Jump to content

Infected and Logs provided


jeffds
 Share

Recommended Posts

Hi, I have done a several scans with Malwarebytes but each time I have been unable to remove all threats.

here is the log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4495

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

29/08/2010 1:25:17 AM

mbam-log-2010-08-29 (01-25-17).txt

Scan type: Quick scan

Objects scanned: 129710

Time elapsed: 10 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4 (Worm.Autorun) -> Delete on reboot.

Files Infected:

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot.

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4495

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

29/08/2010 1:25:17 AM

mbam-log-2010-08-29 (01-25-17).txt

Scan type: Quick scan

Objects scanned: 129710

Time elapsed: 10 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4 (Worm.Autorun) -> Delete on reboot.

Files Infected:

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot.

C:\Documents and Settings\Admin\Local Settings\Temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot.

DDS LOG:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Admin at 1:28:16.32 on 29/08/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1191 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\Program Files\EeePC\ACPI\AsTray.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\AsScrPro.exe

C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\5F7F8F\005C29.EXE

C:\Program Files\ASUS\Eee Docking\Eee Docking.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\95874B\WV8E6052.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Admin\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe

mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe

mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [synAsusAcpi] c:\program files\synaptics\syntp\SynAsusAcpi.exe

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe

mRun: [LiveUpdate] c:\program files\asus\liveupdate\LiveUpdate.exe auto

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [ASUS VIBE] c:\program files\asus\asus vibe\ASUS VIBE.exe /S

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [9B75C3] c:\windows\system32\5f7f8f\005C29.EXE

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\docume~1\admin\startm~1\programs\startup\44aed5.lnk - c:\windows\system32\5f7f8f\005C29.EXE

StartupFolder: c:\docume~1\admin\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet 7100 series\bin\hpogrp07.exe

IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\aibelive\voice command\skype4com.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\4qt8msvl.default\

FF - prefs.js: browser.startup.homepage - www.google.ca

FF - plugin: c:\documents and settings\admin\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-8-14 11448]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-4 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-4 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-4 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-10-4 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-4 297752]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-22 54752]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-6-1 38912]

R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2009-6-1 39040]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-24 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-6-22 1684736]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2010-6-21 11520]

=============== Created Last 30 ================

2010-08-29 07:25:45 54016 ----a-w- c:\windows\system32\drivers\ucajb.sys

2010-08-28 21:26:31 0 d-----w- c:\docume~1\admin\applic~1\Malwarebytes

2010-08-28 21:26:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-28 21:26:19 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-28 21:26:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-28 21:26:16 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-18 10:09:56 0 d-----w- c:\windows\system32\95874B

2010-08-18 10:09:56 0 d-----w- c:\windows\system32\4E8B89

2010-08-18 10:09:56 0 d-----w- c:\windows\system32\4699C3

2010-08-18 10:09:46 0 d-----w- c:\windows\system32\5F7F8F

2010-08-14 19:28:39 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys

2010-08-14 19:20:12 0 d-----w- c:\program files\iPod

2010-08-14 19:14:27 0 d-----w- c:\program files\Bonjour

2010-08-03 18:09:49 0 d-----w- c:\docume~1\admin\applic~1\AnvSoft

2010-08-03 18:09:45 0 d-----w- c:\program files\AnvSoft

==================== Find3M ====================

2010-07-17 11:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll

2009-07-02 02:49:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat

2009-10-04 10:24:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009100420091005\index.dat

2009-10-04 10:24:18 16384 --sha-w- c:\windows\temp\cookies\index.dat

2009-10-04 10:24:18 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2009-10-04 10:24:18 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 1:29:39.93 ===============

Link to post
Share on other sites

Welcome to the forum.

Download ComboFix from one of these locations:

Link 1

Link 2

ComboFix Guide

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit. More info HERE
    They may interfere with the running of ComboFix.
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please let me know.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

5.Give it atleast 20-30 minutes to finish if needed.

MrC

Link to post
Share on other sites

Thankyou so much for your quick reply!

*I Have a few HD's and SD cards that I may have used since I was infected. Is there a way to check if they are safe?

Here are the results of Combofix:

ComboFix 10-08-28.02 - Admin 29/08/2010 10:23:57.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1307 [GMT -6:00]

Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Admin\LOCALS~1\Temp\E_N4

c:\docume~1\Admin\LOCALS~1\Temp\E_N4\dp1.fne

c:\docume~1\Admin\LOCALS~1\Temp\E_N4\eAPI.fne

c:\docume~1\Admin\LOCALS~1\Temp\E_N4\HtmlView.fne

c:\docume~1\Admin\LOCALS~1\Temp\E_N4\krnln.fnr

c:\windows\system32\Drivers\aiut.sys

c:\windows\system32\Thumbs.db

G:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_apcju

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))

.

2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes

2010-08-28 21:26 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-28 21:26 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-18 10:09 . 2010-08-29 16:30 -------- d-----w- c:\windows\system32\95874B

2010-08-18 10:09 . 2010-08-20 02:02 -------- d-----w- c:\windows\system32\4E8B89

2010-08-18 10:09 . 2010-08-20 02:02 -------- d-----w- c:\windows\system32\4699C3

2010-08-18 10:09 . 2010-08-18 10:26 -------- d-----w- c:\windows\system32\5F7F8F

2010-08-14 19:28 . 2009-07-06 16:48 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys

2010-08-14 19:22 . 2010-08-14 19:22 -------- d-----w- c:\program files\Safari

2010-08-14 19:21 . 2010-08-14 19:21 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe

2010-08-14 19:20 . 2010-08-14 19:20 -------- d-----w- c:\program files\iPod

2010-08-14 19:14 . 2010-08-14 19:14 -------- d-----w- c:\program files\Bonjour

2010-08-14 19:13 . 2010-08-14 19:13 -------- d-----w- c:\program files\Common Files\Java

2010-08-14 19:11 . 2010-08-14 19:11 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-08-06 15:33 . 2010-08-06 15:33 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\msvcp71.dll

2010-08-06 15:33 . 2010-08-06 15:33 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\jmc.dll

2010-08-06 15:33 . 2010-08-06 15:33 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\msvcr71.dll

2010-08-06 15:33 . 2010-08-06 15:33 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-166fba1e-n\decora-sse.dll

2010-08-06 15:33 . 2010-08-06 15:33 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-166fba1e-n\decora-d3d.dll

2010-08-03 18:09 . 2010-08-03 18:09 -------- d-----w- c:\documents and settings\Admin\Application Data\AnvSoft

2010-08-03 18:09 . 2010-08-03 18:09 -------- d-----w- c:\program files\AnvSoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-29 07:11 . 2009-10-04 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-08-24 14:32 . 2009-11-22 01:45 -------- d-----w- c:\program files\Diablo II

2010-08-17 15:03 . 2010-03-07 05:47 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc

2010-08-14 19:21 . 2010-05-26 22:04 -------- d-----w- c:\program files\iTunes

2010-08-14 19:20 . 2010-01-15 01:34 -------- d-----w- c:\program files\Common Files\Apple

2010-08-14 19:12 . 2009-10-04 12:11 -------- d-----w- c:\program files\Java

2010-08-14 09:07 . 2009-06-23 03:51 -------- d-----w- c:\program files\Microsoft Works

2010-08-14 08:52 . 2009-06-23 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-17 11:00 . 2010-05-26 21:56 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-07 16:39 . 2010-07-07 16:39 139752 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-07-07 15:44 . 2010-03-26 02:50 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-30 12:31 . 2009-05-20 19:07 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2009-05-20 19:07 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2009-05-20 19:07 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 01:39 . 2010-06-23 01:39 50354 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\uninstall.exe

2010-06-21 15:27 . 2009-05-20 19:07 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2009-05-20 19:07 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2009-05-20 19:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2009-05-20 19:07 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 17:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]

@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"

[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]

2009-11-07 07:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]

@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"

[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]

2009-11-07 07:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-08 397312]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]

"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]

"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-08 3054136]

"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-13 2048352]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"ASUS VIBE"="c:\program files\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"9B75C3"="c:\windows\system32\5F7F8F\005C29.EXE" [2010-08-18 1242081]

c:\documents and settings\Admin\Start Menu\Programs\Startup\

44AED5.lnk - c:\windows\system32\5F7F8F\005C29.EXE [2010-8-18 1242081]

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-11-21 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-22 376832]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]

HPAiODevice(hp officejet 7100 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2003-6-24 495682]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-10-04 11:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [14/08/2010 1:28 PM 11448]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/10/2009 5:28 AM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/10/2009 5:28 AM 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [04/10/2009 5:27 AM 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/10/2009 5:27 AM 297752]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/06/2009 1:26 AM 38912]

R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01/06/2009 1:26 AM 39040]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/10/2009 3:46 AM 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/06/2009 9:49 PM 1684736]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [21/06/2010 1:37 AM 11520]

.

Contents of the 'Scheduled Tasks' folder

2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 09:46]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 09:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

uInternet Settings,ProxyOverride = *.local

IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll

FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4qt8msvl.default\

FF - prefs.js: browser.startup.homepage - www.google.ca

FF - plugin: c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-29 10:30

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3392)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\ASUS\Eee Storage\XPClient.dll

c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll

c:\program files\ASUS\Eee Storage\EcaremeDLL.dll

c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll

c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\IEFRAME.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\igfxext.exe

c:\program files\iPod\bin\iPodService.exe

c:\progra~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe

c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

c:\program files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe

c:\windows\system32\scrnsave.scr

.

**************************************************************************

.

Completion time: 2010-08-29 10:36:26 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-29 16:36

Pre-Run: 15,772,811,264 bytes free

Post-Run: 15,950,458,880 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - DFFC51F746F218AC8991870F50721235

Link to post
Share on other sites

*I Have a few HD's and SD cards that I may have used since I was infected. Is there a way to check if they are safe?

Scan them with MBAM

--------------------------------------------

Please do this:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::

c:\windows\system32\95874B

c:\windows\system32\4E8B89

c:\windows\system32\4699C3

c:\windows\system32\5F7F8F

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"9B75C3"=-

DDS::

uInternet Settings,ProxyOverride = *.local

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

Hi sorry for the slow response the internet went down for a good 10 hours yesterday.

I will scan the other drives when you give me the go ahead.

Here is the latest scan log per your directions:

ComboFix 10-08-28.02 - Admin 30/08/2010 11:24:33.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1287 [GMT -6:00]

Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\Admin\LOCALS~1\Temp\E_N4

c:\docume~1\Admin\LOCALS~1\Temp\E_N4\dp1.fne

c:\docume~1\Admin\LOCALS~1\Temp\E_N4\eAPI.fne

c:\docume~1\Admin\LOCALS~1\Temp\E_N4\HtmlView.fne

c:\docume~1\Admin\LOCALS~1\Temp\E_N4\krnln.fnr

c:\windows\system32\4699C3

c:\windows\system32\4699C3\85cbac.txt

c:\windows\system32\4699C3\89083f.txt

c:\windows\system32\4699C3\9f98fe.txt

c:\windows\system32\4E8B89

c:\windows\system32\4E8B89\5706e424.txt

c:\windows\system32\5F7F8F

c:\windows\system32\5F7F8F\005C29.EXE

c:\windows\system32\95874B

c:\windows\system32\95874B\dp1.fne

c:\windows\system32\95874B\eAPI.fne

c:\windows\system32\95874B\krnln.fnr

c:\windows\system32\95874B\wi4699c.exe

c:\windows\system32\95874B\WV8E6052.EXE

G:\autorun.inf

.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))

.

2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes

2010-08-28 21:26 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-28 21:26 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-14 19:28 . 2009-07-06 16:48 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys

2010-08-14 19:22 . 2010-08-14 19:22 -------- d-----w- c:\program files\Safari

2010-08-14 19:21 . 2010-08-14 19:21 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe

2010-08-14 19:20 . 2010-08-14 19:20 -------- d-----w- c:\program files\iPod

2010-08-14 19:14 . 2010-08-14 19:14 -------- d-----w- c:\program files\Bonjour

2010-08-14 19:13 . 2010-08-14 19:13 -------- d-----w- c:\program files\Common Files\Java

2010-08-14 19:11 . 2010-08-14 19:11 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-08-06 15:33 . 2010-08-06 15:33 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\msvcp71.dll

2010-08-06 15:33 . 2010-08-06 15:33 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\jmc.dll

2010-08-06 15:33 . 2010-08-06 15:33 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\msvcr71.dll

2010-08-06 15:33 . 2010-08-06 15:33 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-166fba1e-n\decora-sse.dll

2010-08-06 15:33 . 2010-08-06 15:33 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-166fba1e-n\decora-d3d.dll

2010-08-03 18:09 . 2010-08-03 18:09 -------- d-----w- c:\documents and settings\Admin\Application Data\AnvSoft

2010-08-03 18:09 . 2010-08-03 18:09 -------- d-----w- c:\program files\AnvSoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-29 18:00 . 2009-10-04 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-08-24 14:32 . 2009-11-22 01:45 -------- d-----w- c:\program files\Diablo II

2010-08-17 15:03 . 2010-03-07 05:47 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc

2010-08-14 19:21 . 2010-05-26 22:04 -------- d-----w- c:\program files\iTunes

2010-08-14 19:20 . 2010-01-15 01:34 -------- d-----w- c:\program files\Common Files\Apple

2010-08-14 19:12 . 2009-10-04 12:11 -------- d-----w- c:\program files\Java

2010-08-14 09:07 . 2009-06-23 03:51 -------- d-----w- c:\program files\Microsoft Works

2010-08-14 08:52 . 2009-06-23 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-17 11:00 . 2010-05-26 21:56 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-07 16:39 . 2010-07-07 16:39 139752 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-07-07 15:44 . 2010-03-26 02:50 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-30 12:31 . 2009-05-20 19:07 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2009-05-20 19:07 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2009-05-20 19:07 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 01:39 . 2010-06-23 01:39 50354 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\uninstall.exe

2010-06-21 15:27 . 2009-05-20 19:07 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2009-05-20 19:07 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2009-05-20 19:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2009-05-20 19:07 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-08-29_16.30.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-05-20 19:07 . 2010-08-29 16:34 68062 c:\windows\system32\perfc009.dat

- 2009-05-20 19:07 . 2010-08-29 09:29 68062 c:\windows\system32\perfc009.dat

+ 2009-05-20 19:07 . 2010-08-29 16:34 433256 c:\windows\system32\perfh009.dat

- 2009-05-20 19:07 . 2010-08-29 09:29 433256 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 17:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]

@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"

[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]

2009-11-07 07:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]

@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"

[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]

2009-11-07 07:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-08 397312]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]

"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]

"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-08 3054136]

"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-13 2048352]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"ASUS VIBE"="c:\program files\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-22 376832]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]

HPAiODevice(hp officejet 7100 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2003-6-24 495682]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-10-04 11:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [14/08/2010 1:28 PM 11448]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/10/2009 5:28 AM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/10/2009 5:28 AM 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [04/10/2009 5:27 AM 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/10/2009 5:27 AM 297752]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/06/2009 1:26 AM 38912]

R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01/06/2009 1:26 AM 39040]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/10/2009 3:46 AM 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/06/2009 9:49 PM 1684736]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [21/06/2010 1:37 AM 11520]

.

Contents of the 'Scheduled Tasks' folder

2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 09:46]

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 09:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll

FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4qt8msvl.default\

FF - prefs.js: browser.startup.homepage - www.google.ca

FF - plugin: c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-30 11:30

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)

c:\windows\system32\igfxdev.dll

.

Completion time: 2010-08-30 11:33:21

ComboFix-quarantined-files.txt 2010-08-30 17:33

ComboFix2.txt 2010-08-29 16:36

Pre-Run: 15,967,293,440 bytes free

Post-Run: 15,943,942,144 bytes free

- - End Of File - - 4A2BBBA39B7CCA969E9AEE4017F7E3FD

Link to post
Share on other sites

This is the new log from the updated Combofix:

ComboFix 10-08-30.02 - Admin 31/08/2010 9:00.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1299 [GMT -6:00]

Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-31 )))))))))))))))))))))))))))))))

.

2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes

2010-08-28 21:26 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-28 21:26 . 2010-08-28 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-28 21:26 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-14 19:28 . 2009-07-06 16:48 11448 ----a-w- c:\windows\system32\drivers\AsUpIO.sys

2010-08-14 19:22 . 2010-08-14 19:22 -------- d-----w- c:\program files\Safari

2010-08-14 19:21 . 2010-08-14 19:21 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe

2010-08-14 19:20 . 2010-08-14 19:20 -------- d-----w- c:\program files\iPod

2010-08-14 19:14 . 2010-08-14 19:14 -------- d-----w- c:\program files\Bonjour

2010-08-14 19:13 . 2010-08-14 19:13 -------- d-----w- c:\program files\Common Files\Java

2010-08-14 19:11 . 2010-08-14 19:11 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe

2010-08-06 15:33 . 2010-08-06 15:33 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\msvcp71.dll

2010-08-06 15:33 . 2010-08-06 15:33 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\jmc.dll

2010-08-06 15:33 . 2010-08-06 15:33 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1767f7aa-n\msvcr71.dll

2010-08-06 15:33 . 2010-08-06 15:33 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-166fba1e-n\decora-sse.dll

2010-08-06 15:33 . 2010-08-06 15:33 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-166fba1e-n\decora-d3d.dll

2010-08-03 18:09 . 2010-08-03 18:09 -------- d-----w- c:\documents and settings\Admin\Application Data\AnvSoft

2010-08-03 18:09 . 2010-08-03 18:09 -------- d-----w- c:\program files\AnvSoft

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-29 18:00 . 2009-10-04 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-08-24 14:32 . 2009-11-22 01:45 -------- d-----w- c:\program files\Diablo II

2010-08-17 15:03 . 2010-03-07 05:47 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc

2010-08-14 19:21 . 2010-05-26 22:04 -------- d-----w- c:\program files\iTunes

2010-08-14 19:20 . 2010-01-15 01:34 -------- d-----w- c:\program files\Common Files\Apple

2010-08-14 19:12 . 2009-10-04 12:11 -------- d-----w- c:\program files\Java

2010-08-14 09:07 . 2009-06-23 03:51 -------- d-----w- c:\program files\Microsoft Works

2010-08-14 08:52 . 2009-06-23 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-07-17 11:00 . 2010-05-26 21:56 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-07 16:39 . 2010-07-07 16:39 139752 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2010-07-07 15:44 . 2010-03-26 02:50 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-06-30 12:31 . 2009-05-20 19:07 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2009-05-20 19:07 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 13:44 . 2009-05-20 19:07 1851904 ----a-w- c:\windows\system32\win32k.sys

2010-06-23 01:39 . 2010-06-23 01:39 50354 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\uninstall.exe

2010-06-21 15:27 . 2009-05-20 19:07 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2009-05-20 19:07 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2009-05-20 19:17 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2009-05-20 19:07 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-08-29_16.30.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-05-20 19:07 . 2010-08-29 16:34 68062 c:\windows\system32\perfc009.dat

- 2009-05-20 19:07 . 2010-08-29 09:29 68062 c:\windows\system32\perfc009.dat

+ 2009-05-20 19:07 . 2010-08-29 16:34 433256 c:\windows\system32\perfh009.dat

- 2009-05-20 19:07 . 2010-08-29 09:29 433256 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 17:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]

@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"

[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]

2009-11-07 07:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]

@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"

[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]

2009-11-07 07:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-06-08 397312]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-04-17 630784]

"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-03-13 98304]

"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-04-17 118784]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-06 1434920]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-03-06 79144]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-07-08 3054136]

"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-13 2048352]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"ASUS VIBE"="c:\program files\ASUS\ASUS VIBE\ASUS VIBE.exe" [2010-03-02 102400]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-6-22 376832]

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]

HPAiODevice(hp officejet 7100 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe [2003-6-24 495682]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-10-04 11:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-07-26 23:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=

"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [14/08/2010 1:28 PM 11448]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/10/2009 5:28 AM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/10/2009 5:28 AM 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [04/10/2009 5:27 AM 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/10/2009 5:27 AM 297752]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01/06/2009 1:26 AM 38912]

R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01/06/2009 1:26 AM 39040]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24/10/2009 3:46 AM 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/06/2009 9:49 PM 1684736]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [21/06/2010 1:37 AM 11520]

.

Contents of the 'Scheduled Tasks' folder

2010-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 09:46]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-24 09:46]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.ca/

IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll

FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\4qt8msvl.default\

FF - prefs.js: browser.startup.homepage - www.google.ca

FF - plugin: c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-31 09:04

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\docume~1\Admin\LOCALS~1\Temp\Perflib_Perfdata_ae0.dat 16384 bytes

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)

c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(2016)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\program files\ASUS\Eee Storage\XPClient.dll

c:\program files\ASUS\Eee Storage\LogicNP.EZShellExtensions.dll

c:\program files\ASUS\Eee Storage\EcaremeDLL.dll

c:\windows\assembly\GAC_MSIL\SqliteShared\1.0.3390.31024__0d0f4b69e50e559b\SqliteShared.dll

c:\windows\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll

c:\windows\system32\btmmhook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-08-31 09:07:09

ComboFix-quarantined-files.txt 2010-08-31 15:07

ComboFix2.txt 2010-08-30 17:33

ComboFix3.txt 2010-08-29 16:36

Pre-Run: 15,929,176,064 bytes free

Post-Run: 15,905,230,848 bytes free

- - End Of File - - 6E5F73BF78922853095E42FEC08C1711

Link to post
Share on other sites

Thanks It said no threats found!

Is there anyway to stop all auto-run files on usb drives/hard drives as i belive that is how I got infected. Also is it safe to connect the old usb drives and scan them with MBAM? Also Is there any programs I should use other then AVG, MBAM and SpyBot? I'm guessing a firewall is in order.

Any help on keeping my computer secure would be much appreciated. Also I noticed that under add remove programs that there is acrobat 10 and 8.0 should I remove the old version?

Can I re-enable AVG now?

Thanks.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4514

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

31/08/2010 10:08:36 AM

mbam-log-2010-08-31 (10-08-36).txt

Scan type: Quick scan

Objects scanned: 129771

Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Is there anyway to stop all auto-run files on usb drives/hard drives as i belive that is how I got infected.

ComboFix should have already disable it.

Also is it safe to connect the old usb drives and scan them with MBAM?

Yes

Also Is there any programs I should use other then AVG, MBAM and SpyBot? I'm guessing a firewall is in order.

Let see what you have first:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Any help on keeping my computer secure would be much appreciated.

I'll give you some info on that

Also I noticed that under add remove programs that there is acrobat 10 and 8.0 should I remove the old version?

Yes

Can I re-enable AVG now?
Yes
Link to post
Share on other sites

I think I have been infected again by this drive.

AVG LOG

4.10.2009 05:28:23.718 [ec0] AVG for E-mail [8.5.401] started

4.10.2009 05:28:23.796 [ec0] Registered in WatchDog

4.10.2009 05:28:23.796 [ec0] EMC changed state :@EMC_Init_Short

4.10.2009 05:28:29.703 [ec0] Using AVG Kernel: 8.5.409 [270.14.3/2412]

4.10.2009 05:28:29 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

4.10.2009 05:28:30 Using Cyrus SASL 2.1.13

4.10.2009 05:28:30 Starting the main loop

4.10.2009 05:28:30 Redirector version 80000

4.10.2009 05:28:30 EMC changed state :@EMC_Init_Short

4.10.2009 05:28:30 EMC changed state :@EMC_Not_Fully_Functional_Short

4.10.2009 05:28:30 AutoPOP3(10110): Starting server

4.10.2009 05:28:30 Queue processing started

4.10.2009 05:28:30 EMC changed state :@EMC_Running_Short

4.10.2009 05:51:21 EMC changed state :@EMC_Stopping_Short

4.10.2009 05:51:22 End of program

4.10.2009 05:51:22 AVG for E-mail ended

4.10.2009 05:52:22.328 [8c] AVG for E-mail [8.5.401] started

4.10.2009 05:52:22.718 [8c] Registered in WatchDog

4.10.2009 05:52:22.718 [8c] EMC changed state :@EMC_Init_Short

4.10.2009 05:52:38.625 [8c] Using AVG Kernel: 8.5.409 [270.14.3/2412]

4.10.2009 05:52:38 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

4.10.2009 05:52:39 Using Cyrus SASL 2.1.13

4.10.2009 05:52:40 Starting the main loop

4.10.2009 05:52:40 Redirector version 80000

4.10.2009 05:52:40 EMC changed state :@EMC_Init_Short

4.10.2009 05:52:40 EMC changed state :@EMC_Not_Fully_Functional_Short

4.10.2009 05:52:40 AutoPOP3(10110): Starting server

4.10.2009 05:52:40 Queue processing started

4.10.2009 05:52:40 EMC changed state :@EMC_Running_Short

4.10.2009 05:54:04 EMC changed state :@EMC_Stopping_Short

4.10.2009 05:54:05 End of program

4.10.2009 05:54:05 AVG for E-mail ended

4.10.2009 05:58:56.093 [1c4] AVG for E-mail [8.5.401] started

4.10.2009 05:58:56.656 [1c4] Registered in WatchDog

4.10.2009 05:58:57.734 [1c4] EMC changed state :@EMC_Init_Short

4.10.2009 05:59:03.718 [1c4] Using AVG Kernel: 8.5.409 [270.14.3/2412]

4.10.2009 05:59:03 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

4.10.2009 05:59:04 Using Cyrus SASL 2.1.13

4.10.2009 05:59:05 Starting the main loop

4.10.2009 05:59:05 Redirector version 80000

4.10.2009 05:59:05 EMC changed state :@EMC_Init_Short

4.10.2009 05:59:05 EMC changed state :@EMC_Not_Fully_Functional_Short

4.10.2009 05:59:05 Queue processing started

4.10.2009 05:59:05 AutoPOP3(10110): Starting server

4.10.2009 05:59:05 EMC changed state :@EMC_Running_Short

4.10.2009 06:41:56 EMC changed state :@EMC_Stopping_Short

4.10.2009 06:41:57 End of program

4.10.2009 06:41:57 AVG for E-mail ended

4.10.2009 06:42:58.593 [368] AVG for E-mail [8.5.401] started

4.10.2009 06:42:59.062 [368] Registered in WatchDog

4.10.2009 06:42:59.109 [368] EMC changed state :@EMC_Init_Short

4.10.2009 06:43:10.406 [368] Using AVG Kernel: 8.5.409 [270.14.3/2412]

4.10.2009 06:43:10 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

4.10.2009 06:43:11 Using Cyrus SASL 2.1.13

4.10.2009 06:43:12 Starting the main loop

4.10.2009 06:43:12 Redirector version 80000

4.10.2009 06:43:12 EMC changed state :@EMC_Init_Short

4.10.2009 06:43:12 EMC changed state :@EMC_Not_Fully_Functional_Short

4.10.2009 06:43:12 AutoPOP3(10110): Starting server

4.10.2009 06:43:12 Queue processing started

4.10.2009 06:43:12 EMC changed state :@EMC_Running_Short

4.10.2009 11:10:03 EMC changed state :@EMC_Stopping_Short

4.10.2009 11:10:05 End of program

4.10.2009 11:10:05 AVG for E-mail ended

4.10.2009 11:10:11.000 [914] AVG for E-mail [8.5.401] started

4.10.2009 11:10:12.234 [914] Registered in WatchDog

4.10.2009 11:10:12.250 [914] EMC changed state :@EMC_Init_Short

4.10.2009 11:10:20.343 [914] Using AVG Kernel: 8.5.409 [270.14.3/2413]

4.10.2009 11:10:20 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

4.10.2009 11:10:20 Using Cyrus SASL 2.1.13

4.10.2009 11:10:20 Starting the main loop

4.10.2009 11:10:20 Redirector version 80000

4.10.2009 11:10:20 EMC changed state :@EMC_Init_Short

4.10.2009 11:10:20 EMC changed state :@EMC_Not_Fully_Functional_Short

4.10.2009 11:10:20 Queue processing started

4.10.2009 11:10:20 AutoPOP3(10110): Starting server

4.10.2009 11:10:20 EMC changed state :@EMC_Running_Short

5.10.2009 00:58:03 EMC changed state :@EMC_Stopping_Short

5.10.2009 00:58:05 End of program

5.10.2009 00:58:05 AVG for E-mail ended

5.10.2009 23:31:36.406 [254] AVG for E-mail [8.5.401] started

5.10.2009 23:31:36.796 [254] Registered in WatchDog

5.10.2009 23:31:36.828 [254] EMC changed state :@EMC_Init_Short

5.10.2009 23:31:52.921 [254] Using AVG Kernel: 8.5.420 [270.14.3/2414]

5.10.2009 23:31:58 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

5.10.2009 23:31:59 Using Cyrus SASL 2.1.13

5.10.2009 23:32:01 Starting the main loop

5.10.2009 23:32:01 Redirector version 80000

5.10.2009 23:32:01 EMC changed state :@EMC_Init_Short

5.10.2009 23:32:01 EMC changed state :@EMC_Not_Fully_Functional_Short

5.10.2009 23:32:02 AutoPOP3(10110): Starting server

5.10.2009 23:32:02 Queue processing started

5.10.2009 23:32:02 EMC changed state :@EMC_Running_Short

6.10.2009 19:47:37 EMC changed state :@EMC_Stopping_Short

6.10.2009 19:47:43 End of program

6.10.2009 19:47:43 AVG for E-mail ended

6.10.2009 19:48:48.078 [3c4] AVG for E-mail [8.5.401] started

6.10.2009 19:48:52.640 [3c4] Registered in WatchDog

6.10.2009 19:48:53.671 [3c4] EMC changed state :@EMC_Init_Short

6.10.2009 19:49:30.562 [3c4] Using AVG Kernel: 8.5.420 [270.14.4/2416]

6.10.2009 19:49:32 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

6.10.2009 19:49:38 Using Cyrus SASL 2.1.13

6.10.2009 19:49:44 Starting the main loop

6.10.2009 19:49:44 Redirector version 80000

6.10.2009 19:49:44 EMC changed state :@EMC_Init_Short

6.10.2009 19:49:44 EMC changed state :@EMC_Not_Fully_Functional_Short

6.10.2009 19:49:44 AutoPOP3(10110): Starting server

6.10.2009 19:49:44 Queue processing started

6.10.2009 19:49:44 EMC changed state :@EMC_Running_Short

6.10.2009 23:37:22 EMC changed state :@EMC_Stopping_Short

6.10.2009 23:37:24 End of program

6.10.2009 23:37:24 AVG for E-mail ended

7.10.2009 21:49:42.203 [3b4] AVG for E-mail [8.5.401] started

7.10.2009 21:49:42.281 [3b4] Registered in WatchDog

7.10.2009 21:49:42.281 [3b4] EMC changed state :@EMC_Init_Short

7.10.2009 21:49:47.796 [3b4] Using AVG Kernel: 8.5.420 [270.14.5/2418]

7.10.2009 21:49:47 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

7.10.2009 21:49:48 Using Cyrus SASL 2.1.13

7.10.2009 21:49:50 Starting the main loop

7.10.2009 21:49:50 Redirector version 80000

7.10.2009 21:49:50 EMC changed state :@EMC_Init_Short

7.10.2009 21:49:50 EMC changed state :@EMC_Not_Fully_Functional_Short

7.10.2009 21:49:50 AutoPOP3(10110): Starting server

7.10.2009 21:49:50 Queue processing started

7.10.2009 21:49:50 EMC changed state :@EMC_Running_Short

8.10.2009 00:46:10 EMC changed state :@EMC_Stopping_Short

8.10.2009 00:46:15 End of program

8.10.2009 00:46:15 AVG for E-mail ended

8.10.2009 00:47:18.703 [438] AVG for E-mail [8.5.401] started

8.10.2009 00:47:19.265 [438] Registered in WatchDog

8.10.2009 00:47:19.328 [438] EMC changed state :@EMC_Init_Short

8.10.2009 00:47:25.093 [438] Using AVG Kernel: 8.5.421 [270.14.7/2421]

8.10.2009 00:47:25 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

8.10.2009 00:47:26 Using Cyrus SASL 2.1.13

8.10.2009 00:47:27 Starting the main loop

8.10.2009 00:47:27 Redirector version 80000

8.10.2009 00:47:27 EMC changed state :@EMC_Init_Short

8.10.2009 00:47:27 EMC changed state :@EMC_Not_Fully_Functional_Short

8.10.2009 00:47:27 AutoPOP3(10110): Starting server

8.10.2009 00:47:27 Queue processing started

8.10.2009 00:47:28 EMC changed state :@EMC_Running_Short

8.10.2009 08:11:44 EMC changed state :@EMC_Stopping_Short

8.10.2009 08:11:46 End of program

8.10.2009 08:11:46 AVG for E-mail ended

8.10.2009 18:29:20.531 [3b8] AVG for E-mail [8.5.401] started

8.10.2009 18:29:21.375 [3b8] Registered in WatchDog

8.10.2009 18:29:21.437 [3b8] EMC changed state :@EMC_Init_Short

8.10.2009 18:29:29.984 [3b8] Using AVG Kernel: 8.5.421 [270.14.7/2421]

8.10.2009 18:29:30 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

8.10.2009 18:29:31 Using Cyrus SASL 2.1.13

8.10.2009 18:29:34 Starting the main loop

8.10.2009 18:29:34 Redirector version 80000

8.10.2009 18:29:34 EMC changed state :@EMC_Init_Short

8.10.2009 18:29:34 EMC changed state :@EMC_Not_Fully_Functional_Short

8.10.2009 18:29:34 AutoPOP3(10110): Starting server

8.10.2009 18:29:34 Queue processing started

8.10.2009 18:29:34 EMC changed state :@EMC_Running_Short

12.10.2009 19:47:23.343 [458] AVG for E-mail [8.5.401] started

12.10.2009 19:47:23.390 [458] Registered in WatchDog

12.10.2009 19:47:23.390 [458] EMC changed state :@EMC_Init_Short

12.10.2009 19:47:29.515 [458] Using AVG Kernel: 8.5.421 [270.14.9/2428]

12.10.2009 19:47:29 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

12.10.2009 19:47:30 Using Cyrus SASL 2.1.13

12.10.2009 19:47:31 Starting the main loop

12.10.2009 19:47:31 Redirector version 80000

12.10.2009 19:47:31 EMC changed state :@EMC_Init_Short

12.10.2009 19:47:31 EMC changed state :@EMC_Not_Fully_Functional_Short

12.10.2009 19:47:31 AutoPOP3(10110): Starting server

12.10.2009 19:47:31 Queue processing started

12.10.2009 19:47:31 EMC changed state :@EMC_Running_Short

15.10.2009 23:02:23 EMC changed state :@EMC_Stopping_Short

15.10.2009 23:02:27 End of program

15.10.2009 23:02:27 AVG for E-mail ended

15.10.2009 23:03:36.421 [4d4] AVG for E-mail [8.5.401] started

15.10.2009 23:03:36.593 [4d4] Registered in WatchDog

15.10.2009 23:03:36.593 [4d4] EMC changed state :@EMC_Init_Short

15.10.2009 23:03:53.406 [4d4] Using AVG Kernel: 8.5.421 [270.14.16/2435]

15.10.2009 23:03:55 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

15.10.2009 23:04:02 Using Cyrus SASL 2.1.13

15.10.2009 23:04:04 Starting the main loop

15.10.2009 23:04:04 Redirector version 80000

15.10.2009 23:04:04 EMC changed state :@EMC_Init_Short

15.10.2009 23:04:04 EMC changed state :@EMC_Not_Fully_Functional_Short

15.10.2009 23:04:04 AutoPOP3(10110): Starting server

15.10.2009 23:04:04 Queue processing started

15.10.2009 23:04:04 EMC changed state :@EMC_Running_Short

20.10.2009 14:51:17 EMC changed state :@EMC_Stopping_Short

20.10.2009 14:51:21 End of program

20.10.2009 14:51:21 AVG for E-mail ended

20.10.2009 14:51:33.578 [bf0] AVG for E-mail [8.5.401] started

20.10.2009 14:51:33.609 [bf0] Registered in WatchDog

20.10.2009 14:51:33.609 [bf0] EMC changed state :@EMC_Init_Short

20.10.2009 14:51:37.046 [bf0] Using AVG Kernel: 8.5.422 [270.14.24/2449]

20.10.2009 14:51:37 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

20.10.2009 14:51:37 Using Cyrus SASL 2.1.13

20.10.2009 14:51:38 Starting the main loop

20.10.2009 14:51:38 Redirector version 80000

20.10.2009 14:51:38 EMC changed state :@EMC_Init_Short

20.10.2009 14:51:38 EMC changed state :@EMC_Not_Fully_Functional_Short

20.10.2009 14:51:38 AutoPOP3(10110): Starting server

20.10.2009 14:51:38 Queue processing started

20.10.2009 14:51:38 EMC changed state :@EMC_Running_Short

24.10.2009 16:32:05.953 [628] AVG for E-mail [8.5.401] started

24.10.2009 16:32:06.468 [628] Registered in WatchDog

24.10.2009 16:32:06.500 [628] EMC changed state :@EMC_Init_Short

24.10.2009 16:32:20.546 [628] Using AVG Kernel: 8.5.423 [270.14.31/2457]

24.10.2009 16:32:21 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

24.10.2009 16:32:22 Using Cyrus SASL 2.1.13

24.10.2009 16:32:25 Starting the main loop

24.10.2009 16:32:25 Redirector version 80000

24.10.2009 16:32:25 EMC changed state :@EMC_Init_Short

24.10.2009 16:32:25 EMC changed state :@EMC_Not_Fully_Functional_Short

24.10.2009 16:32:25 AutoPOP3(10110): Starting server

24.10.2009 16:32:25 Queue processing started

24.10.2009 16:32:25 EMC changed state :@EMC_Running_Short

28.10.2009 20:49:47.359 [65c] AVG for E-mail [8.5.401] started

28.10.2009 20:49:47.640 [65c] Registered in WatchDog

28.10.2009 20:49:47.640 [65c] EMC changed state :@EMC_Init_Short

28.10.2009 20:50:01.390 [65c] Using AVG Kernel: 8.5.423 [270.14.37/2466]

28.10.2009 20:50:02 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

28.10.2009 20:50:04 Using Cyrus SASL 2.1.13

28.10.2009 20:50:07 Starting the main loop

28.10.2009 20:50:07 Redirector version 80000

28.10.2009 20:50:07 EMC changed state :@EMC_Init_Short

28.10.2009 20:50:07 EMC changed state :@EMC_Not_Fully_Functional_Short

28.10.2009 20:50:07 AutoPOP3(10110): Starting server

28.10.2009 20:50:07 Queue processing started

28.10.2009 20:50:07 EMC changed state :@EMC_Running_Short

5.11.2009 21:09:45 EMC changed state :@EMC_Stopping_Short

5.11.2009 21:09:50 End of program

5.11.2009 21:09:50 AVG for E-mail ended

5.11.2009 21:09:57.109 [89c] AVG for E-mail [8.5.401] started

5.11.2009 21:09:57.203 [89c] Registered in WatchDog

5.11.2009 21:09:57.203 [89c] EMC changed state :@EMC_Init_Short

5.11.2009 21:10:05.171 [89c] Using AVG Kernel: 8.5.424 [270.14.52/2483]

5.11.2009 21:10:05 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

5.11.2009 21:10:05 Using Cyrus SASL 2.1.13

5.11.2009 21:10:05 Starting the main loop

5.11.2009 21:10:05 Redirector version 80000

5.11.2009 21:10:05 EMC changed state :@EMC_Init_Short

5.11.2009 21:10:05 EMC changed state :@EMC_Not_Fully_Functional_Short

5.11.2009 21:10:05 AutoPOP3(10110): Starting server

5.11.2009 21:10:05 Queue processing started

5.11.2009 21:10:05 EMC changed state :@EMC_Running_Short

8.11.2009 10:33:38 EMC changed state :@EMC_Stopping_Short

8.11.2009 10:33:39 End of program

8.11.2009 10:33:39 AVG for E-mail ended

8.11.2009 10:34:31.171 [59c] AVG for E-mail [8.5.401] started

8.11.2009 10:34:31.312 [59c] Registered in WatchDog

8.11.2009 10:34:31.312 [59c] EMC changed state :@EMC_Init_Short

8.11.2009 10:34:37.734 [59c] Using AVG Kernel: 8.5.425 [270.14.55/2489]

8.11.2009 10:34:37 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

8.11.2009 10:34:38 Using Cyrus SASL 2.1.13

8.11.2009 10:34:38 Starting the main loop

8.11.2009 10:34:38 Redirector version 80000

8.11.2009 10:34:38 EMC changed state :@EMC_Init_Short

8.11.2009 10:34:38 EMC changed state :@EMC_Not_Fully_Functional_Short

8.11.2009 10:34:40 AutoPOP3(10110): Starting server

8.11.2009 10:34:40 Queue processing started

8.11.2009 10:34:40 EMC changed state :@EMC_Running_Short

14.11.2009 00:43:01 EMC changed state :@EMC_Stopping_Short

14.11.2009 00:43:06 End of program

14.11.2009 00:43:06 AVG for E-mail ended

14.11.2009 00:43:58.171 [508] AVG for E-mail [8.5.401] started

14.11.2009 00:43:58.437 [508] Registered in WatchDog

14.11.2009 00:43:58.453 [508] EMC changed state :@EMC_Init_Short

14.11.2009 00:44:05.328 [508] Using AVG Kernel: 8.5.425 [270.14.64/2501]

14.11.2009 00:44:05 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

14.11.2009 00:44:06 Using Cyrus SASL 2.1.13

14.11.2009 00:44:08 Starting the main loop

14.11.2009 00:44:08 Redirector version 80000

14.11.2009 00:44:08 EMC changed state :@EMC_Init_Short

14.11.2009 00:44:08 EMC changed state :@EMC_Not_Fully_Functional_Short

14.11.2009 00:44:08 AutoPOP3(10110): Starting server

14.11.2009 00:44:08 Queue processing started

14.11.2009 00:44:08 EMC changed state :@EMC_Running_Short

21.11.2009 17:43:07 EMC changed state :@EMC_Stopping_Short

21.11.2009 17:44:20.671 [510] AVG for E-mail [8.5.401] started

21.11.2009 17:44:21.500 [510] Registered in WatchDog

21.11.2009 17:44:21.515 [510] EMC changed state :@EMC_Init_Short

21.11.2009 17:44:34.812 [510] Using AVG Kernel: 8.5.425 [270.14.76/2518]

21.11.2009 17:44:35 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

21.11.2009 17:44:36 Using Cyrus SASL 2.1.13

21.11.2009 17:44:36 Starting the main loop

21.11.2009 17:44:36 Redirector version 80000

21.11.2009 17:44:36 EMC changed state :@EMC_Init_Short

21.11.2009 17:44:36 EMC changed state :@EMC_Not_Fully_Functional_Short

21.11.2009 17:44:36 AutoPOP3(10110): Starting server

21.11.2009 17:44:36 Queue processing started

21.11.2009 17:44:36 EMC changed state :@EMC_Running_Short

25.11.2009 03:16:01 EMC changed state :@EMC_Stopping_Short

25.11.2009 03:16:05 End of program

25.11.2009 03:16:05 AVG for E-mail ended

25.11.2009 03:17:00.328 [650] AVG for E-mail [8.5.401] started

25.11.2009 03:17:00.593 [650] Registered in WatchDog

25.11.2009 03:17:00.609 [650] EMC changed state :@EMC_Init_Short

25.11.2009 03:17:10.812 [650] Using AVG Kernel: 8.5.425 [270.14.81/2524]

25.11.2009 03:17:11 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

25.11.2009 03:17:13 Using Cyrus SASL 2.1.13

25.11.2009 03:17:15 Starting the main loop

25.11.2009 03:17:15 Redirector version 80000

25.11.2009 03:17:15 EMC changed state :@EMC_Init_Short

25.11.2009 03:17:15 EMC changed state :@EMC_Not_Fully_Functional_Short

25.11.2009 03:17:15 Queue processing started

25.11.2009 03:17:15 AutoPOP3(10110): Starting server

25.11.2009 03:17:15 EMC changed state :@EMC_Running_Short

25.11.2009 22:31:14 EMC changed state :@EMC_Stopping_Short

25.11.2009 22:31:16 End of program

25.11.2009 22:31:16 AVG for E-mail ended

25.11.2009 22:31:22.750 [f90] AVG for E-mail [8.5.401] started

25.11.2009 22:31:24.250 [f90] Registered in WatchDog

25.11.2009 22:31:24.343 [f90] EMC changed state :@EMC_Init_Short

25.11.2009 22:31:27.687 [f90] Using AVG Kernel: 8.5.425 [270.14.83/2526]

25.11.2009 22:31:27 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

25.11.2009 22:31:28 Using Cyrus SASL 2.1.13

25.11.2009 22:31:28 Starting the main loop

25.11.2009 22:31:28 Redirector version 80000

25.11.2009 22:31:28 EMC changed state :@EMC_Init_Short

25.11.2009 22:31:28 EMC changed state :@EMC_Not_Fully_Functional_Short

25.11.2009 22:31:28 AutoPOP3(10110): Starting server

25.11.2009 22:31:28 Queue processing started

25.11.2009 22:31:28 EMC changed state :@EMC_Running_Short

10.12.2009 21:36:04 EMC changed state :@EMC_Stopping_Short

10.12.2009 21:36:09 End of program

10.12.2009 21:36:09 AVG for E-mail ended

10.12.2009 21:37:15.250 [690] AVG for E-mail [8.5.401] started

10.12.2009 21:37:16.406 [690] Registered in WatchDog

10.12.2009 21:37:16.421 [690] EMC changed state :@EMC_Init_Short

10.12.2009 21:37:35.140 [690] Using AVG Kernel: 8.5.426 [270.14.102/2556]

10.12.2009 21:37:36 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

10.12.2009 21:37:42 Using Cyrus SASL 2.1.13

10.12.2009 21:37:46 Starting the main loop

10.12.2009 21:37:46 Redirector version 80000

10.12.2009 21:37:46 EMC changed state :@EMC_Init_Short

10.12.2009 21:37:46 EMC changed state :@EMC_Not_Fully_Functional_Short

10.12.2009 21:37:47 AutoPOP3(10110): Starting server

10.12.2009 21:37:47 Queue processing started

10.12.2009 21:37:48 EMC changed state :@EMC_Running_Short

11.12.2009 19:37:26 EMC changed state :@EMC_Stopping_Short

11.12.2009 19:37:28 End of program

11.12.2009 19:37:28 AVG for E-mail ended

11.12.2009 19:37:38.156 [f04] AVG for E-mail [8.5.401] started

11.12.2009 19:37:38.703 [f04] Registered in WatchDog

11.12.2009 19:37:38.781 [f04] EMC changed state :@EMC_Init_Short

11.12.2009 19:37:46.375 [f04] Using AVG Kernel: 8.5.426 [270.14.104/2559]

11.12.2009 19:37:46 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

11.12.2009 19:37:46 Using Cyrus SASL 2.1.13

11.12.2009 19:37:46 Starting the main loop

11.12.2009 19:37:46 Redirector version 80000

11.12.2009 19:37:46 EMC changed state :@EMC_Init_Short

11.12.2009 19:37:46 EMC changed state :@EMC_Not_Fully_Functional_Short

11.12.2009 19:37:46 AutoPOP3(10110): Starting server

11.12.2009 19:37:46 Queue processing started

11.12.2009 19:37:46 EMC changed state :@EMC_Running_Short

21.12.2009 21:27:49 EMC changed state :@EMC_Stopping_Short

21.12.2009 21:27:53 End of program

21.12.2009 21:27:53 AVG for E-mail ended

21.12.2009 21:28:09.109 [8e4] AVG for E-mail [8.5.401] started

21.12.2009 21:28:10.546 [8e4] Registered in WatchDog

21.12.2009 21:28:10.578 [8e4] EMC changed state :@EMC_Init_Short

21.12.2009 21:28:14.656 [8e4] Using AVG Kernel: 8.5.427 [270.14.116/2580]

21.12.2009 21:28:14 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

21.12.2009 21:28:15 Using Cyrus SASL 2.1.13

21.12.2009 21:28:15 Starting the main loop

21.12.2009 21:28:15 Redirector version 80000

21.12.2009 21:28:15 EMC changed state :@EMC_Init_Short

21.12.2009 21:28:15 EMC changed state :@EMC_Not_Fully_Functional_Short

21.12.2009 21:28:15 AutoPOP3(10110): Starting server

21.12.2009 21:28:15 Queue processing started

21.12.2009 21:28:15 EMC changed state :@EMC_Running_Short

28.12.2009 11:45:46 EMC changed state :@EMC_Stopping_Short

28.12.2009 11:45:47 End of program

28.12.2009 11:45:47 AVG for E-mail ended

28.12.2009 11:45:55.484 [1b4] AVG for E-mail [8.5.401] started

28.12.2009 11:45:56.953 [1b4] Registered in WatchDog

28.12.2009 11:45:56.984 [1b4] EMC changed state :@EMC_Init_Short

28.12.2009 11:46:00.562 [1b4] Using AVG Kernel: 8.5.430 [270.14.122/2590]

28.12.2009 11:46:00 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

28.12.2009 11:46:01 Using Cyrus SASL 2.1.13

28.12.2009 11:46:01 Starting the main loop

28.12.2009 11:46:01 Redirector version 80000

28.12.2009 11:46:01 EMC changed state :@EMC_Init_Short

28.12.2009 11:46:01 EMC changed state :@EMC_Not_Fully_Functional_Short

28.12.2009 11:46:01 AutoPOP3(10110): Starting server

28.12.2009 11:46:01 Queue processing started

28.12.2009 11:46:01 EMC changed state :@EMC_Running_Short

4.1.2010 19:06:25 EMC changed state :@EMC_Stopping_Short

4.1.2010 19:06:29 End of program

4.1.2010 19:06:29 AVG for E-mail ended

4.1.2010 19:06:41.109 [9fc] AVG for E-mail [8.5.401] started

4.1.2010 19:06:43.093 [9fc] Registered in WatchDog

4.1.2010 19:06:43.093 [9fc] EMC changed state :@EMC_Init_Short

4.1.2010 19:06:45.578 [9fc] Using AVG Kernel: 8.5.431 [270.14.125/2600]

4.1.2010 19:06:45 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

4.1.2010 19:06:46 Using Cyrus SASL 2.1.13

4.1.2010 19:06:46 Starting the main loop

4.1.2010 19:06:46 Redirector version 80000

4.1.2010 19:06:46 EMC changed state :@EMC_Init_Short

4.1.2010 19:06:46 EMC changed state :@EMC_Not_Fully_Functional_Short

4.1.2010 19:06:46 AutoPOP3(10110): Starting server

4.1.2010 19:06:46 Queue processing started

4.1.2010 19:06:46 EMC changed state :@EMC_Running_Short

13.1.2010 22:54:17 EMC changed state :@EMC_Stopping_Short

13.1.2010 22:54:22 End of program

13.1.2010 22:54:22 AVG for E-mail ended

13.1.2010 22:55:15.578 [440] AVG for E-mail [8.5.401] started

13.1.2010 22:55:16.015 [440] Registered in WatchDog

13.1.2010 22:55:16.031 [440] EMC changed state :@EMC_Init_Short

13.1.2010 22:55:24.453 [440] Using AVG Kernel: 8.5.432 [270.14.138/2618]

13.1.2010 22:55:25 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

13.1.2010 22:55:29 Using Cyrus SASL 2.1.13

13.1.2010 22:55:31 Starting the main loop

13.1.2010 22:55:31 Redirector version 80000

13.1.2010 22:55:31 EMC changed state :@EMC_Init_Short

13.1.2010 22:55:31 EMC changed state :@EMC_Not_Fully_Functional_Short

13.1.2010 22:55:31 AutoPOP3(10110): Starting server

13.1.2010 22:55:31 EMC changed state :@EMC_Running_Short

13.1.2010 22:55:31 Queue processing started

21.1.2010 19:44:58 EMC changed state :@EMC_Stopping_Short

21.1.2010 19:45:01 End of program

21.1.2010 19:45:01 AVG for E-mail ended

21.1.2010 19:45:57.281 [580] AVG for E-mail [8.5.401] started

21.1.2010 19:45:58.140 [580] Registered in WatchDog

21.1.2010 19:45:58.140 [580] EMC changed state :@EMC_Init_Short

21.1.2010 19:46:10.640 [580] Using AVG Kernel: 8.5.432 [271.1.1/2637]

21.1.2010 19:46:11 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

21.1.2010 19:46:14 Using Cyrus SASL 2.1.13

21.1.2010 19:46:16 Starting the main loop

21.1.2010 19:46:16 Redirector version 80000

21.1.2010 19:46:16 EMC changed state :@EMC_Init_Short

21.1.2010 19:46:16 EMC changed state :@EMC_Not_Fully_Functional_Short

21.1.2010 19:46:16 AutoPOP3(10110): Starting server

21.1.2010 19:46:16 Queue processing started

21.1.2010 19:46:16 EMC changed state :@EMC_Running_Short

2.2.2010 20:50:41 EMC changed state :@EMC_Stopping_Short

2.2.2010 20:50:46 End of program

2.2.2010 20:50:46 AVG for E-mail ended

2.2.2010 20:50:55.859 [9d4] AVG for E-mail [8.5.401] started

2.2.2010 20:50:55.937 [9d4] Registered in WatchDog

2.2.2010 20:50:55.937 [9d4] EMC changed state :@EMC_Init_Short

2.2.2010 20:50:57.437 [9d4] Using AVG Kernel: 8.5.432 [271.1.1/2664]

2.2.2010 20:50:57 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

2.2.2010 20:50:57 Using Cyrus SASL 2.1.13

2.2.2010 20:50:57 Starting the main loop

2.2.2010 20:50:57 Redirector version 80000

2.2.2010 20:50:57 EMC changed state :@EMC_Init_Short

2.2.2010 20:50:57 EMC changed state :@EMC_Not_Fully_Functional_Short

2.2.2010 20:50:57 AutoPOP3(10110): Starting server

2.2.2010 20:50:57 Queue processing started

2.2.2010 20:50:57 EMC changed state :@EMC_Running_Short

5.2.2010 19:35:08 EMC changed state :@EMC_Stopping_Short

5.2.2010 19:35:09 End of program

5.2.2010 19:35:09 AVG for E-mail ended

5.2.2010 19:36:03.250 [664] AVG for E-mail [8.5.401] started

5.2.2010 19:36:03.328 [664] Registered in WatchDog

5.2.2010 19:36:03.328 [664] EMC changed state :@EMC_Init_Short

5.2.2010 19:36:19.703 [664] Using AVG Kernel: 8.5.435 [271.1.1/2670]

5.2.2010 19:36:20 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

5.2.2010 19:36:21 Using Cyrus SASL 2.1.13

5.2.2010 19:36:23 Starting the main loop

5.2.2010 19:36:23 Redirector version 80000

5.2.2010 19:36:23 EMC changed state :@EMC_Init_Short

5.2.2010 19:36:23 EMC changed state :@EMC_Not_Fully_Functional_Short

5.2.2010 19:36:23 AutoPOP3(10110): Starting server

5.2.2010 19:36:23 Queue processing started

5.2.2010 19:36:23 EMC changed state :@EMC_Running_Short

5.2.2010 21:04:30 EMC changed state :@EMC_Stopping_Short

5.2.2010 21:04:32 End of program

5.2.2010 21:04:32 AVG for E-mail ended

5.2.2010 21:05:41.812 [334] AVG for E-mail [8.5.401] started

5.2.2010 21:05:42.531 [334] Registered in WatchDog

5.2.2010 21:05:42.531 [334] EMC changed state :@EMC_Init_Short

5.2.2010 21:05:58.625 [334] Using AVG Kernel: 8.5.435 [271.1.1/2670]

5.2.2010 21:05:59 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

5.2.2010 21:06:01 Using Cyrus SASL 2.1.13

5.2.2010 21:06:06 Starting the main loop

5.2.2010 21:06:06 Redirector version 80000

5.2.2010 21:06:06 EMC changed state :@EMC_Init_Short

5.2.2010 21:06:06 EMC changed state :@EMC_Not_Fully_Functional_Short

5.2.2010 21:06:06 AutoPOP3(10110): Starting server

5.2.2010 21:06:06 Queue processing started

5.2.2010 21:06:06 EMC changed state :@EMC_Running_Short

8.2.2010 07:49:43.890 [680] AVG for E-mail [8.5.401] started

8.2.2010 07:49:44.000 [680] Registered in WatchDog

8.2.2010 07:49:44.000 [680] EMC changed state :@EMC_Init_Short

8.2.2010 07:49:53.796 [680] Using AVG Kernel: 8.5.435 [271.1.1/2674]

8.2.2010 07:49:54 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

8.2.2010 07:49:55 Using Cyrus SASL 2.1.13

8.2.2010 07:49:55 Starting the main loop

8.2.2010 07:49:55 Redirector version 80000

8.2.2010 07:49:55 EMC changed state :@EMC_Init_Short

8.2.2010 07:49:55 EMC changed state :@EMC_Not_Fully_Functional_Short

8.2.2010 07:49:55 AutoPOP3(10110): Starting server

8.2.2010 07:49:55 Queue processing started

8.2.2010 07:49:55 EMC changed state :@EMC_Running_Short

10.2.2010 08:41:53 EMC changed state :@EMC_Stopping_Short

10.2.2010 08:42:57.062 [53c] AVG for E-mail [8.5.401] started

10.2.2010 08:42:57.359 [53c] Registered in WatchDog

10.2.2010 08:42:57.359 [53c] EMC changed state :@EMC_Init_Short

10.2.2010 08:43:05.859 [53c] Using AVG Kernel: 8.5.435 [271.1.1/2678]

10.2.2010 08:43:06 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

10.2.2010 08:43:08 Using Cyrus SASL 2.1.13

10.2.2010 08:43:08 Starting the main loop

10.2.2010 08:43:08 Redirector version 80000

10.2.2010 08:43:08 EMC changed state :@EMC_Init_Short

10.2.2010 08:43:09 EMC changed state :@EMC_Not_Fully_Functional_Short

10.2.2010 08:43:09 AutoPOP3(10110): Starting server

10.2.2010 08:43:09 Queue processing started

10.2.2010 08:43:09 EMC changed state :@EMC_Running_Short

24.2.2010 23:26:05 EMC changed state :@EMC_Stopping_Short

24.2.2010 23:26:09 End of program

24.2.2010 23:26:09 AVG for E-mail ended

24.2.2010 23:27:03.812 [68c] AVG for E-mail [8.5.401] started

24.2.2010 23:27:03.875 [68c] Registered in WatchDog

24.2.2010 23:27:03.875 [68c] EMC changed state :@EMC_Init_Short

24.2.2010 23:27:09.781 [68c] Using AVG Kernel: 8.5.435 [271.1.1/2708]

24.2.2010 23:27:09 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

24.2.2010 23:27:10 Using Cyrus SASL 2.1.13

24.2.2010 23:27:10 Starting the main loop

24.2.2010 23:27:10 Redirector version 80000

24.2.2010 23:27:10 EMC changed state :@EMC_Init_Short

24.2.2010 23:27:10 EMC changed state :@EMC_Not_Fully_Functional_Short

24.2.2010 23:27:10 AutoPOP3(10110): Starting server

24.2.2010 23:27:10 Queue processing started

24.2.2010 23:27:10 EMC changed state :@EMC_Running_Short

6.3.2010 10:59:48 EMC changed state :@EMC_Stopping_Short

6.3.2010 11:04:38.937 [6b8] AVG for E-mail [8.5.401] started

6.3.2010 11:04:38.968 [6b8] Registered in WatchDog

6.3.2010 11:04:38.968 [6b8] EMC changed state :@EMC_Init_Short

6.3.2010 11:04:52.484 [6b8] Using AVG Kernel: 8.5.435 [271.1.1/2726]

6.3.2010 11:04:53 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

6.3.2010 11:04:55 Using Cyrus SASL 2.1.13

6.3.2010 11:04:57 Starting the main loop

6.3.2010 11:04:57 Redirector version 80000

6.3.2010 11:04:57 EMC changed state :@EMC_Init_Short

6.3.2010 11:04:57 EMC changed state :@EMC_Not_Fully_Functional_Short

6.3.2010 11:04:57 AutoPOP3(10110): Starting server

6.3.2010 11:04:57 Queue processing started

6.3.2010 11:04:57 EMC changed state :@EMC_Running_Short

11.3.2010 20:43:52 EMC changed state :@EMC_Stopping_Short

11.3.2010 20:45:32.250 [6f4] AVG for E-mail [8.5.401] started

11.3.2010 20:45:32.734 [6f4] Registered in WatchDog

11.3.2010 20:45:32.734 [6f4] EMC changed state :@EMC_Init_Short

11.3.2010 20:45:51.750 [6f4] Using AVG Kernel: 8.5.436 [271.1.1/2736]

11.3.2010 20:45:53 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

11.3.2010 20:45:58 Using Cyrus SASL 2.1.13

11.3.2010 20:46:01 Starting the main loop

11.3.2010 20:46:01 Redirector version 80000

11.3.2010 20:46:01 EMC changed state :@EMC_Init_Short

11.3.2010 20:46:01 EMC changed state :@EMC_Not_Fully_Functional_Short

11.3.2010 20:46:02 AutoPOP3(10110): Starting server

11.3.2010 20:46:02 Queue processing started

11.3.2010 20:46:02 EMC changed state :@EMC_Running_Short

18.3.2010 22:27:48 EMC changed state :@EMC_Stopping_Short

18.3.2010 22:27:52 End of program

18.3.2010 22:27:52 AVG for E-mail ended

18.3.2010 22:27:58.343 [1e8] AVG for E-mail [8.5.401] started

18.3.2010 22:27:58.515 [1e8] Registered in WatchDog

18.3.2010 22:27:58.531 [1e8] EMC changed state :@EMC_Init_Short

18.3.2010 22:28:06.281 [1e8] Using AVG Kernel: 8.5.436 [271.1.1/2755]

18.3.2010 22:28:06 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

18.3.2010 22:28:06 Using Cyrus SASL 2.1.13

18.3.2010 22:28:06 Starting the main loop

18.3.2010 22:28:06 Redirector version 80000

18.3.2010 22:28:06 EMC changed state :@EMC_Init_Short

18.3.2010 22:28:06 EMC changed state :@EMC_Not_Fully_Functional_Short

18.3.2010 22:28:06 AutoPOP3(10110): Starting server

18.3.2010 22:28:06 Queue processing started

18.3.2010 22:28:06 EMC changed state :@EMC_Running_Short

1.4.2010 00:39:19 EMC changed state :@EMC_Stopping_Short

1.4.2010 00:39:24 End of program

1.4.2010 00:39:24 AVG for E-mail ended

1.4.2010 00:40:23.687 [6bc] AVG for E-mail [8.5.401] started

1.4.2010 00:40:24.015 [6bc] Registered in WatchDog

1.4.2010 00:40:24.015 [6bc] EMC changed state :@EMC_Init_Short

1.4.2010 00:40:36.390 [6bc] Using AVG Kernel: 8.5.437 [271.1.1/2782]

1.4.2010 00:40:38 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

1.4.2010 00:40:40 Using Cyrus SASL 2.1.13

1.4.2010 00:40:42 Starting the main loop

1.4.2010 00:40:42 Redirector version 80000

1.4.2010 00:40:42 EMC changed state :@EMC_Init_Short

1.4.2010 00:40:42 EMC changed state :@EMC_Not_Fully_Functional_Short

1.4.2010 00:40:42 AutoPOP3(10110): Starting server

1.4.2010 00:40:42 EMC changed state :@EMC_Running_Short

1.4.2010 00:40:42 Queue processing started

2.4.2010 20:43:52.609 [898] AVG for E-mail [8.5.401] started

2.4.2010 20:43:55.937 [898] Registered in WatchDog

2.4.2010 20:43:56.062 [898] EMC changed state :@EMC_Init_Short

2.4.2010 20:44:33.609 [898] Using AVG Kernel: 8.5.437 [271.1.1/2786]

2.4.2010 20:44:34 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

2.4.2010 20:44:37 Using Cyrus SASL 2.1.13

2.4.2010 20:44:40 Starting the main loop

2.4.2010 20:44:40 Redirector version 80000

2.4.2010 20:44:40 EMC changed state :@EMC_Init_Short

2.4.2010 20:44:40 EMC changed state :@EMC_Not_Fully_Functional_Short

2.4.2010 20:44:40 AutoPOP3(10110): Starting server

2.4.2010 20:44:40 Queue processing started

2.4.2010 20:44:40 EMC changed state :@EMC_Running_Short

14.4.2010 08:03:32 EMC changed state :@EMC_Stopping_Short

14.4.2010 08:03:35 End of program

14.4.2010 08:03:35 AVG for E-mail ended

14.4.2010 08:04:48.875 [280] AVG for E-mail [8.5.401] started

14.4.2010 08:04:49.031 [280] Registered in WatchDog

14.4.2010 08:04:49.031 [280] EMC changed state :@EMC_Init_Short

14.4.2010 08:04:54.875 [280] Using AVG Kernel: 8.5.437 [271.1.1/2809]

14.4.2010 08:04:55 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

14.4.2010 08:04:56 Using Cyrus SASL 2.1.13

14.4.2010 08:04:58 Starting the main loop

14.4.2010 08:04:58 Redirector version 80000

14.4.2010 08:04:58 EMC changed state :@EMC_Init_Short

14.4.2010 08:04:58 EMC changed state :@EMC_Not_Fully_Functional_Short

14.4.2010 08:04:58 AutoPOP3(10110): Starting server

14.4.2010 08:04:58 Queue processing started

14.4.2010 08:04:58 EMC changed state :@EMC_Running_Short

26.4.2010 20:59:49.031 [53c] AVG for E-mail [8.5.401] started

26.4.2010 20:59:49.046 [53c] Registered in WatchDog

26.4.2010 20:59:49.046 [53c] EMC changed state :@EMC_Init_Short

26.4.2010 21:00:00.984 [53c] Using AVG Kernel: 8.5.437 [271.1.1/2837]

26.4.2010 21:00:01 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

26.4.2010 21:00:02 Using Cyrus SASL 2.1.13

26.4.2010 21:00:02 Starting the main loop

26.4.2010 21:00:02 Redirector version 80000

26.4.2010 21:00:02 EMC changed state :@EMC_Init_Short

26.4.2010 21:00:02 EMC changed state :@EMC_Not_Fully_Functional_Short

26.4.2010 21:00:02 AutoPOP3(10110): Starting server

26.4.2010 21:00:02 Queue processing started

26.4.2010 21:00:02 EMC changed state :@EMC_Running_Short

22.5.2010 22:10:51 EMC changed state :@EMC_Stopping_Short

22.5.2010 22:10:55 End of program

22.5.2010 22:10:55 AVG for E-mail ended

22.5.2010 22:11:55.312 [668] AVG for E-mail [8.5.401] started

22.5.2010 22:11:55.453 [668] Registered in WatchDog

22.5.2010 22:11:55.468 [668] EMC changed state :@EMC_Init_Short

22.5.2010 22:12:04.921 [668] Using AVG Kernel: 8.5.437 [271.1.1/2889]

22.5.2010 22:12:05 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

22.5.2010 22:12:06 Using Cyrus SASL 2.1.13

22.5.2010 22:12:09 Starting the main loop

22.5.2010 22:12:09 Redirector version 80000

22.5.2010 22:12:09 EMC changed state :@EMC_Init_Short

22.5.2010 22:12:09 EMC changed state :@EMC_Not_Fully_Functional_Short

22.5.2010 22:12:09 AutoPOP3(10110): Starting server

22.5.2010 22:12:09 Queue processing started

22.5.2010 22:12:09 EMC changed state :@EMC_Running_Short

26.5.2010 12:25:30 EMC changed state :@EMC_Stopping_Short

26.5.2010 12:25:36 End of program

26.5.2010 12:25:36 AVG for E-mail ended

26.5.2010 12:26:35.593 [524] AVG for E-mail [8.5.401] started

26.5.2010 12:26:36.281 [524] Registered in WatchDog

26.5.2010 12:26:36.281 [524] EMC changed state :@EMC_Init_Short

26.5.2010 12:26:49.625 [524] Using AVG Kernel: 8.5.437 [271.1.1/2897]

26.5.2010 12:26:50 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

26.5.2010 12:26:52 Using Cyrus SASL 2.1.13

26.5.2010 12:26:54 Starting the main loop

26.5.2010 12:26:54 Redirector version 80000

26.5.2010 12:26:54 EMC changed state :@EMC_Init_Short

26.5.2010 12:26:54 EMC changed state :@EMC_Not_Fully_Functional_Short

26.5.2010 12:26:54 Queue processing started

26.5.2010 12:26:54 AutoPOP3(10110): Starting server

26.5.2010 12:26:54 EMC changed state :@EMC_Running_Short

11.6.2010 03:34:00 EMC changed state :@EMC_Stopping_Short

11.6.2010 03:34:06 End of program

11.6.2010 03:34:06 AVG for E-mail ended

11.6.2010 03:35:14.828 [770] AVG for E-mail [8.5.401] started

11.6.2010 03:35:14.890 [770] Registered in WatchDog

11.6.2010 03:35:14.890 [770] EMC changed state :@EMC_Init_Short

11.6.2010 03:35:27.984 [770] Using AVG Kernel: 8.5.437 [271.1.1/2930]

11.6.2010 03:35:28 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

11.6.2010 03:35:31 Using Cyrus SASL 2.1.13

11.6.2010 03:35:31 Starting the main loop

11.6.2010 03:35:31 Redirector version 80000

11.6.2010 03:35:31 EMC changed state :@EMC_Init_Short

11.6.2010 03:35:31 EMC changed state :@EMC_Not_Fully_Functional_Short

11.6.2010 03:35:31 AutoPOP3(10110): Starting server

11.6.2010 03:35:31 Queue processing started

11.6.2010 03:35:31 EMC changed state :@EMC_Running_Short

12.6.2010 06:04:29 EMC changed state :@EMC_Stopping_Short

12.6.2010 06:04:32 End of program

12.6.2010 06:04:32 AVG for E-mail ended

12.6.2010 10:22:22.703 [3d0] AVG for E-mail [8.5.401] started

12.6.2010 10:22:29.218 [3d0] Registered in WatchDog

12.6.2010 10:22:29.343 [3d0] EMC changed state :@EMC_Init_Short

12.6.2010 10:22:41.796 [3d0] Using AVG Kernel: 8.5.437 [271.1.1/2931]

12.6.2010 10:22:42 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

12.6.2010 10:22:43 Using Cyrus SASL 2.1.13

12.6.2010 10:22:43 Starting the main loop

12.6.2010 10:22:43 Redirector version 80000

12.6.2010 10:22:43 EMC changed state :@EMC_Init_Short

12.6.2010 10:22:43 EMC changed state :@EMC_Not_Fully_Functional_Short

12.6.2010 10:22:43 AutoPOP3(10110): Starting server

12.6.2010 10:22:43 EMC changed state :@EMC_Running_Short

12.6.2010 10:22:43 Queue processing started

12.6.2010 15:49:47 EMC changed state :@EMC_Stopping_Short

12.6.2010 15:49:51 End of program

12.6.2010 15:49:51 AVG for E-mail ended

12.6.2010 15:51:06.250 [528] AVG for E-mail [8.5.401] started

12.6.2010 15:51:06.609 [528] Registered in WatchDog

12.6.2010 15:51:06.609 [528] EMC changed state :@EMC_Init_Short

12.6.2010 15:51:18.953 [528] Using AVG Kernel: 8.5.437 [271.1.1/2931]

12.6.2010 15:51:19 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

12.6.2010 15:51:20 Using Cyrus SASL 2.1.13

12.6.2010 15:51:20 Starting the main loop

12.6.2010 15:51:20 Redirector version 80000

12.6.2010 15:51:20 EMC changed state :@EMC_Init_Short

12.6.2010 15:51:20 EMC changed state :@EMC_Not_Fully_Functional_Short

12.6.2010 15:51:20 AutoPOP3(10110): Starting server

12.6.2010 15:51:20 Queue processing started

12.6.2010 15:51:20 EMC changed state :@EMC_Running_Short

12.6.2010 15:53:31 EMC changed state :@EMC_Stopping_Short

12.6.2010 15:53:32 Server 1 will be removed.

12.6.2010 15:53:32 Server 1 was removed.

12.6.2010 15:53:32 EMC changed state :failed

12.6.2010 15:53:32 Server 2 will be removed.

12.6.2010 15:53:32 Server 2 was removed.

12.6.2010 15:53:32 EMC changed state :failed

12.6.2010 15:53:33 End of program

12.6.2010 15:53:33 AVG for E-mail ended

12.6.2010 19:23:33.656 [508] AVG for E-mail [8.5.401] started

12.6.2010 19:23:33.906 [508] Registered in WatchDog

12.6.2010 19:23:33.906 [508] EMC changed state :@EMC_Init_Short

12.6.2010 19:23:44.687 [508] Using AVG Kernel: 8.5.437 [271.1.1/2931]

12.6.2010 19:23:45 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

12.6.2010 19:23:46 Using Cyrus SASL 2.1.13

12.6.2010 19:23:46 Starting the main loop

12.6.2010 19:23:46 Redirector version 80000

12.6.2010 19:23:46 EMC changed state :@EMC_Init_Short

12.6.2010 19:23:46 EMC changed state :@EMC_Not_Fully_Functional_Short

12.6.2010 19:23:46 AutoPOP3(10110): Starting server

12.6.2010 19:23:46 Queue processing started

12.6.2010 19:23:46 EMC changed state :@EMC_Running_Short

13.6.2010 00:06:16 EMC changed state :@EMC_Stopping_Short

13.6.2010 00:06:17 End of program

13.6.2010 00:06:17 AVG for E-mail ended

13.6.2010 03:57:08.828 [45c] AVG for E-mail [8.5.401] started

13.6.2010 03:57:08.984 [45c] Registered in WatchDog

13.6.2010 03:57:08.984 [45c] EMC changed state :@EMC_Init_Short

13.6.2010 03:57:21.093 [45c] Using AVG Kernel: 8.5.437 [271.1.1/2931]

13.6.2010 03:57:22 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

13.6.2010 03:57:24 Using Cyrus SASL 2.1.13

13.6.2010 03:57:24 Starting the main loop

13.6.2010 03:57:24 Redirector version 80000

13.6.2010 03:57:24 EMC changed state :@EMC_Init_Short

13.6.2010 03:57:24 EMC changed state :@EMC_Not_Fully_Functional_Short

13.6.2010 03:57:24 AutoPOP3(10110): Starting server

13.6.2010 03:57:24 Queue processing started

13.6.2010 03:57:24 EMC changed state :@EMC_Running_Short

13.6.2010 04:34:07 EMC changed state :@EMC_Stopping_Short

13.6.2010 04:34:09 End of program

13.6.2010 04:34:09 AVG for E-mail ended

13.6.2010 15:40:32.687 [438] AVG for E-mail [8.5.401] started

13.6.2010 15:40:32.968 [438] Registered in WatchDog

13.6.2010 15:40:32.984 [438] EMC changed state :@EMC_Init_Short

13.6.2010 15:40:42.000 [438] Using AVG Kernel: 8.5.437 [271.1.1/2931]

13.6.2010 15:40:42 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

13.6.2010 15:40:42 Using Cyrus SASL 2.1.13

13.6.2010 15:40:44 Starting the main loop

13.6.2010 15:40:44 Redirector version 80000

13.6.2010 15:40:44 EMC changed state :@EMC_Init_Short

13.6.2010 15:40:44 EMC changed state :@EMC_Not_Fully_Functional_Short

13.6.2010 15:40:44 AutoPOP3(10110): Starting server

13.6.2010 15:40:44 Queue processing started

13.6.2010 15:40:44 EMC changed state :@EMC_Running_Short

13.6.2010 16:40:24 EMC changed state :@EMC_Stopping_Short

13.6.2010 16:40:25 Server 1 will be removed.

13.6.2010 16:40:25 Server 1 was removed.

13.6.2010 16:40:25 EMC changed state :failed

13.6.2010 16:40:25 Server 2 will be removed.

13.6.2010 16:40:25 Server 2 was removed.

13.6.2010 16:40:25 EMC changed state :failed

13.6.2010 16:40:26 End of program

13.6.2010 16:40:26 AVG for E-mail ended

14.6.2010 02:09:45.203 [514] AVG for E-mail [8.5.401] started

14.6.2010 02:09:45.328 [514] Registered in WatchDog

14.6.2010 02:09:45.328 [514] EMC changed state :@EMC_Init_Short

14.6.2010 02:09:56.656 [514] Using AVG Kernel: 8.5.437 [271.1.1/2936]

14.6.2010 02:09:57 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

14.6.2010 02:09:58 Using Cyrus SASL 2.1.13

14.6.2010 02:09:58 Starting the main loop

14.6.2010 02:09:58 Redirector version 80000

14.6.2010 02:09:58 EMC changed state :@EMC_Init_Short

14.6.2010 02:09:58 EMC changed state :@EMC_Not_Fully_Functional_Short

14.6.2010 02:09:58 AutoPOP3(10110): Starting server

14.6.2010 02:09:58 Queue processing started

14.6.2010 02:09:58 EMC changed state :@EMC_Running_Short

17.6.2010 19:18:56 EMC changed state :@EMC_Stopping_Short

17.6.2010 19:19:02 End of program

17.6.2010 19:19:02 AVG for E-mail ended

17.6.2010 20:06:04.843 [33c] AVG for E-mail [8.5.401] started

17.6.2010 20:06:05.296 [33c] Registered in WatchDog

17.6.2010 20:06:05.328 [33c] EMC changed state :@EMC_Init_Short

17.6.2010 20:06:16.015 [33c] Using AVG Kernel: 8.5.437 [271.1.1/2936]

17.6.2010 20:06:16 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

17.6.2010 20:06:18 Using Cyrus SASL 2.1.13

17.6.2010 20:06:18 Starting the main loop

17.6.2010 20:06:18 Redirector version 80000

17.6.2010 20:06:18 EMC changed state :@EMC_Init_Short

17.6.2010 20:06:19 EMC changed state :@EMC_Not_Fully_Functional_Short

17.6.2010 20:06:19 AutoPOP3(10110): Starting server

17.6.2010 20:06:19 Queue processing started

17.6.2010 20:06:19 EMC changed state :@EMC_Running_Short

17.6.2010 13:20:55 EMC changed state :@EMC_Stopping_Short

17.6.2010 13:20:55 Server 1 will be removed.

17.6.2010 13:20:55 Server 1 was removed.

17.6.2010 13:20:55 EMC changed state :failed

17.6.2010 13:20:55 Server 2 will be removed.

17.6.2010 13:20:55 Server 2 was removed.

17.6.2010 13:20:56 EMC changed state :failed

17.6.2010 13:20:56 End of program

17.6.2010 13:20:56 AVG for E-mail ended

19.6.2010 07:29:10.359 [5ec] AVG for E-mail [8.5.401] started

19.6.2010 07:29:11.031 [5ec] Registered in WatchDog

19.6.2010 07:29:11.203 [5ec] EMC changed state :@EMC_Init_Short

19.6.2010 07:29:26.593 [5ec] Using AVG Kernel: 8.5.437 [271.1.1/2936]

19.6.2010 07:29:28 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

19.6.2010 07:29:30 Using Cyrus SASL 2.1.13

19.6.2010 07:29:32 Starting the main loop

19.6.2010 07:29:32 Redirector version 80000

19.6.2010 07:29:32 EMC changed state :@EMC_Init_Short

19.6.2010 07:29:32 EMC changed state :@EMC_Not_Fully_Functional_Short

19.6.2010 07:29:32 AutoPOP3(10110): Starting server

19.6.2010 07:29:32 Queue processing started

19.6.2010 07:29:32 EMC changed state :@EMC_Running_Short

22.6.2010 20:23:46 EMC changed state :@EMC_Stopping_Short

22.6.2010 20:23:51 End of program

22.6.2010 20:23:51 AVG for E-mail ended

22.6.2010 20:25:04.546 [1fc] AVG for E-mail [8.5.401] started

22.6.2010 20:25:04.906 [1fc] Registered in WatchDog

22.6.2010 20:25:04.921 [1fc] EMC changed state :@EMC_Init_Short

22.6.2010 20:25:15.187 [1fc] Using AVG Kernel: 8.5.439 [271.1.1/2956]

22.6.2010 20:25:15 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

22.6.2010 20:25:16 Using Cyrus SASL 2.1.13

22.6.2010 20:25:16 Starting the main loop

22.6.2010 20:25:16 Redirector version 80000

22.6.2010 20:25:16 EMC changed state :@EMC_Init_Short

22.6.2010 20:25:16 EMC changed state :@EMC_Not_Fully_Functional_Short

22.6.2010 20:25:16 AutoPOP3(10110): Starting server

22.6.2010 20:25:16 Queue processing started

22.6.2010 20:25:16 EMC changed state :@EMC_Running_Short

23.6.2010 20:08:07.781 [1e0] AVG for E-mail [8.5.401] started

23.6.2010 20:08:08.109 [1e0] Registered in WatchDog

23.6.2010 20:08:08.125 [1e0] EMC changed state :@EMC_Init_Short

23.6.2010 20:08:19.859 [1e0] Using AVG Kernel: 8.5.439 [271.1.1/2956]

23.6.2010 20:08:20 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

23.6.2010 20:08:21 Using Cyrus SASL 2.1.13

23.6.2010 20:08:21 Starting the main loop

23.6.2010 20:08:21 Redirector version 80000

23.6.2010 20:08:21 EMC changed state :@EMC_Init_Short

23.6.2010 20:08:21 EMC changed state :@EMC_Not_Fully_Functional_Short

23.6.2010 20:08:21 AutoPOP3(10110): Starting server

23.6.2010 20:08:21 EMC changed state :@EMC_Running_Short

23.6.2010 20:08:21 Queue processing started

24.6.2010 19:09:52.640 [b0] AVG for E-mail [8.5.401] started

24.6.2010 19:09:52.796 [b0] Registered in WatchDog

24.6.2010 19:09:52.796 [b0] EMC changed state :@EMC_Init_Short

24.6.2010 19:10:08.109 [b0] Using AVG Kernel: 8.5.439 [271.1.1/2961]

24.6.2010 19:10:08 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

24.6.2010 19:10:10 Using Cyrus SASL 2.1.13

24.6.2010 19:10:11 Starting the main loop

24.6.2010 19:10:11 Redirector version 80000

24.6.2010 19:10:11 EMC changed state :@EMC_Init_Short

24.6.2010 19:10:11 EMC changed state :@EMC_Not_Fully_Functional_Short

24.6.2010 19:10:11 AutoPOP3(10110): Starting server

24.6.2010 19:10:11 Queue processing started

24.6.2010 19:10:11 EMC changed state :@EMC_Running_Short

25.6.2010 20:27:03.000 [7e8] AVG for E-mail [8.5.401] started

25.6.2010 20:27:03.234 [7e8] Registered in WatchDog

25.6.2010 20:27:03.281 [7e8] EMC changed state :@EMC_Init_Short

25.6.2010 20:27:17.031 [7e8] Using AVG Kernel: 8.5.439 [271.1.1/2963]

25.6.2010 20:27:17 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

25.6.2010 20:27:18 Using Cyrus SASL 2.1.13

25.6.2010 20:27:19 Starting the main loop

25.6.2010 20:27:19 Redirector version 80000

25.6.2010 20:27:19 EMC changed state :@EMC_Init_Short

25.6.2010 20:27:19 EMC changed state :@EMC_Not_Fully_Functional_Short

25.6.2010 20:27:19 AutoPOP3(10110): Starting server

25.6.2010 20:27:19 Queue processing started

25.6.2010 20:27:20 EMC changed state :@EMC_Running_Short

27.6.2010 17:37:46 EMC changed state :@EMC_Stopping_Short

27.6.2010 17:37:50 End of program

27.6.2010 17:37:50 AVG for E-mail ended

28.6.2010 16:29:14.718 [4a0] AVG for E-mail [8.5.401] started

28.6.2010 16:29:15.437 [4a0] Registered in WatchDog

28.6.2010 16:29:15.437 [4a0] EMC changed state :@EMC_Init_Short

28.6.2010 16:29:28.390 [4a0] Using AVG Kernel: 8.5.439 [271.1.1/2965]

28.6.2010 16:29:28 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

28.6.2010 16:29:29 Using Cyrus SASL 2.1.13

28.6.2010 16:29:31 Starting the main loop

28.6.2010 16:29:31 Redirector version 80000

28.6.2010 16:29:31 EMC changed state :@EMC_Init_Short

28.6.2010 16:29:31 EMC changed state :@EMC_Not_Fully_Functional_Short

28.6.2010 16:29:31 AutoPOP3(10110): Starting server

28.6.2010 16:29:31 Queue processing started

28.6.2010 16:29:31 EMC changed state :@EMC_Running_Short

30.6.2010 17:34:12.484 [4fc] AVG for E-mail [8.5.401] started

30.6.2010 17:34:12.812 [4fc] Registered in WatchDog

30.6.2010 17:34:12.812 [4fc] EMC changed state :@EMC_Init_Short

30.6.2010 17:34:31.500 [4fc] Using AVG Kernel: 8.5.439 [271.1.1/2969]

30.6.2010 17:34:32 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

30.6.2010 17:34:33 Using Cyrus SASL 2.1.13

30.6.2010 17:34:35 Starting the main loop

30.6.2010 17:34:35 Redirector version 80000

30.6.2010 17:34:37 EMC changed state :@EMC_Init_Short

30.6.2010 17:34:37 EMC changed state :@EMC_Not_Fully_Functional_Short

30.6.2010 17:34:37 AutoPOP3(10110): Starting server

30.6.2010 17:34:37 Queue processing started

30.6.2010 17:34:37 EMC changed state :@EMC_Running_Short

1.7.2010 09:18:11 EMC changed state :@EMC_Stopping_Short

1.7.2010 09:18:15 End of program

1.7.2010 09:18:15 AVG for E-mail ended

2.7.2010 09:54:41.750 [7ac] AVG for E-mail [8.5.401] started

2.7.2010 09:54:42.093 [7ac] Registered in WatchDog

2.7.2010 09:54:42.109 [7ac] EMC changed state :@EMC_Init_Short

2.7.2010 09:54:51.390 [7ac] Using AVG Kernel: 8.5.439 [271.1.1/2971]

2.7.2010 09:54:51 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

2.7.2010 09:54:52 Using Cyrus SASL 2.1.13

2.7.2010 09:54:52 Starting the main loop

2.7.2010 09:54:52 Redirector version 80000

2.7.2010 09:54:52 EMC changed state :@EMC_Init_Short

2.7.2010 09:54:53 EMC changed state :@EMC_Not_Fully_Functional_Short

2.7.2010 09:54:53 AutoPOP3(10110): Starting server

2.7.2010 09:54:53 Queue processing started

2.7.2010 09:54:53 EMC changed state :@EMC_Running_Short

2.7.2010 10:14:29 EMC changed state :@EMC_Stopping_Short

2.7.2010 10:14:30 Server 1 will be removed.

2.7.2010 10:14:30 Server 1 was removed.

2.7.2010 10:14:30 EMC changed state :failed

2.7.2010 10:14:30 Server 2 will be removed.

2.7.2010 10:14:30 Server 2 was removed.

2.7.2010 10:14:30 EMC changed state :failed

2.7.2010 10:14:30 End of program

2.7.2010 10:14:30 AVG for E-mail ended

3.7.2010 09:40:49.890 [6e8] AVG for E-mail [8.5.401] started

3.7.2010 09:40:50.093 [6e8] Registered in WatchDog

3.7.2010 09:40:50.093 [6e8] EMC changed state :@EMC_Init_Short

3.7.2010 09:41:09.031 [6e8] Using AVG Kernel: 8.5.439 [271.1.1/2976]

3.7.2010 09:41:09 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

3.7.2010 09:41:13 Using Cyrus SASL 2.1.13

3.7.2010 09:41:14 Starting the main loop

3.7.2010 09:41:14 Redirector version 80000

3.7.2010 09:41:14 EMC changed state :@EMC_Init_Short

3.7.2010 09:41:14 EMC changed state :@EMC_Not_Fully_Functional_Short

3.7.2010 09:41:14 AutoPOP3(10110): Starting server

3.7.2010 09:41:14 Queue processing started

3.7.2010 09:41:14 EMC changed state :@EMC_Running_Short

4.7.2010 12:49:14 EMC changed state :@EMC_Stopping_Short

4.7.2010 12:49:16 End of program

4.7.2010 12:49:16 AVG for E-mail ended

4.7.2010 17:25:22.515 [4cc] AVG for E-mail [8.5.401] started

4.7.2010 17:25:23.031 [4cc] Registered in WatchDog

4.7.2010 17:25:23.078 [4cc] EMC changed state :@EMC_Init_Short

4.7.2010 17:25:34.359 [4cc] Using AVG Kernel: 8.5.439 [271.1.1/2980]

4.7.2010 17:25:34 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

4.7.2010 17:25:36 Using Cyrus SASL 2.1.13

4.7.2010 17:25:36 Starting the main loop

4.7.2010 17:25:36 Redirector version 80000

4.7.2010 17:25:36 EMC changed state :@EMC_Init_Short

4.7.2010 17:25:36 EMC changed state :@EMC_Not_Fully_Functional_Short

4.7.2010 17:25:36 AutoPOP3(10110): Starting server

4.7.2010 17:25:36 Queue processing started

4.7.2010 17:25:36 EMC changed state :@EMC_Running_Short

7.7.2010 10:39:20 EMC changed state :@EMC_Stopping_Short

7.7.2010 10:39:24 End of program

7.7.2010 10:39:24 AVG for E-mail ended

7.7.2010 21:00:41.765 [540] AVG for E-mail [8.5.401] started

7.7.2010 21:00:42.109 [540] Registered in WatchDog

7.7.2010 21:00:42.125 [540] EMC changed state :@EMC_Init_Short

7.7.2010 21:00:53.875 [540] Using AVG Kernel: 8.5.439 [271.1.1/2986]

7.7.2010 21:00:54 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

7.7.2010 21:00:55 Using Cyrus SASL 2.1.13

7.7.2010 21:00:57 Starting the main loop

7.7.2010 21:00:57 Redirector version 80000

7.7.2010 21:00:57 EMC changed state :@EMC_Init_Short

7.7.2010 21:00:57 EMC changed state :@EMC_Not_Fully_Functional_Short

7.7.2010 21:00:57 AutoPOP3(10110): Starting server

7.7.2010 21:00:57 Queue processing started

7.7.2010 21:00:57 EMC changed state :@EMC_Running_Short

10.7.2010 11:42:10.171 [59c] AVG for E-mail [8.5.401] started

10.7.2010 11:42:10.578 [59c] Registered in WatchDog

10.7.2010 11:42:10.593 [59c] EMC changed state :@EMC_Init_Short

10.7.2010 11:42:23.093 [59c] Using AVG Kernel: 8.5.439 [271.1.1/2986]

10.7.2010 11:42:23 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

10.7.2010 11:42:25 Using Cyrus SASL 2.1.13

10.7.2010 11:42:25 Starting the main loop

10.7.2010 11:42:25 Redirector version 80000

10.7.2010 11:42:25 EMC changed state :@EMC_Init_Short

10.7.2010 11:42:25 EMC changed state :@EMC_Not_Fully_Functional_Short

10.7.2010 11:42:25 AutoPOP3(10110): Starting server

10.7.2010 11:42:25 Queue processing started

10.7.2010 11:42:25 EMC changed state :@EMC_Running_Short

11.7.2010 09:07:59 EMC changed state :@EMC_Stopping_Short

11.7.2010 09:08:04 End of program

11.7.2010 09:08:04 AVG for E-mail ended

11.7.2010 18:20:03.453 [3d0] AVG for E-mail [8.5.401] started

11.7.2010 18:20:04.656 [3d0] Registered in WatchDog

11.7.2010 18:20:04.671 [3d0] EMC changed state :@EMC_Init_Short

11.7.2010 18:20:21.609 [3d0] Using AVG Kernel: 8.5.439 [271.1.1/2992]

11.7.2010 18:20:22 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

11.7.2010 18:20:24 Using Cyrus SASL 2.1.13

11.7.2010 18:20:26 Starting the main loop

11.7.2010 18:20:26 Redirector version 80000

11.7.2010 18:20:26 EMC changed state :@EMC_Init_Short

11.7.2010 18:20:26 EMC changed state :@EMC_Not_Fully_Functional_Short

11.7.2010 18:20:26 AutoPOP3(10110): Starting server

11.7.2010 18:20:26 Queue processing started

11.7.2010 18:20:26 EMC changed state :@EMC_Running_Short

13.7.2010 08:13:53 EMC changed state :@EMC_Stopping_Short

13.7.2010 08:14:00 End of program

13.7.2010 08:14:00 AVG for E-mail ended

13.7.2010 08:14:07.484 [fec] AVG for E-mail [8.5.401] started

13.7.2010 08:14:07.968 [fec] Registered in WatchDog

13.7.2010 08:14:08.015 [fec] EMC changed state :@EMC_Init_Short

13.7.2010 08:14:11.500 [fec] Using AVG Kernel: 8.5.439 [271.1.1/3001]

13.7.2010 08:14:11 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

13.7.2010 08:14:12 Using Cyrus SASL 2.1.13

13.7.2010 08:14:12 Starting the main loop

13.7.2010 08:14:12 Redirector version 80000

13.7.2010 08:14:12 EMC changed state :@EMC_Init_Short

13.7.2010 08:14:12 EMC changed state :@EMC_Not_Fully_Functional_Short

13.7.2010 08:14:12 Queue processing started

13.7.2010 08:14:12 AutoPOP3(10110): Starting server

13.7.2010 08:14:12 EMC changed state :@EMC_Running_Short

15.7.2010 23:39:36.015 [4e8] AVG for E-mail [8.5.401] started

15.7.2010 23:39:36.390 [4e8] Registered in WatchDog

15.7.2010 23:39:36.406 [4e8] EMC changed state :@EMC_Init_Short

15.7.2010 23:39:48.500 [4e8] Using AVG Kernel: 8.5.441 [271.1.1/3001]

15.7.2010 23:39:48 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

15.7.2010 23:39:51 Using Cyrus SASL 2.1.13

15.7.2010 23:39:52 Starting the main loop

15.7.2010 23:39:52 Redirector version 80000

15.7.2010 23:39:52 EMC changed state :@EMC_Init_Short

15.7.2010 23:39:52 EMC changed state :@EMC_Not_Fully_Functional_Short

15.7.2010 23:39:52 AutoPOP3(10110): Starting server

15.7.2010 23:39:52 Queue processing started

15.7.2010 23:39:52 EMC changed state :@EMC_Running_Short

16.7.2010 00:56:15 EMC changed state :@EMC_Stopping_Short

16.7.2010 00:56:21 End of program

16.7.2010 00:56:21 AVG for E-mail ended

16.7.2010 01:09:32.296 [518] AVG for E-mail [8.5.401] started

16.7.2010 01:09:32.484 [518] Registered in WatchDog

16.7.2010 01:09:32.515 [518] EMC changed state :@EMC_Init_Short

16.7.2010 01:09:46.437 [518] Using AVG Kernel: 8.5.441 [271.1.1/3001]

16.7.2010 01:09:47 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

16.7.2010 01:09:49 Using Cyrus SASL 2.1.13

16.7.2010 01:09:51 Starting the main loop

16.7.2010 01:09:51 Redirector version 80000

16.7.2010 01:09:51 EMC changed state :@EMC_Init_Short

16.7.2010 01:09:51 EMC changed state :@EMC_Not_Fully_Functional_Short

16.7.2010 01:09:51 AutoPOP3(10110): Starting server

16.7.2010 01:09:51 Queue processing started

16.7.2010 01:09:51 EMC changed state :@EMC_Running_Short

23.7.2010 21:58:02.296 [484] AVG for E-mail [8.5.401] started

23.7.2010 21:58:02.593 [484] Registered in WatchDog

23.7.2010 21:58:02.593 [484] EMC changed state :@EMC_Init_Short

23.7.2010 21:58:15.109 [484] Using AVG Kernel: 8.5.441 [271.1.1/3018]

23.7.2010 21:58:15 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

23.7.2010 21:58:17 Using Cyrus SASL 2.1.13

23.7.2010 21:58:19 Starting the main loop

23.7.2010 21:58:19 Redirector version 80000

23.7.2010 21:58:19 EMC changed state :@EMC_Init_Short

23.7.2010 21:58:19 EMC changed state :@EMC_Not_Fully_Functional_Short

23.7.2010 21:58:19 AutoPOP3(10110): Starting server

23.7.2010 21:58:19 Queue processing started

23.7.2010 21:58:19 EMC changed state :@EMC_Running_Short

29.7.2010 12:24:12 EMC changed state :@EMC_Stopping_Short

29.7.2010 12:24:16 End of program

29.7.2010 12:24:16 AVG for E-mail ended

29.7.2010 12:25:40.859 [6f8] AVG for E-mail [8.5.401] started

29.7.2010 12:25:41.062 [6f8] Registered in WatchDog

29.7.2010 12:25:41.093 [6f8] EMC changed state :@EMC_Init_Short

29.7.2010 12:25:48.593 [6f8] Using AVG Kernel: 8.5.441 [271.1.1/3035]

29.7.2010 12:25:48 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

29.7.2010 12:25:49 Using Cyrus SASL 2.1.13

29.7.2010 12:25:49 Starting the main loop

29.7.2010 12:25:49 Redirector version 80000

29.7.2010 12:25:49 EMC changed state :@EMC_Init_Short

29.7.2010 12:25:49 EMC changed state :@EMC_Not_Fully_Functional_Short

29.7.2010 12:25:49 AutoPOP3(10110): Starting server

29.7.2010 12:25:49 Queue processing started

29.7.2010 12:25:49 EMC changed state :@EMC_Running_Short

4.8.2010 23:03:43 EMC changed state :@EMC_Stopping_Short

4.8.2010 23:03:47 End of program

4.8.2010 23:03:47 AVG for E-mail ended

4.8.2010 23:05:07.562 [7b0] AVG for E-mail [8.5.401] started

4.8.2010 23:05:07.703 [7b0] Registered in WatchDog

4.8.2010 23:05:07.765 [7b0] EMC changed state :@EMC_Init_Short

4.8.2010 23:05:18.062 [7b0] Using AVG Kernel: 8.5.441 [271.1.1/3049]

4.8.2010 23:05:19 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

4.8.2010 23:05:20 Using Cyrus SASL 2.1.13

4.8.2010 23:05:20 Starting the main loop

4.8.2010 23:05:20 Redirector version 80000

4.8.2010 23:05:20 EMC changed state :@EMC_Init_Short

4.8.2010 23:05:20 EMC changed state :@EMC_Not_Fully_Functional_Short

4.8.2010 23:05:20 AutoPOP3(10110): Starting server

4.8.2010 23:05:20 Queue processing started

4.8.2010 23:05:20 EMC changed state :@EMC_Running_Short

7.8.2010 13:16:32 EMC changed state :@EMC_Stopping_Short

7.8.2010 13:16:37 End of program

7.8.2010 13:16:37 AVG for E-mail ended

7.8.2010 13:17:49.500 [564] AVG for E-mail [8.5.401] started

7.8.2010 13:17:50.015 [564] Registered in WatchDog

7.8.2010 13:17:50.015 [564] EMC changed state :@EMC_Init_Short

7.8.2010 13:18:09.187 [564] Using AVG Kernel: 8.5.441 [271.1.1/3055]

7.8.2010 13:18:09 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

7.8.2010 13:18:13 Using Cyrus SASL 2.1.13

7.8.2010 13:18:14 Starting the main loop

7.8.2010 13:18:14 Redirector version 80000

7.8.2010 13:18:14 EMC changed state :@EMC_Init_Short

7.8.2010 13:18:14 EMC changed state :@EMC_Not_Fully_Functional_Short

7.8.2010 13:18:17 AutoPOP3(10110): Starting server

7.8.2010 13:18:17 Queue processing started

7.8.2010 13:18:17 EMC changed state :@EMC_Running_Short

11.8.2010 10:43:01 EMC changed state :@EMC_Stopping_Short

11.8.2010 10:43:05 End of program

11.8.2010 10:43:05 AVG for E-mail ended

13.8.2010 01:24:44.593 [614] AVG for E-mail [8.5.401] started

13.8.2010 01:24:44.734 [614] Registered in WatchDog

13.8.2010 01:24:44.734 [614] EMC changed state :@EMC_Init_Short

13.8.2010 01:24:56.125 [614] Using AVG Kernel: 8.5.441 [271.1.1/3055]

13.8.2010 01:24:56 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

13.8.2010 01:24:58 Using Cyrus SASL 2.1.13

13.8.2010 01:24:58 Starting the main loop

13.8.2010 01:24:58 Redirector version 80000

13.8.2010 01:24:58 EMC changed state :@EMC_Init_Short

13.8.2010 01:24:58 EMC changed state :@EMC_Not_Fully_Functional_Short

13.8.2010 01:24:58 AutoPOP3(10110): Starting server

13.8.2010 01:24:58 Queue processing started

13.8.2010 01:24:58 EMC changed state :@EMC_Running_Short

14.8.2010 09:52:34 EMC changed state :@EMC_Stopping_Short

14.8.2010 09:52:38 End of program

14.8.2010 09:52:38 AVG for E-mail ended

14.8.2010 09:54:16.281 [5f0] AVG for E-mail [8.5.401] started

14.8.2010 09:54:20.593 [5f0] Registered in WatchDog

14.8.2010 09:54:20.593 [5f0] EMC changed state :@EMC_Init_Short

14.8.2010 09:54:36.046 [5f0] Using AVG Kernel: 8.5.441 [271.1.1/3067]

14.8.2010 09:54:36 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

14.8.2010 09:54:38 Using Cyrus SASL 2.1.13

14.8.2010 09:54:41 Starting the main loop

14.8.2010 09:54:41 Redirector version 80000

14.8.2010 09:54:41 EMC changed state :@EMC_Init_Short

14.8.2010 09:54:41 EMC changed state :@EMC_Not_Fully_Functional_Short

14.8.2010 09:54:41 AutoPOP3(10110): Starting server

14.8.2010 09:54:41 Queue processing started

14.8.2010 09:54:41 EMC changed state :@EMC_Running_Short

14.8.2010 10:03:17 EMC changed state :@EMC_Stopping_Short

14.8.2010 10:03:19 End of program

14.8.2010 10:03:19 AVG for E-mail ended

14.8.2010 10:04:50.453 [5f4] AVG for E-mail [8.5.401] started

14.8.2010 10:04:51.968 [5f4] Registered in WatchDog

14.8.2010 10:04:52.218 [5f4] EMC changed state :@EMC_Init_Short

14.8.2010 10:05:11.296 [5f4] Using AVG Kernel: 8.5.441 [271.1.1/3067]

14.8.2010 10:05:12 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

14.8.2010 10:05:14 Using Cyrus SASL 2.1.13

14.8.2010 10:05:17 Starting the main loop

14.8.2010 10:05:17 Redirector version 80000

14.8.2010 10:05:17 EMC changed state :@EMC_Init_Short

14.8.2010 10:05:17 EMC changed state :@EMC_Not_Fully_Functional_Short

14.8.2010 10:05:18 AutoPOP3(10110): Starting server

14.8.2010 10:05:18 Queue processing started

14.8.2010 10:05:18 EMC changed state :@EMC_Running_Short

14.8.2010 13:03:58.296 [5a0] AVG for E-mail [8.5.401] started

14.8.2010 13:03:58.390 [5a0] Registered in WatchDog

14.8.2010 13:03:58.390 [5a0] EMC changed state :@EMC_Init_Short

14.8.2010 13:04:09.937 [5a0] Using AVG Kernel: 8.5.441 [271.1.1/3067]

14.8.2010 13:04:10 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

14.8.2010 13:04:12 Using Cyrus SASL 2.1.13

14.8.2010 13:04:12 Starting the main loop

14.8.2010 13:04:12 Redirector version 80000

14.8.2010 13:04:12 EMC changed state :@EMC_Init_Short

14.8.2010 13:04:12 EMC changed state :@EMC_Not_Fully_Functional_Short

14.8.2010 13:04:12 AutoPOP3(10110): Starting server

14.8.2010 13:04:12 EMC changed state :@EMC_Running_Short

14.8.2010 13:04:12 Queue processing started

14.8.2010 13:37:33 EMC changed state :@EMC_Stopping_Short

14.8.2010 13:37:38 End of program

14.8.2010 13:37:38 AVG for E-mail ended

14.8.2010 13:38:48.750 [504] AVG for E-mail [8.5.401] started

14.8.2010 13:38:48.812 [504] Registered in WatchDog

14.8.2010 13:38:48.812 [504] EMC changed state :@EMC_Init_Short

14.8.2010 13:39:09.187 [504] Using AVG Kernel: 8.5.441 [271.1.1/3067]

14.8.2010 13:39:10 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

14.8.2010 13:39:12 Using Cyrus SASL 2.1.13

14.8.2010 13:39:12 Starting the main loop

14.8.2010 13:39:12 Redirector version 80000

14.8.2010 13:39:12 EMC changed state :@EMC_Init_Short

14.8.2010 13:39:13 EMC changed state :@EMC_Not_Fully_Functional_Short

14.8.2010 13:39:13 AutoPOP3(10110): Starting server

14.8.2010 13:39:13 Queue processing started

14.8.2010 13:39:13 EMC changed state :@EMC_Running_Short

17.8.2010 07:13:07.500 [79c] AVG for E-mail [8.5.401] started

17.8.2010 07:13:07.671 [79c] Registered in WatchDog

17.8.2010 07:13:07.687 [79c] EMC changed state :@EMC_Init_Short

17.8.2010 07:13:22.171 [79c] Using AVG Kernel: 8.5.441 [271.1.1/3074]

17.8.2010 07:13:22 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

17.8.2010 07:13:24 Using Cyrus SASL 2.1.13

17.8.2010 07:13:24 Starting the main loop

17.8.2010 07:13:24 Redirector version 80000

17.8.2010 07:13:24 EMC changed state :@EMC_Init_Short

17.8.2010 07:13:24 EMC changed state :@EMC_Not_Fully_Functional_Short

17.8.2010 07:13:24 AutoPOP3(10110): Starting server

17.8.2010 07:13:24 Queue processing started

17.8.2010 07:13:24 EMC changed state :@EMC_Running_Short

17.8.2010 19:29:09 EMC changed state :@EMC_Stopping_Short

17.8.2010 19:29:14 End of program

17.8.2010 19:29:14 AVG for E-mail ended

17.8.2010 19:30:42.281 [724] AVG for E-mail [8.5.401] started

17.8.2010 19:30:44.218 [724] Registered in WatchDog

17.8.2010 19:30:44.265 [724] EMC changed state :@EMC_Init_Short

17.8.2010 19:31:09.453 [724] Using AVG Kernel: 8.5.441 [271.1.1/3077]

17.8.2010 19:31:15 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

17.8.2010 19:31:20 Using Cyrus SASL 2.1.13

17.8.2010 19:31:20 Starting the main loop

17.8.2010 19:31:20 Redirector version 80000

17.8.2010 19:31:20 EMC changed state :@EMC_Init_Short

17.8.2010 19:31:20 EMC changed state :@EMC_Not_Fully_Functional_Short

17.8.2010 19:31:20 AutoPOP3(10110): Starting server

17.8.2010 19:31:20 Queue processing started

17.8.2010 19:31:20 EMC changed state :@EMC_Running_Short

18.8.2010 23:44:56.296 [228] AVG for E-mail [8.5.401] started

18.8.2010 23:44:56.625 [228] Registered in WatchDog

18.8.2010 23:44:56.625 [228] EMC changed state :@EMC_Init_Short

18.8.2010 23:45:22.390 [228] Using AVG Kernel: 8.5.441 [271.1.1/3080]

18.8.2010 23:45:24 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

18.8.2010 23:45:25 Using Cyrus SASL 2.1.13

18.8.2010 23:45:25 Starting the main loop

18.8.2010 23:45:25 Redirector version 80000

18.8.2010 23:45:25 EMC changed state :@EMC_Init_Short

18.8.2010 23:45:26 EMC changed state :@EMC_Not_Fully_Functional_Short

18.8.2010 23:45:26 AutoPOP3(10110): Starting server

18.8.2010 23:45:26 Queue processing started

18.8.2010 23:45:26 EMC changed state :@EMC_Running_Short

19.8.2010 04:35:16.015 [718] AVG for E-mail [8.5.401] started

19.8.2010 04:35:18.812 [718] Registered in WatchDog

19.8.2010 04:35:19.203 [718] EMC changed state :@EMC_Init_Short

19.8.2010 04:35:39.296 [718] Using AVG Kernel: 8.5.441 [271.1.1/3080]

19.8.2010 04:35:40 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

19.8.2010 04:35:42 Using Cyrus SASL 2.1.13

19.8.2010 04:35:42 Starting the main loop

19.8.2010 04:35:42 Redirector version 80000

19.8.2010 04:35:42 EMC changed state :@EMC_Init_Short

19.8.2010 04:35:42 EMC changed state :@EMC_Not_Fully_Functional_Short

19.8.2010 04:35:42 Queue processing started

19.8.2010 04:35:42 AutoPOP3(10110): Starting server

19.8.2010 04:35:42 EMC changed state :@EMC_Running_Short

19.8.2010 04:49:30 EMC changed state :@EMC_Stopping_Short

19.8.2010 04:49:32 End of program

19.8.2010 04:49:32 AVG for E-mail ended

19.8.2010 19:44:58.062 [434] AVG for E-mail [8.5.401] started

19.8.2010 19:44:58.125 [434] Registered in WatchDog

19.8.2010 19:44:58.125 [434] EMC changed state :@EMC_Init_Short

19.8.2010 19:45:14.781 [434] Using AVG Kernel: 8.5.441 [271.1.1/3080]

19.8.2010 19:45:15 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

19.8.2010 19:45:17 Using Cyrus SASL 2.1.13

19.8.2010 19:45:17 Starting the main loop

19.8.2010 19:45:17 Redirector version 80000

19.8.2010 19:45:17 EMC changed state :@EMC_Init_Short

19.8.2010 19:45:17 EMC changed state :@EMC_Not_Fully_Functional_Short

19.8.2010 19:45:17 AutoPOP3(10110): Starting server

19.8.2010 19:45:17 Queue processing started

19.8.2010 19:45:17 EMC changed state :@EMC_Running_Short

27.8.2010 03:09:03.703 [564] AVG for E-mail [8.5.401] started

27.8.2010 03:09:03.812 [564] Registered in WatchDog

27.8.2010 03:09:03.812 [564] EMC changed state :@EMC_Init_Short

27.8.2010 03:09:15.781 [564] Using AVG Kernel: 8.5.441 [271.1.1/3093]

27.8.2010 03:09:16 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

27.8.2010 03:09:17 Using Cyrus SASL 2.1.13

27.8.2010 03:09:19 Starting the main loop

27.8.2010 03:09:19 Redirector version 80000

27.8.2010 03:09:19 EMC changed state :@EMC_Init_Short

27.8.2010 03:09:19 EMC changed state :@EMC_Not_Fully_Functional_Short

27.8.2010 03:09:19 AutoPOP3(10110): Starting server

27.8.2010 03:09:19 Queue processing started

27.8.2010 03:09:19 EMC changed state :@EMC_Running_Short

27.8.2010 23:16:21.484 [450] AVG for E-mail [8.5.401] started

27.8.2010 23:16:21.843 [450] Registered in WatchDog

27.8.2010 23:16:21.843 [450] EMC changed state :@EMC_Init_Short

27.8.2010 23:16:35.703 [450] Using AVG Kernel: 8.5.441 [271.1.1/3096]

27.8.2010 23:16:36 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

27.8.2010 23:16:37 Using Cyrus SASL 2.1.13

27.8.2010 23:16:40 Starting the main loop

27.8.2010 23:16:40 Redirector version 80000

27.8.2010 23:16:40 EMC changed state :@EMC_Init_Short

27.8.2010 23:16:40 EMC changed state :@EMC_Not_Fully_Functional_Short

27.8.2010 23:16:40 AutoPOP3(10110): Starting server

27.8.2010 23:16:40 Queue processing started

27.8.2010 23:16:40 EMC changed state :@EMC_Running_Short

28.8.2010 15:41:17 EMC changed state :@EMC_Stopping_Short

28.8.2010 15:41:22 End of program

28.8.2010 15:41:22 AVG for E-mail ended

28.8.2010 15:42:45.000 [528] AVG for E-mail [8.5.401] started

28.8.2010 15:42:45.156 [528] Registered in WatchDog

28.8.2010 15:42:45.171 [528] EMC changed state :@EMC_Init_Short

28.8.2010 15:42:59.171 [528] Using AVG Kernel: 8.5.441 [271.1.1/3099]

28.8.2010 15:42:59 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

28.8.2010 15:43:01 Using Cyrus SASL 2.1.13

28.8.2010 15:43:01 Starting the main loop

28.8.2010 15:43:01 Redirector version 80000

28.8.2010 15:43:01 EMC changed state :@EMC_Init_Short

28.8.2010 15:43:01 EMC changed state :@EMC_Not_Fully_Functional_Short

28.8.2010 15:43:01 AutoPOP3(10110): Starting server

28.8.2010 15:43:01 Queue processing started

28.8.2010 15:43:01 EMC changed state :@EMC_Running_Short

28.8.2010 15:59:49 EMC changed state :@EMC_Stopping_Short

28.8.2010 15:59:53 End of program

28.8.2010 15:59:53 AVG for E-mail ended

28.8.2010 16:01:13.078 [464] AVG for E-mail [8.5.401] started

28.8.2010 16:01:13.968 [464] Registered in WatchDog

28.8.2010 16:01:13.984 [464] EMC changed state :@EMC_Init_Short

28.8.2010 16:01:28.968 [464] Using AVG Kernel: 8.5.441 [271.1.1/3099]

28.8.2010 16:01:29 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

28.8.2010 16:01:30 Using Cyrus SASL 2.1.13

28.8.2010 16:01:31 Starting the main loop

28.8.2010 16:01:31 Redirector version 80000

28.8.2010 16:01:31 EMC changed state :@EMC_Init_Short

28.8.2010 16:01:31 EMC changed state :@EMC_Not_Fully_Functional_Short

28.8.2010 16:01:31 AutoPOP3(10110): Starting server

28.8.2010 16:01:31 Queue processing started

28.8.2010 16:01:31 EMC changed state :@EMC_Running_Short

28.8.2010 23:27:09 EMC changed state :@EMC_Stopping_Short

28.8.2010 23:27:14 End of program

28.8.2010 23:27:14 AVG for E-mail ended

28.8.2010 23:28:34.109 [24c] AVG for E-mail [8.5.401] started

28.8.2010 23:28:34.250 [24c] Registered in WatchDog

28.8.2010 23:28:34.250 [24c] EMC changed state :@EMC_Init_Short

28.8.2010 23:28:44.187 [24c] Using AVG Kernel: 8.5.441 [271.1.1/3099]

28.8.2010 23:28:44 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

28.8.2010 23:28:45 Using Cyrus SASL 2.1.13

28.8.2010 23:28:45 Starting the main loop

28.8.2010 23:28:45 Redirector version 80000

28.8.2010 23:28:45 EMC changed state :@EMC_Init_Short

28.8.2010 23:28:45 EMC changed state :@EMC_Not_Fully_Functional_Short

28.8.2010 23:28:45 AutoPOP3(10110): Starting server

28.8.2010 23:28:45 Queue processing started

28.8.2010 23:28:45 EMC changed state :@EMC_Running_Short

29.8.2010 01:09:35 EMC changed state :@EMC_Stopping_Short

29.8.2010 01:09:39 End of program

29.8.2010 01:09:39 AVG for E-mail ended

29.8.2010 01:11:01.671 [728] AVG for E-mail [8.5.401] started

29.8.2010 01:11:01.703 [728] Registered in WatchDog

29.8.2010 01:11:01.703 [728] EMC changed state :@EMC_Init_Short

29.8.2010 01:11:12.906 [728] Using AVG Kernel: 8.5.441 [271.1.1/3099]

29.8.2010 01:11:13 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

29.8.2010 01:11:14 Using Cyrus SASL 2.1.13

29.8.2010 01:11:14 Starting the main loop

29.8.2010 01:11:14 Redirector version 80000

29.8.2010 01:11:14 EMC changed state :@EMC_Init_Short

29.8.2010 01:11:14 EMC changed state :@EMC_Not_Fully_Functional_Short

29.8.2010 01:11:14 AutoPOP3(10110): Starting server

29.8.2010 01:11:14 Queue processing started

29.8.2010 01:11:14 EMC changed state :@EMC_Running_Short

29.8.2010 03:24:02 EMC changed state :@EMC_Stopping_Short

29.8.2010 03:24:06 End of program

29.8.2010 03:24:06 AVG for E-mail ended

29.8.2010 03:25:30.343 [1f0] AVG for E-mail [8.5.401] started

29.8.2010 03:25:31.750 [1f0] Registered in WatchDog

29.8.2010 03:25:31.828 [1f0] EMC changed state :@EMC_Init_Short

29.8.2010 03:25:41.062 [1f0] Using AVG Kernel: 8.5.441 [271.1.1/3099]

29.8.2010 03:25:42 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

29.8.2010 03:25:57 Using Cyrus SASL 2.1.13

29.8.2010 03:25:58 Starting the main loop

29.8.2010 03:25:58 Redirector version 80000

29.8.2010 03:25:59 EMC changed state :@EMC_Init_Short

29.8.2010 03:25:59 EMC changed state :@EMC_Not_Fully_Functional_Short

29.8.2010 03:25:59 AutoPOP3(10110): Starting server

29.8.2010 03:25:59 Queue processing started

29.8.2010 03:26:01 EMC changed state :@EMC_Running_Short

29.8.2010 10:28:50 EMC changed state :@EMC_Stopping_Short

29.8.2010 10:28:53 End of program

29.8.2010 10:28:53 AVG for E-mail ended

29.8.2010 10:29:59.953 [49c] AVG for E-mail [8.5.401] started

29.8.2010 10:30:00.000 [49c] Registered in WatchDog

29.8.2010 10:30:00.000 [49c] EMC changed state :@EMC_Init_Short

29.8.2010 10:30:03.375 [49c] Using AVG Kernel: 8.5.441 [271.1.1/3099]

29.8.2010 10:30:03 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

29.8.2010 10:30:04 Using Cyrus SASL 2.1.13

29.8.2010 10:30:05 Starting the main loop

29.8.2010 10:30:05 Redirector version 80000

29.8.2010 10:30:05 EMC changed state :@EMC_Init_Short

29.8.2010 10:30:05 EMC changed state :@EMC_Not_Fully_Functional_Short

29.8.2010 10:30:05 AutoPOP3(10110): Starting server

29.8.2010 10:30:05 Queue processing started

29.8.2010 10:30:05 EMC changed state :@EMC_Running_Short

1.9.2010 17:26:44.531 [46c] AVG for E-mail [8.5.401] started

1.9.2010 17:26:44.828 [46c] Registered in WatchDog

1.9.2010 17:26:44.828 [46c] EMC changed state :@EMC_Init_Short

1.9.2010 17:26:53.828 [46c] Using AVG Kernel: 8.5.441 [271.1.1/3102]

1.9.2010 17:26:54 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

1.9.2010 17:26:55 Using Cyrus SASL 2.1.13

1.9.2010 17:26:56 Starting the main loop

1.9.2010 17:26:56 Redirector version 80000

1.9.2010 17:26:56 EMC changed state :@EMC_Init_Short

1.9.2010 17:26:56 EMC changed state :@EMC_Not_Fully_Functional_Short

1.9.2010 17:26:56 AutoPOP3(10110): Starting server

1.9.2010 17:26:56 EMC changed state :@EMC_Running_Short

1.9.2010 17:26:56 Queue processing started

2.9.2010 09:07:43 EMC changed state :@EMC_Stopping_Short

2.9.2010 09:07:46 End of program

2.9.2010 09:07:46 AVG for E-mail ended

2.9.2010 09:09:10.218 [544] AVG for E-mail [8.5.401] started

2.9.2010 09:09:10.390 [544] Registered in WatchDog

2.9.2010 09:09:10.390 [544] EMC changed state :@EMC_Init_Short

2.9.2010 09:09:18.015 [544] Using AVG Kernel: 8.5.441 [271.1.1/3102]

2.9.2010 09:09:18 Log reopened New log file is 'C:\Documents and Settings\All Users\Application Data\avg8\Emc\Log\emc.log'

2.9.2010 09:09:19 Using Cyrus SASL 2.1.13

2.9.2010 09:09:19 Starting the main loop

2.9.2010 09:09:19 Redirector version 80000

2.9.2010 09:09:19 EMC changed state :@EMC_Init_Short

2.9.2010 09:09:19 EMC changed state :@EMC_Not_Fully_Functional_Short

2.9.2010 09:09:19 AutoPOP3(10110): Starting server

2.9.2010 09:09:19 Queue processing started

2.9.2010 09:09:19 EMC changed state :@EMC_Running_Short

Link to post
Share on other sites

Sorry I asked you if it was safe to plug in my usb drives and scan them which I did...

I didn't know the drives were infected.

Sorry

the new MBAM Log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4514

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

02/09/2010 10:46:34 AM

mbam-log-2010-09-02 (10-46-34).txt

Scan type: Quick scan

Objects scanned: 129977

Time elapsed: 10 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\Documents and Settings\Admin\Local Settings\temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Admin\Local Settings\temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Documents and Settings\Admin\Local Settings\temp\E_N4 (Worm.Autorun) -> Delete on reboot.

Files Infected:

C:\Documents and Settings\Admin\Local Settings\temp\E_N4\krnln.fnr (Trojan.Agent) -> Delete on reboot.

C:\Documents and Settings\Admin\Local Settings\temp\E_N4\HtmlView.fne (HackTool.Patcher) -> Delete on reboot.

C:\Documents and Settings\Admin\Local Settings\temp\E_N4\internet.fne (HackTool.Patcher) -> Quarantined and deleted successfully.

C:\Documents and Settings\Admin\Local Settings\temp\E_N4\dp1.fne (Worm.Autorun) -> Delete on reboot.

C:\Documents and Settings\Admin\Local Settings\temp\E_N4\eAPI.fne (Worm.Autorun) -> Delete on reboot.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.