d-----w- c:\program files\Diablo II 2010-08-17 15:03 . 2010-03-07 05:47 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc 2010-08-14 19:21 . 2010-05-26 22:04 -------- d-----w- c:\program files\iTunes 2010-08-14 19:20 . 2010-01-15 01:34 -------- d-----w- c:\program files\Common Files\Apple 2010-08-14 19:12 . 2009-10-04 12:11 -------- d-----w- c:\program files\Java 2010-08-14 09:07 . 2009-06-23 03:51 -------- d-----w- c:\program files\Microsoft Works 2010-08-14 08:52 . 2009-06-23 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-17 11:00 . 2010-05-26 21:56 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-07 16:39 . 2010-07-07 16:39 139752 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-07-07 15:44 . 2010-03-26 02:50 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-30 12:31 . 2009-05-20 19:07 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22 . 2009-05-20 19:07 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44 . 2009-05-20 19:07 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-23 01:39 . 2010-06-23 01:39 50354 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\uninstall.exe 2010-06-21 15:27 . 2009-05-20 19:07 354304 ----a-w- c:\windows\system32\drivers\srv.sys 2010-06-17 14:03 . 2009-05-20 19:07 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 14:31 . 2009-05-20 19:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-14 07:41 . 2009-05-20 19:07 1172480 ----a-w- c:\windows\system32\msxml3.dll 2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 17:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1] @="{fe25455d-b4c2-4e32-97d2-92632ec1c224}" [HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}] 2009-11-07 07:07 297808 ----a-w- c:\windows\system32\mscoree.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2] @="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}" [HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}] 2009-11-07 07:07 297808 ----a-w- c:\windows\system32\mscoree.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-08 397312] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784] "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304] "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072] "RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920] "SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-08 3054136] "LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-13 2048352] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "ASUS VIBE"="c:\program files\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608] "9B75C3"="c:\windows\system32\5F7F8F\005C29.EXE" [2010-08-18 1242081] c:\documents and settings\Admin\Start Menu\Programs\Startup\ 44AED5.lnk - c:\windows\system32\5F7F8F\005C29.EXE [2010-8-18 1242081] MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-11-21 576000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-22 376832] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776] HPAiODevice(hp officejet 7100 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2003-6-24 495682] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-10-04 11:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [14/08/2010 1:28 PM 11448] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/10/2009 5:28 AM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/10/2009 5:28 AM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [04/10/2009 5:27 AM 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/10/2009 5:27 AM 297752] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/06/2009 1:26 AM 38912] R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01/06/2009 1:26 AM 39040] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/10/2009 3:46 AM 133104] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/06/2009 9:49 PM 1684736] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [21/06/2010 1:37 AM 11520] . Contents of the 'Scheduled Tasks' folder 2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50] 2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 09:46] 2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 09:46] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ uInternet Settings,ProxyOverride = *.local IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4qt8msvl.default\ FF - prefs.js: browser.startup.homepage - www.google.ca FF - plugin: c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-29 10:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3392) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\ASUS\Eee Storage\XPClient.dll c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll c:\program files\ASUS\Eee Storage\EcaremeDLL.dll c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll c:\windows\system32\webcheck.dll c:\windows\system32\IEFRAME.dll c:\windows\system32\btmmhook.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\windows\system32\igfxext.exe c:\program files\iPod\bin\iPodService.exe c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe c:\windows\system32\scrnsave.scr . ************************************************************************** . Completion time: 2010-08-29 10:36:26 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-29 16:36 Pre-Run: 15,772,811,264 bytes free Post-Run: 15,950,458,880 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - DFFC51F746F218AC8991870F50721235
  10. jeffds
    Hi, I have done a several scans with Malwarebytes but each time I have been unable to remove all threats. here is the log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4495 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29/08/2010 1:25:17 AM mbam-log-2010-08-29 (01-25-17).txt Scan type: Quick scan Objects scanned: 129710 Time elapsed: 10 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Admin\Local Settings\Temp\E_N4 (Worm.Autorun) -> Delete on reboot. Files Infected: C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot. C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully. C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot. C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4495 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29/08/2010 1:25:17 AM mbam-log-2010-08-29 (01-25-17).txt Scan type: Quick scan Objects scanned: 129710 Time elapsed: 10 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\Admin\Local Settings\Temp\E_N4 (Worm.Autorun) -> Delete on reboot. Files Infected: C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot. C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot. C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully. C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot. C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot. DDS LOG: DDS (Ver_10-03-17.01) - NTFSx86 Run by Admin at 1:28:16.32 on 29/08/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1191 [GMT -6:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe C:\Program Files\EeePC\ACPI\AsEPCMon.exe C:\Program Files\EeePC\ACPI\AsTray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\AsScrPro.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\5F7F8F\005C29.EXE C:\Program Files\ASUS\Eee Docking\Eee Docking.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\MagicDisc\MagicDisc.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\95874B\WV8E6052.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Admin\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.ca/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uURLSearchHooks: H - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [synAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [ASUS VIBE] c:\program files\asus\asus vibe\ASUS VIBE.exe /S mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [9B75C3] c:\windows\system32\5f7f8f\005C29.EXE mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\docume~1\admin\startm~1\programs\startup\44aed5.lnk - c:\windows\system32\5f7f8f\005C29.EXE StartupFolder: c:\docume~1\admin\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet 7100 series\bin\hpogrp07.exe IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\aibelive\voice command\skype4com.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\4qt8msvl.default\ FF - prefs.js: browser.startup.homepage - www.google.ca FF - plugin: c:\documents and settings\admin\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-8-14 11448] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-4 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-4 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-4 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-10-4 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-4 297752] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-22 54752] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-6-1 38912] R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-6-1 39040] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-24 133104] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-22 1684736] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-6-21 11520] =============== Created Last 30 ================ 2010-08-29 07:25:45 54016 ----a-w- c:\windows\system32\drivers\ucajb.sys 2010-08-28 21:26:31 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes 2010-08-28 21:26:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-28 21:26:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-08-28 21:26:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-28 21:26:16 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-18 10:09:56 0 d-----w- c:\windows\system32\95874B 2010-08-18 10:09:56 0 d-----w- c:\windows\system32\4E8B89 2010-08-18 10:09:56 0 d-----w- c:\windows\system32\4699C3 2010-08-18 10:09:46 0 d-----w- c:\windows\system32\5F7F8F 2010-08-14 19:28:39 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys 2010-08-14 19:20:12 0 d-----w- c:\program files\iPod 2010-08-14 19:14:27 0 d-----w- c:\program files\Bonjour 2010-08-03 18:09:49 0 d-----w- c:\docume~1\admin\applic~1\AnvSoft 2010-08-03 18:09:45 0 d-----w- c:\program files\AnvSoft ==================== Find3M ==================== 2010-07-17 11:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll 2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys 2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll 2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll 2009-07-02 02:49:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat 2009-10-04 10:24:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009100420091005\index.dat 2009-10-04 10:24:18 16384 --sha-w- c:\windows\temp\cookies\index.dat 2009-10-04 10:24:18 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat 2009-10-04 10:24:18 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat ============= FINISH: 1:29:39.93 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.